Closing the loop of SIEM analysis to Secure Critical Infrastructures

Critical Infrastructure Protection is one of the main challenges of last years. Security Information and Event Management (SIEM) systems are widely used for coping with this challenge. However, they currently present several limitations that have to be overcome. In this paper we propose an enhanced SIEM system in which we have introduced novel components to i) enable multiple layer data analysis; ii) resolve conflicts among security policies, and discover unauthorized data paths in such a way to be able to reconfigure network devices. Furthermore, the system is enriched by a Resilient Event Storage that ensures integrity and unforgeability of events stored.Comment: EDCC-2014, BIG4CIP-2014, Security Information and Event Management, Decision Support System, Hydroelectric Da

Overview: The Role of Information Policy in Resolving Global Challenges

Governments in many countries recognize the importance of knowledge-based societies whose citizens are adaptable and have the means to engage in continuous learning. Information societies can address global challenges far more readily than those that do not adopt its characteristics of ICTs (information and communication technologies) and connectivity; usable content; infrastructure and deliverability; and human intellectual capability

Serious Notice: A Celebration, Discussion, and Recognition of Joel Reidenberg’s Work on Privacy Notices and Disclosures

This Essay pays tribute to Professor Joel Reidenberg’s rich academic career and, specifically, to his contributions to the study of privacy policies. In doing so, this Essay takes a close look at privacy policies and possible ways to effectively intermediate their content through various labeling schemes. While severely flawed, privacy policies are here to stay. Therefore, an in-depth analysis of ways to enhance their efficiency is merited. This Essay thus examines key strategies for privacy-related intermediation, obstacles, and problems arising in the process, as well as possible solutions. The analysis weaves together theoretical and empirical privacy law scholarship (much of it by Professor Reidenberg), “classic” work on the limits of disclosure policy, and general scholarship on certification. Part I of this Essay provides a brief introduction to privacy policies and the challenges of their intermediation. Part II examines the additional steps that must be taken to ensure that privacy intermediation is effective and efficient in terms of the system’s design, especially through setting disclosure objectives and priorities. It also addresses the use of personalized disclosure and its possible shortcomings. Part III assumes that privacy intermediation is successful and confronts the potential problems that may lead to the trivialization of labels and rankings over time. These dynamics result from a possible flood of appeals for reevaluation and ensuing grade inflation. This part also briefly explains how such concerns may be mitigated through proper design, tailored disclosures, and tinkering with the liability regime of intermediaries. This Essay concludes with some parting thoughts about Reidenberg’s substantial contribution to “law and technology” scholarship and the ways others may develop it in years to come

The ISO 26000 standard as a driver for systemic design for sustainability

Sustainable product development is considered a key factor for sustainable development. Products are placed in the interface between production and consumption, therefore the consideration of sustainability criteria early in their development phase, to improve them throughout the life cycle, opens up for innovations that contribute to tackle major sustainability problems in the context of a globalized economy. Design for sustainability (DfS) is distinguished from ecodesign in terms of sustainability topics covered (not only environmental and economic, but also social) and in terms on the focus on finding new ways to satisfy customers and client needs and make business sense while respecting the physical limits of the planet in providing resources and absorbing pollution

The process improvement dilemma in dynamic 3PL firms: A systems and agency lens

For the past several decades, firms have been shifting from contending as autonomous entities to working and competing as part of supply chains. In this context, warehousing, transportation, and distribution needs are being increasingly outsourced to third-party logistics (3PL) firms. 3PL providers operate in fast-moving, time-sensitive, and priority-changing supply chain environments, constantly demanding efficient, cost-effective, and routinized responses. To attain the ultimate end of maximizing efficiency, reducing costs, and improving customer satisfaction, scholars and supply chain industry opinion leaders alike talk about process improvement as part of a broader organizational learning strategy to be pursued in order to keep a competitive edge. This thesis explores the relationship between daily bottom-line pressures and prioritization and the design, implementation, and control of process improvement initiatives in complex and dynamic 3PL service providers. It uses a systems-agency lens to unveil intra- and inter-firm relations around process improvement activity and the links with organizational learning. The study utilized multi-case study-based qualitative-interpretive methods used in conjunction with system dynamics and agency tools. Data collection was carried out through in-depth interviews with 41 employees from two 3PL service providers and complemented by two collaborative enquiry exercises organized for each case study firm. Contrary to recommendations made by scholars and industry leaders, this thesis has found that day-to-day operational firefighting in 3PL scenarios revolving around managing multiple demands, conflicting priorities, and unexpected events often prevail over less tangible process improvement and broader organizational learning goals. This is aggravated by constant cost-reduction pressures centering on human resources headcount deemed critical for the development of learning and improvement practices. Consequently, there is little evidence that the case study firms demonstrate the necessary conditions for process improvement and organizational learning to actually take place. The study also revealed that when process improvement does happen, its focus mainly centers on customer satisfaction or cost-saving, rather than on the improvement of shop floor work routines aiming at operational effectiveness. It also shows process improvement to be more reactive and ad hoc as opposed to the continuous, widespread, and long-term-oriented practices associated with continuous improvement and organizational learning

Framework for Prioritization of Open Data Publication: An Application to Smart Cities

Public Sector Information is considered to play a fundamental role in the growth of the knowledge economy and improvements in society. Given the difficulty in publishing and maintaining all available data, due to budget constraints, institutions need to select which data to publish, giving priority to data most likely to generate social and economic impact. Priority of publication could become an even more significant problem in Smart Cities: as huge amounts of information are generated from different domains, the way data is prioritized and thus reused, could be a determining factor in promoting, among others, new and sustainable business opportunities for local entrepreneurs, and to improve citizen quality of life. However, people in charge of prioritizing which data to publish through open data portals (such as Chief Data Officers, or CDOs) do not have available any specific support in their decision-making process. In this work, a proposal of a framework for prioritization of open data publication as well as its application to Smart Cities is presented. This specific application of the framework relies on OSS (Open Source Software) indicators to help making decisions on the most relevant data to publish focused on developers and businesses operating within the Smart City context.This work was funded by (i) Ministerio de Economía e Innovación (Spain) TIN2015-69957-R (MINECO/ERDF, EU) project and TIN2016-78103-C2-2-R (MINECO/ERDF, EU) project, (ii) POCTEP 4IE project (0045-4IE-4-P), and (iii) Consejería de Economía e Infraestructuras/Junta de Extremadura (Spain) - European Regional Development Fund (ERDF)- GR18112 project and IB16055 project

The Ethical Balance Between Individual and Population Health Interests To Effectively Manage Pandemics and Epidemics

There is no overlapping criterion providing a basis for attaining balance between individual and population oriented ethical concerns generated in the pandemic and the epidemic interventions. The shortfall leads to competing individual and population interests that hamper the effective management of pandemics and epidemics. The libertarian model focuses on advancing individual rights. The epidemiological model focuses upon population health. The social justice model focuses on a broader perspective than individual rights and population health to include universal human rights. This dissertation suggests a Mixed Interests Ethics Model (MIEM) to ethically negotiate a balance between the individual and population interests in pandemics and epidemics. MIEM involves a combination of models (libertarian, epidemiological, and social justice) that shed light on substantive ethical principles of each model (e.g. autonomy, solidarity, and common good); which in turn require procedural standards (i.e. necessity, reasonableness, proportionality, and harm avoidance) to negotiate between the principles when they conflict. The UNESCO Universal Declaration on Bioethics and Human Rights provides a hermeneutical context for applying MIEM in so far as it places MIEM within the context of promoting rights (individual and human) by considering the general ethical tension between individual and universal rights as explained by the UNESCO Declaration

Requirements Engineering

Requirements Engineering (RE) aims to ensure that systems meet the needs of their stakeholders including users, sponsors, and customers. Often consid- ered as one of the earliest activities in software engineering, it has developed into a set of activities that touch almost every step of the software development process. In this chapter, we reflect on how the need for RE was first recognised and how its foundational concepts were developed. We present the seminal papers on four main activities of the RE process, namely (i) elicitation, (ii) modelling & analysis, (iii) as- surance, and (iv) management & evolution. We also discuss some current research challenges in the area, including security requirements engineering as well as RE for mobile and ubiquitous computing. Finally, we identify some open challenges and research gaps that require further exploration