Security Ontology for Adaptive Mapping of Security Standards

Adoption of security standards has the capability of improving the security level in an organization as well as to provide additional benefits and possibilities to the organization. However mapping of used standards has to be done when more than one security standard is employed in order to prevent redundant activities, not optimal resource management and unnecessary outlays. Employment of security ontology to map different standards can reduce the mapping complexity however the choice of security ontology is of high importance and there are no analyses on security ontology suitability for adaptive standards mapping. In this paper we analyze existing security ontologies by comparing their general properties, OntoMetric factors and ability to cover different security standards. As none of the analysed security ontologies were able to cover more than 1/3 of security standards, we proposed a new security ontology, which increased coverage of security standards compared to the existing ontologies and has a better branching and depth properties for ontology visualization purposes. During this research we mapped 4 security standards (ISO 27001, PCI DSS, ISSA 5173 and NISTIR 7621) to the new security ontology, therefore this ontology and mapping data can be used for adaptive mapping of any set of these security standards to optimize usage of multiple securitystandards in an organization

Designing privacy for scalable electronic healthcare linkage

A unified electronic health record (EHR) has potentially immeasurable benefits to society, and the current healthcare industry drive to create a single EHR reflects this. However, adoption is slow due to two major factors: the disparate nature of data and storage facilities of current healthcare systems and the security ramifications of accessing and using that data and concerns about potential misuse of that data. To attempt to address these issues this paper presents the VANGUARD (Virtual ANonymisation Grid for Unified Access of Remote Data) system which supports adaptive security-oriented linkage of disparate clinical data-sets to support a variety of virtual EHRs avoiding the need for a single schematic standard and natural concerns of data owners and other stakeholders on data access and usage. VANGUARD has been designed explicit with security in mind and supports clear delineation of roles for data linkage and usage

Improving sustainability through intelligent cargo and adaptive decision making

In the current society, logistics is faced with the challenge to meet more stringent sustainability goals. Shippers and transport service providers both aim to reduce the carbon footprint of their logistic operations. To do so, optimal use of logistics resources and physical infrastructure should be aimed for. An adaptive decision making process for the selection of a specific transport modality, transport provider and timeslot (aimed at minimisation of the carbon footprint) enables shippers to achieve this. This requires shippers to have access to up-to-date capacity information from transport providers (e.g. current and scheduled loading status of the various transport means and information on carbon footprint) and traffic information (e.g. city logistics and current traffic information). A prerequisite is an adequate infrastructure for collaboration and open exchange of information between the various stakeholders in the logistics value chain to obtain the up-to-date information. This paper gives a view on how such an advanced information infrastructure can be realised, currently being developed within the EU iCargo project. The paper describes a reference logistics value chain, including business benefits for each of the roles in the logistics value chain of aiming for sustainability. A case analysis is presented that reflects a practical situation in which the various roles collaborate and exchange information for realizing sustainability goals, using adaptive decision making for selecting a transport modality, transport provider, and timeslot. A high-level overview is provided of the requirements on and technical implementation of the supporting advanced infrastructure for collaboration and open information exchange.In the current society, logistics is faced with the challenge to meet more stringent sustainability goals. Shippers and transport service providers both aim to reduce the carbon footprint of their logistic operations. To do so, optimal use of logistics resources and physical infrastructure should be aimed for. An adaptive decision making process for the selection of a specific transport modality, transport provider and timeslot (aimed at minimisation of the carbon footprint) enables shippers to achieve this. This requires shippers to have access to up-to-date capacity information from transport providers (e.g. current and scheduled loading status of the various transport means and information on carbon footprint) and traffic information (e.g. city logistics and current traffic information). A prerequisite is an adequate infrastructure for collaboration and open exchange of information between the various stakeholders in the logistics value chain to obtain the up-to-date information. This paper gives a view on how such an advanced information infrastructure can be realised, currently being developed within the EU iCargo project. The paper describes a reference logistics value chain, including business benefits for each of the roles in the logistics value chain of aiming for sustainability. A case analysis is presented that reflects a practical situation in which the various roles collaborate and exchange information for realizing sustainability goals, using adaptive decision making for selecting a transport modality, transport provider, and timeslot. A high-level overview is provided of the requirements on and technical implementation of the supporting advanced infrastructure for collaboration and open information exchange.In the current society, logistics is faced with the challenge to meet more stringent sustainability goals. Shippers and transport service providers both aim to reduce the carbon footprint of their logistic operations. To do so, optimal use of logistics resources and physical infrastructure should be aimed for. An adaptive decision making process for the selection of a specific transport modality, transport provider and timeslot (aimed at minimisation of the carbon footprint) enables shippers to achieve this. This requires shippers to have access to up-to-date capacity information from transport providers (e.g. current and scheduled loading status of the various transport means and information on carbon footprint) and traffic information (e.g. city logistics and current traffic information). A prerequisite is an adequate infrastructure for collaboration and open exchange of information between the various stakeholders in the logistics value chain to obtain the up-to-date information. This paper gives a view on how such an advanced information infrastructure can be realised, currently being developed within the EU iCargo project. The paper describes a reference logistics value chain, including business benefits for each of the roles in the logistics value chain of aiming for sustainability. A case analysis is presented that reflects a practical situation in which the various roles collaborate and exchange information for realizing sustainability goals, using adaptive decision making for selecting a transport modality, transport provider, and timeslot. A high-level overview is provided of the requirements on and technical implementation of the supporting advanced infrastructure for collaboration and open information exchange

Context-Aware Information Retrieval for Enhanced Situation Awareness

In the coalition forces, users are increasingly challenged with the issues of information overload and correlation of information from heterogeneous sources. Users might need different pieces of information, ranging from information about a single building, to the resolution strategy of a global conflict. Sometimes, the time, location and past history of information access can also shape the information needs of users. Information systems need to help users pull together data from disparate sources according to their expressed needs (as represented by system queries), as well as less specific criteria. Information consumers have varying roles, tasks/missions, goals and agendas, knowledge and background, and personal preferences. These factors can be used to shape both the execution of user queries and the form in which retrieved information is packaged. However, full automation of this daunting information aggregation and customization task is not possible with existing approaches. In this paper we present an infrastructure for context-aware information retrieval to enhance situation awareness. The infrastructure provides each user with a customized, mission-oriented system that gives access to the right information from heterogeneous sources in the context of a particular task, plan and/or mission. The approach lays on five intertwined fundamental concepts, namely Workflow, Context, Ontology, Profile and Information Aggregation. The exploitation of this knowledge, using appropriate domain ontologies, will make it feasible to provide contextual assistance in various ways to the work performed according to a user’s taskrelevant information requirements. This paper formalizes these concepts and their interrelationships

Informacijos saugos reikalavimų harmonizavimo, analizės ir įvertinimo automatizavimas

The growing use of Information Technology (IT) in daily operations of enterprises requires an ever-increasing level of protection over organization’s assets and information from unauthorised access, data leakage or any other type of information security breach. Because of that, it becomes vital to ensure the necessary level of protection. One of the best ways to achieve this goal is to implement controls defined in Information security documents. The problems faced by different organizations are related to the fact that often, organizations are required to be aligned with multiple Information security documents and their requirements. Currently, the organization’s assets and information protection are based on Information security specialist’s knowledge, skills and experience. Lack of automated tools for multiple Information security documents and their requirements harmonization, analysis and visualization lead to the situation when Information security is implemented by organizations in ineffective ways, causing controls duplication or increased cost of security implementation. An automated approach for Information security documents analysis, mapping and visualization would contribute to solving this issue. The dissertation consists of an introduction, three main chapters and general conclusions. The first chapter introduces existing Information security regulatory documents, current harmonization techniques, information security implementation cost evaluation methods and ways to analyse Information security requirements by applying graph theory optimisation algorithms (Vertex cover and Graph isomorphism). The second chapter proposes ways to evaluate information security implementation and costs through a controls-based approach. The effectiveness of this method could be improved by implementing automated initial data gathering from Business processes diagrams. In the third chapter, adaptive mapping on the basis of Security ontology is introduced for harmonization of different security documents; such an approach also allows to apply visualization techniques for harmonization results presentation. Graph optimization algorithms (vertex cover algorithm and graph isomorphism algorithm) for Minimum Security Baseline identification and verification of achieved results against controls implemented in small and medium-sized enterprises were proposed. It was concluded that the proposed methods provide sufficient data for adjustment and verification of security controls applicable by multiple Information security documents.Dissertatio

Internet of robotic things : converging sensing/actuating, hypoconnectivity, artificial intelligence and IoT Platforms

The Internet of Things (IoT) concept is evolving rapidly and influencing newdevelopments in various application domains, such as the Internet of MobileThings (IoMT), Autonomous Internet of Things (A-IoT), Autonomous Systemof Things (ASoT), Internet of Autonomous Things (IoAT), Internetof Things Clouds (IoT-C) and the Internet of Robotic Things (IoRT) etc.that are progressing/advancing by using IoT technology. The IoT influencerepresents new development and deployment challenges in different areassuch as seamless platform integration, context based cognitive network integration,new mobile sensor/actuator network paradigms, things identification(addressing, naming in IoT) and dynamic things discoverability and manyothers. The IoRT represents new convergence challenges and their need to be addressed, in one side the programmability and the communication ofmultiple heterogeneous mobile/autonomous/robotic things for cooperating,their coordination, configuration, exchange of information, security, safetyand protection. Developments in IoT heterogeneous parallel processing/communication and dynamic systems based on parallelism and concurrencyrequire new ideas for integrating the intelligent “devices”, collaborativerobots (COBOTS), into IoT applications. Dynamic maintainability, selfhealing,self-repair of resources, changing resource state, (re-) configurationand context based IoT systems for service implementation and integrationwith IoT network service composition are of paramount importance whennew “cognitive devices” are becoming active participants in IoT applications.This chapter aims to be an overview of the IoRT concept, technologies,architectures and applications and to provide a comprehensive coverage offuture challenges, developments and applications

Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Towards a semantic modeling of learners for social networks

The Friend of a Friend (FOAF) ontology is a vocabulary for mapping social networks. In this paper we propose an extension to FOAF in order to allow it to model learners and their social networks. We analyse FOAF alongside different learner modeling standards and specifications, and based on this analysis we introduce a taxonomy of the different features found in those models. We then compare the learner models and FOAF against the taxonomy to see how their characteristics have been shaped by their purpose. Based on this we propose extensions to FOAF in order to produce a learner model that is capable of forming the basis of a semantic social network.<br/