Trusted operational scenarios - Trust building mechanisms and strategies for electronic marketplaces.

This document presents and describes the trusted operational scenarios, resulting from the research and work carried out in Seamless project. The report presents identified collaboration habits of small and medium enterprises with low e-skills, trust building mechanisms and issues as main enablers of online business relationships on the electronic marketplace, a questionnaire analysis of the level of trust acceptance and necessity of trust building mechanisms, a proposal for the development of different strategies for the different types of trust mechanisms and recommended actions for the SEAMLESS project or other B2B marketplaces.trust building mechanisms, trust, B2B networks, e-marketplaces

The Potential of Critical E-Applications for Engaging SMEs in E Business: A Provider Perspective

YesAgainst a background of the low engagement of SMEs in e-business this paper investigates the emergence of, and potential for, critical e-applications defined as `an e-business application, promoted by a trusted third party, which engages a significant number of SMEs by addressing an important shared business concern within an aggregation.¿ By a review of secondary data and empirical investigation with service providers and other intermediaries the research shows that such applications can facilitate the e-business engagement of SMEs. There are three key findings, namely: the emergence of aggregation specific e-business applications; the emergence of collaboratively based `one to many¿ business models; and the importance of trusted third parties in the adoption of higher complexity e-business applications by SMEs. Significantly this work takes a deliberately provider perspective and complements the already considerable literature on SME IT adoption from a user and network perspective. In terms of future research the importance of a better conceptual understanding of the impact of complexity on the adoption of IT by SMEs is highlighted

Customer-engineer relationship management for converged ICT service companies

Thanks to the advent of converged communications services (often referred to as ‘triple play’), the next generation Service Engineer will need radically different skills, processes and tools from today’s counterpart. Why? in order to meet the challenges of installing and maintaining services based on multi-vendor software and hardware components in an IP-based network environment. The converged services environment is likely to be ‘smart’ and support flexible and dynamic interoperability between appliances and computing devices. These radical changes in the working environment will inevitably force managers to rethink the role of Service Engineers in relation to customer relationship management. This paper aims to identify requirements for an information system to support converged communications service engineers with regard to customer-engineer relationship management. Furthermore, an architecture for such a system is proposed and how it meets these requirements is discussed

Digital Supply Chain Transformation toward Blockchain Integration

Digital supply chain integration is becoming \ increasingly dynamic. Access to customer demand \ needs to be shared effectively, and product and service \ deliveries must be tracked to provide visibility in the \ supply chain. Business process integration is based on \ standards and reference architectures, which should \ offer end-to-end integration of product data. \ Companies operating in supply chains establish \ process and data integration through the specialized \ intermediate companies, whose role is to establish \ interoperability by mapping and integrating companyspecific \ data for various organizations and systems. \ This has typically caused high integration costs, and \ diffusion is slow. This paper investigates the \ requirements and functionalities of supply chain \ integration. Cloud integration can be expected to offer \ a cost-effective business model for interoperable \ digital supply chains. We explain how supply chain \ integration through the blockchain technology can \ achieve disruptive transformation in digital supply \ chains and networks

Building a truster environment for e-business : a Malaysian perspective

Internet identify ‘security’ as a major concern for businesses. In general, the level of security in any network environment is closely linked to the level of trust assigned to a particular individual or organization within that environment. It is the trust element that is crucial in ensuring a secure environment. Besides physical security, security technology needs to be utilised to provide a trusted environment for e-business. Network security components for perimeter defense, i.e., Virtual Private Networks, firewalls and Intrusion Detection Systems, need to be complemented by security components at the applications and user level, e.g., authentication of user. ID or password security solution may be an option but now with the availability of legally binding digital certificates, security in e-business transactions can be further improved. Time and date stamping of e-business transactions are also of concern to prove at a later date that the transactions took place at the stipulated date and time. Digital certificates are part of a Public Key Infrastructure (PKI) scheme, which is an enabling technology for building a trusted epvironment. PIU comprise policies and procedures for establishing a secure method for exchanging information over a network environment. The Digital Signature Act 1997 (DSA 1997) facilitates the PKI implementation in Malaysia. Following the DSA 1997, Certification Authorities (CAs) were set up in Malaysia. This paper describes a trusted platform for spurring ebusiness and provides a Malaysian perspective of it

Link Before You Share: Managing Privacy Policies through Blockchain

With the advent of numerous online content providers, utilities and applications, each with their own specific version of privacy policies and its associated overhead, it is becoming increasingly difficult for concerned users to manage and track the confidential information that they share with the providers. Users consent to providers to gather and share their Personally Identifiable Information (PII). We have developed a novel framework to automatically track details about how a users' PII data is stored, used and shared by the provider. We have integrated our Data Privacy ontology with the properties of blockchain, to develop an automated access control and audit mechanism that enforces users' data privacy policies when sharing their data across third parties. We have also validated this framework by implementing a working system LinkShare. In this paper, we describe our framework on detail along with the LinkShare system. Our approach can be adopted by Big Data users to automatically apply their privacy policy on data operations and track the flow of that data across various stakeholders.Comment: 10 pages, 6 figures, Published in: 4th International Workshop on Privacy and Security of Big Data (PSBD 2017) in conjunction with 2017 IEEE International Conference on Big Data (IEEE BigData 2017) December 14, 2017, Boston, MA, US

De-perimeterisation as a cycle: tearing down and rebuilding security perimeters

If an organisation wants to secure its IT assets, where should the security mechanisms be placed? The traditional view is the hard-shell model, where an organisation secures all its assets using a fixed security border: What is inside the security perimeter is more or less trusted, what is outside is not. Due to changes in technologies, business processes and their legal environments this approach is not adequate anymore.\ud This paper examines this process, which was coined de-perimeterisation by the Jericho Forum.\ud In this paper we analyse and define the concepts of perimeter and de-perimeterisation, and show that there is a long term trend in which de-perimeterisation is iteratively accelerated and decelerated. In times of accelerated de-perimeterisation, technical and organisational changes take place by which connectivity between organisations and their environment scales up significantly. In times of deceleration, technical and organisational security measures are taken to decrease the security risks that come with de-perimeterisation, a movement that we call re-perimeterisation. We identify the technical and organisational mechanisms that facilitate de-perimeterisation and re-perimeterisation, and discuss the forces that cause organisations to alternate between these two movements

Value-driven Security Agreements in Extended Enterprises

Today organizations are highly interconnected in business networks called extended enterprises. This is mostly facilitated by outsourcing and by new economic models based on pay-as-you-go billing; all supported by IT-as-a-service. Although outsourcing has been around for some time, what is now new is the fact that organizations are increasingly outsourcing critical business processes, engaging on complex service bundles, and moving infrastructure and their management to the custody of third parties. Although this gives competitive advantage by reducing cost and increasing flexibility, it increases security risks by eroding security perimeters that used to separate insiders with security privileges from outsiders without security privileges. The classical security distinction between insiders and outsiders is supplemented with a third category of threat agents, namely external insiders, who are not subject to the internal control of an organization but yet have some access privileges to its resources that normal outsiders do not have. Protection against external insiders requires security agreements between organizations in an extended enterprise. Currently, there is no practical method that allows security officers to specify such requirements. In this paper we provide a method for modeling an extended enterprise architecture, identifying external insider roles, and for specifying security requirements that mitigate security threats posed by these roles. We illustrate our method with a realistic example