93,178 research outputs found
CamFlow: Managed Data-sharing for Cloud Services
A model of cloud services is emerging whereby a few trusted providers manage
the underlying hardware and communications whereas many companies build on this
infrastructure to offer higher level, cloud-hosted PaaS services and/or SaaS
applications. From the start, strong isolation between cloud tenants was seen
to be of paramount importance, provided first by virtual machines (VM) and
later by containers, which share the operating system (OS) kernel. Increasingly
it is the case that applications also require facilities to effect isolation
and protection of data managed by those applications. They also require
flexible data sharing with other applications, often across the traditional
cloud-isolation boundaries; for example, when government provides many related
services for its citizens on a common platform. Similar considerations apply to
the end-users of applications. But in particular, the incorporation of cloud
services within `Internet of Things' architectures is driving the requirements
for both protection and cross-application data sharing.
These concerns relate to the management of data. Traditional access control
is application and principal/role specific, applied at policy enforcement
points, after which there is no subsequent control over where data flows; a
crucial issue once data has left its owner's control by cloud-hosted
applications and within cloud-services. Information Flow Control (IFC), in
addition, offers system-wide, end-to-end, flow control based on the properties
of the data. We discuss the potential of cloud-deployed IFC for enforcing
owners' dataflow policy with regard to protection and sharing, as well as
safeguarding against malicious or buggy software. In addition, the audit log
associated with IFC provides transparency, giving configurable system-wide
visibility over data flows. [...]Comment: 14 pages, 8 figure
Information Security Audit in e-business applications
Electronic business (e-business) are different than other business because it involves any commercial or business activity that takes place by means of electronic facilities (buy and selling online), including on the Internet, proprietary networks and home banking, instead of through direct physical exchange or contact. This system creates an environment that operates at a much greater speed than traditional methods and involves much less paper–based evidence of activities. These e-business related risks should not be considered in isolation but rather as part of the overall internal control framework of an entity. It is essential to identify and assess the risks associated with an e-business environment and management should develop an e-business strategy that identifies and addresses risks. The e-business Information Systems (IS) audit is a critical component of the e-business plan. This paper tries to present a risk analysis for e-business applications in order to establish the IS audit particularities in this field.e-business, risk analysis, IS audit, confidentiality, reliability, integrity, availability
Planning strategically, designing architecturally : a framework for digital library services
In an era of unprecedented technological innovation and evolving user expectations and information seeking behaviour, we are arguably now an online society, with digital services increasingly common and increasingly preferred. As a trusted information provider, libraries are in an advantageous position to respond, but this requires integrated strategic and enterprise architecture planning, for information technology (IT) has evolved from a support role to a strategic role, providing the core management systems, communication networks, and delivery channels of the modern library. Further, IT components do not function in isolation from one another, but are interdependent elements of distributed and multidimensional systems encompassing people, processes, and technologies, which must consider social, economic, legal, organisational, and ergonomic requirements and relationships, as well as being logically sound from a technical perspective. Strategic planning provides direction, while enterprise architecture strategically aligns and holistically integrates business and information system architectures. While challenging, such integrated planning should be regarded as an opportunity for the library to evolve as an enterprise in the digital age, or at minimum, to simply keep pace with societal change and alternative service providers. Without strategy, a library risks being directed by outside forces with independent motivations and inadequate understanding of its broader societal role. Without enterprise architecture, it risks technological disparity, redundancy, and obsolescence. Adopting an interdisciplinary approach, this conceptual paper provides an integrated framework for strategic and architectural planning of digital library services. The concept of the library as an enterprise is also introduced
The fusion of law and information technology
In information society, legal norm communications have been never established in certain fields for a long time. That is, a few legal norms have never obeyed in the fields. Above all, legal norms which relate to data protection, information contents and information security, would often infringed. Most violation would be conducted by using information technologies. Information technologies would often be used in these infringing incidents. It can be said that these infringing incidents would have never been conducted without information technology. These infringing incidents include hacking actions, personal data abuse, personal information disclosure, unauthorized access, infringing copyrights, infringing privacy rights, and so on. A way of preventing those infringements is to raise the level of punishment against the violators. But, it will prove to be disappointing. Furthermore, it would be an ex post facto measure to the last. It would be needed to invent an ex ante measure, if it is possible. As the ex ante measure, the author proposes a fusion of law and information technology. An information technology will lead people to a lawful deed when they conduct actions in using computers and networks. They say that information technology cures information technology. After all, the fusion will aim at realizing laws, and it will contribute to recover a social justice
The Role of Evidence in Establishing Trust in Repositories
This article arises from work by the Digital Curation Centre (DCC) Working Group examining mechanisms to roll out audit and certification services for digital repositories in the United Kingdom. Our attempt to develop a program for applying audit and certification processes and tools took as its starting point the RLG-NARA Audit Checklist for Certifying Digital Repositories. Our intention was to appraise critically the checklist and conceive a means of applying its mechanics within a diverse range of repository environments. We were struck by the realization that while a great deal of effort has been invested in determining the characteristics of a 'trusted digital repository', far less effort has concentrated on the ways in which the presence of the attributes can be demonstrated and their qualities measured. With this in mind we sought to explore the role of evidence within the certification process, and to identify examples of the types of evidence (e.g., documentary, observational, and testimonial) that might be desirable during the course of a repository audit.
- …