An Experience Report of Eliciting Security Requirements from Business Processes

Väikesed ja keskmise suurusega ettevõtted näevad vaeva, et leida strateegiaid saavutamaks kõrgetasemelist infoturvet. Tihti ei ole need ettevõtted teadlikud infotehnoloogiaga seonduvatest riskidest. Lisaks suurendab haavatavuse riski finants- ja IT osakondade vähesus, kellel ei ole oma teabeturbe ametnikku. Äriprotsesside juhtimise ning joondamine, mis omakorda avaldub turvalisuse vajaduste esiletoomises kasutades äriprotsessidepõhist lähenemist, pakub sellele sektoripõhisele teemale oma lahenduse, võimaldades juurutada turvalisuse riskidele orienteeritud mudeleid ka ärianalüütikute jaoks. Kontekstuaalsetel valdkondadel põhinevad mustrid illustreerivad ettevõttevarasid, haavatavust ja riskikohtlemist turvanõuete kujul. See saavutatakse kasutades äriprotsesside mudelit, Notation 2.0 modelleerimiskeelt ning spetsiaalselt projekteeritud lahendusi, mis lisanduvad IT turvalisuse valdkondkonnale. Selle tulemuseks on kohaldatav lahendus, mis kutsub esile turvanõuded. Selle uurimuse keskmes on mustrite rakendumine, mõõtmaks nende sooritust saksa SME-s. Ärivahendite ja ohutusalaste eesmärkide määramise järel identifitseeriti mitmed mustri esinemised, mis kulmineerusid mitmete ohutusnõuete määramisega. Rakendamise oskuste ja kasutatavusega seoses ettevõttega, tõi esile väga selge mustrite esinemise. Lisaks arendati eelnevaga seoses uus muster kasutades informatsioonisüsteemi turvariski juhtimise domeeni (Information System Security Risk Management Domain) mudelit. Lõpetuseks soovitab autor käesolevas uurimuses prioritiseerimise ja inspektsiooni meetodite kaasamist ohutuskvaliteedi nõuete tehnika metoodikast ning organisatsioonilise koosseisu teoreemi laiendust, mis omakorda võimaldab SREBP-i täiendavat automatiseerimist. Need muudatused toovad kaasa käsitluse, mille alusel suureneb väikese ja keskmise suurusega ettevõtete turvalisus. Märksõnad: väiksed ja keskmise suurusega ettevõtted, äriprotsesside juhtimine, ohutusnõuete esilekutsumine äriprotsesside baasil, ohutusriskialased mustrid, ohutusnõuded, mustri esinemised, informatsioonisüsteemi turvariski juhtimise domeeni mudel.Small and Medium Sized Enterprises struggle to find strategies to achieve a high level of information security or are unaware of the risks posed by information technology. A lack of finance and IT departments that miss an information security officer increase the risk of exploited vulnerabilities. The alignment of Business Process Management and Security engineering manifested in the Security Requirements Elicitation using Business Processes approach provides a solution of this sector wide issue by introducing Security Risk-oriented Patterns applicable also for Business analysts. Patterns that are based on contextual areas illustrate business assets, vulnerabilities and risk treatment in form of security requirements. This is achieved by using the Business Process Model and Notation 2.0 modeling language and specifically engineered extensions which add the IT security domain. Outcome of this bridging is an applicable solution to elicit security requirements. Core of this thesis is the pattern application to measure their performance in a German SME. After business assets and security objectives were set, several pattern occurrences have been identified that resulted in a number of security requirements. Implementation abilities and usefulness with regards to the company underlined strong pattern performance. Moreover, a new pattern has been developed by using the Information System Security Risk Management Domain Model. Finally, the inclusion of prioritization and inspection techniques from the Security Quality Requirements Engineering methodology is suggested and extensions from the theorem of organizational configurations that enable further automation of SREBP. These modifications result in an approach that increases the security of Small and Medium Sized Enterprises. Keywords: Small and Medium Sized Enterprises; Business Process Management; Security Requirements Elicitation using Business Processes; Security Risk-oriented Patterns; security requirements; pattern occurrences; Information System Security Risk Management Domain Mode

Redshifts of the Gravitational Lenses MG0414+0534 and MG0751+2716

We report redshifts in two gravitational lens systems, MG0414+0534 and MG0751+2716. The lens galaxy in MG0414+0534 lies at z_l=0.9584+/-0.0002. The luminosity and extreme red color of the lens are then typical of a passively evolving, early-type, ~2L* galaxy. The galaxy cannot have a significant global mean extinction without being anomalously luminous. The lens galaxy in MG0751+2716 has a redshift of z_l=0.3502+/-0.0003 and it is a member of a small group. The group includes the nearby, bright companion galaxy whose redshift we confirmed to be z=0.3501+/-0.0001 and a nearby emission line galaxy with z=0.3505+/-0.0003. A second emission line galaxy with z=0.5216+/-0.0001 was found nearly superposed on the first emission line galaxy. The source in MG0751+2716 is a z_s=3.200+/-0.001 radio quasar. For flat universes with Omega_0=1.0 (0.3), 96% (87%) of lenses like MG0414+0534 and 7% (3%) of lenses like MG0751+2716 are expected to have lower lens redshifts than observed.Comment: 9 pages, AASTeX Latex, including 5 Postscript figures, submitted to Astronomical Journa

SPECT myocardial perfusion imaging as an adjunct to coronary calcium score for the detection of hemodynamically significant coronary artery stenosis

Background: Coronary artery calcifications (CAC) are markers of coronary atherosclerosis, but do not correlate well with stenosis severity. This study intended to evaluate clinical situations where a combined approach of coronary calcium scoring (CS) and nuclear stress test (SPECT-MPI) is useful for the detection of relevant CAD. Methods: Patients with clinical indication for invasive coronary angiography (ICA) were included into our study during 08/2005- 09/2008. At first all patients underwent CS procedure as part of the study protocol performed by either using a multidetector computed tomography (CT) scanner or a dual-source CT imager. CAC were automatically defined by dedicated software and the Agatston score was semi-automatically calculated. A stress-rest SPECT-MPI study was performed afterwards and scintigraphic images were evaluated quantitatively. Then all patients underwent ICA. Thereby significant CAD was defined as luminal stenosis >= 75% in quantitative coronary analysis (QCA) in >= 1 epicardial vessel. To compare data lacking Gaussian distribution an unpaired Wilcoxon-Test (Mann-Whitney) was used. Otherwise a Students t-test for unpaired samples was applied. Calculations were considered to be significant at a p-value of 0 significant CAD was confirmed by ICA, and excluded in 152/284 (53.5%) patients. Sensitivity for CAD detection by CS alone was calculated as 99.2%, specificity was 30.3%, and negative predictive value was 98.5%. An additional SPECT in patients with CS>0 increased specificity to 80.9% while reducing sensitivity to 87.9%. Diagnostic accuracy was 84.2%. Conclusions: In patients without CS=0 significant CAD can be excluded with a high negative predictive value by CS alone. An additional SPECT-MPI in those patients with CS>0 leads to a high diagnostic accuracy for the detection of CAD while reducing the number of patients needing invasive diagnostic procedure

The effects of midazolam on intraocular pressure in children during examination under sedation

Background: To obtain reliable and accurate measurements of the intraocular pressure (IOP) in children often requires sedation or anaesthesia. Therefore, we investigated the effects of oral midazolam on IOP in children. Methods: In a prospective study, IOP was measured in 72 eyes of 36 cooperative children without glaucoma requiring general anaesthesia (mean age 3.5±1.3 years, body weight ≤20 kg) by using a Perkins hand-held tonometer. Measurements of IOP were performed before, and 15 and 30 min after sedation with orally administered midazolam (1 mg/kg) given as preoperative medication, and 5 and 15 min after induction of general anaesthesia. The individual IOP courses were analysed. Results: In all of the cooperative children, IOP measurement was possible after sedation with midazolam. Mean IOP was 11.2±0.3 mmHg before sedation, 10.9±0.2 mmHg at 15 min, and 10.7±0.3 mmHg 30 min after administration of midazolam. This small decrease was not statistically significant, whilst the IOP decline at 5 and 15 min after induction of general anaesthesia was statistically significant (p<0.0001). Conclusion: Sedation with midazolam can be assumed to be an applicable, well-tolerated, safe method for IOP measurements in children

SvAnna: efficient and accurate pathogenicity prediction of coding and regulatory structural variants in long-read genome sequencing.

Structural variants (SVs) are implicated in the etiology of Mendelian diseases but have been systematically underascertained owing to sequencing technology limitations. Long-read sequencing enables comprehensive detection of SVs, but approaches for prioritization of candidate SVs are needed. Structural variant Annotation and analysis (SvAnna) assesses all classes of SVs and their intersection with transcripts and regulatory sequences, relating predicted effects on gene function with clinical phenotype data. SvAnna places 87% of deleterious SVs in the top ten ranks. The interpretable prioritizations offered by SvAnna will facilitate the widespread adoption of long-read sequencing in diagnostic genomics. SvAnna is available at https://github.com/TheJacksonLaboratory/SvAnn a

A Structurally Precise Mechanism Links an Epilepsy-Associated KCNC2 Potassium Channel Mutation to Interneuron Dysfunction

De novo heterozygous variants in KCNC2 encoding the voltage-gated potassium (K+) channel subunit Kv3.2 are a recently described cause of developmental and epileptic encephalopathy (DEE). A de novo variant in KCNC2 c.374G \u3e A (p.Cys125Tyr) was identified via exome sequencing in a patient with DEE. Relative to wild-type Kv3.2, Kv3.2-p.Cys125Tyr induces K+ currents exhibiting a large hyperpolarizing shift in the voltage dependence of activation, accelerated activation, and delayed deactivation consistent with a relative stabilization of the open conformation, along with increased current density. Leveraging the cryogenic electron microscopy (cryo-EM) structure of Kv3.1, molecular dynamic simulations suggest that a strong π-π stacking interaction between the variant Tyr125 and Tyr156 in the α-6 helix of the T1 domain promotes a relative stabilization of the open conformation of the channel, which underlies the observed gain of function. A multicompartment computational model of a Kv3-expressing parvalbumin-positive cerebral cortex fast-spiking γ-aminobutyric acidergic (GABAergic) interneuron (PV-IN) demonstrates how the Kv3.2-Cys125Tyr variant impairs neuronal excitability and dysregulates inhibition in cerebral cortex circuits to explain the resulting epilepsy

Legionellosis from Legionella pneumophila Serogroup 13

Legionella pneumophila serogroup 13 may be underrecognized

Representativeness of Eddy-Covariance flux footprints for areas surrounding AmeriFlux sites

Large datasets of greenhouse gas and energy surface-atmosphere fluxes measured with the eddy-covariance technique (e.g., FLUXNET2015, AmeriFlux BASE) are widely used to benchmark models and remote-sensing products. This study addresses one of the major challenges facing model-data integration: To what spatial extent do flux measurements taken at individual eddy-covariance sites reflect model- or satellite-based grid cells? We evaluate flux footprints—the temporally dynamic source areas that contribute to measured fluxes—and the representativeness of these footprints for target areas (e.g., within 250–3000 m radii around flux towers) that are often used in flux-data synthesis and modeling studies. We examine the land-cover composition and vegetation characteristics, represented here by the Enhanced Vegetation Index (EVI), in the flux footprints and target areas across 214 AmeriFlux sites, and evaluate potential biases as a consequence of the footprint-to-target-area mismatch. Monthly 80% footprint climatologies vary across sites and through time ranging four orders of magnitude from 103 to 107 m2 due to the measurement heights, underlying vegetation- and ground-surface characteristics, wind directions, and turbulent state of the atmosphere. Few eddy-covariance sites are located in a truly homogeneous landscape. Thus, the common model-data integration approaches that use a fixed-extent target area across sites introduce biases on the order of 4%–20% for EVI and 6%–20% for the dominant land cover percentage. These biases are site-specific functions of measurement heights, target area extents, and land-surface characteristics. We advocate that flux datasets need to be used with footprint awareness, especially in research and applications that benchmark against models and data products with explicit spatial information. We propose a simple representativeness index based on our evaluations that can be used as a guide to identify site-periods suitable for specific applications and to provide general guidance for data use

Limited release of previously-frozen C and increased new peat formation after thaw in permafrost peatlands

Permafrost stores globally significant amounts of carbon (C) which may start to decompose and be released to the atmosphere in form of carbon dioxide (CO 2 ) and methane (CH 4 ) as global warming promotes extensive thaw. This permafrost carbon feedback to climate is currently considered to be the most important carbon-cycle feedback missing from climate models. Predicting the magnitude of the feedback requires a better understanding of how differences in environmental conditions post-thaw, particularly hydrological conditions, control the rate at which C is released to the atmosphere. In the sporadic and discontinuous permafrost regions of north-west Canada, we measured the rates and sources of C released from relatively undisturbed ecosystems, and compared these with forests experiencing thaw following wildfire (well-drained, oxic conditions) and collapsing peat plateau sites (water-logged, anoxic conditions). Using radiocarbon analyses, we detected substantial contributions of deep soil layers and/or previously-frozen sources in our well-drained sites. In contrast, no loss of previously-frozen C as CO 2 was detected on average from collapsed peat plateaus regardless of time since thaw and despite the much larger stores of available C that were exposed. Furthermore, greater rates of new peat formation resulted in these soils becoming stronger C sinks and this greater rate of uptake appeared to compensate for a large proportion of the increase in CH 4 emissions from the collapse wetlands. We conclude that in the ecosystems we studied, changes in soil moisture and oxygen availability may be even more important than previously predicted in determining the effect of permafrost thaw on ecosystem C balance and, thus, it is essential to monitor, and simulate accurately, regional changes in surface wetness