Student name and surname: Student ID: EXAMINATION
|
|
- Lauren Williams
- 5 years ago
- Views:
Transcription
1 Student name and surname: Student ID: EXAMINATION The exam is open-book, open-laptop, and open-internet. You are not allowed to share information with anyone during the exam other than the lecturer. You can provide your solutions either on paper or electronically. In case of the electronic solutions, please the file to < > no later than 16:05 with a subject [SSD2017] exam solutions. Scheduler Case (Feather et al, 1997) s are typically arranged in the following way. A meeting initiator asks all potential meeting attendees for the following information based on their personal agenda: a set of dates on which they cannot attend the meeting (hereafter referred as exclusion set); a set of dates on which they would prefer the meeting to take place (hereafter referred as preference set). A meeting date is defined by a pair (calendar date, time period). The exclusion and preference sets are contained in some time interval prescribed by the meeting initiator (hereafter referred as date range). The initiator also asks active participants to provide any special equipment requirements on the meeting location (e.g., overhead-projector, workstation, network connection, telephones, etc.). He/she may also ask important participants to state preferences about the meeting location. The proposed meeting date should belong to the stated date range and to none of the exclusion sets; furthermore it should ideally belong to as many preference sets as possible. A date conflict occurs when no such date can be found. A conflict is strong when no date can be found within the date range and outside all exclusion sets; it is weak when dates can be found within the date range and outside all exclusion sets, but no date can be found at the intersection of all preference sets. Conflicts can be resolved in several ways: the initiator extends the date range; some participants remove some dates from their exclusion set; some participants withdraw from the meeting; some participants add some new dates to their preference set. A meeting room must be available at the selected meeting date. It should meet the equipment requirements; furthermore it should ideally belong to one of the locations preferred by as many important participants as possible. A new round of negotiation may be required when no such room can be found. The meeting initiator can be one of the participants or some representative (e.g., a secretary). The purpose of the meeting scheduler system is to support the organisation of meetings that is, to determine, for each meeting request, a meeting date and location so that most of the intended participants will effectively participate. The meeting date and location should thus be as convenient as possible to all participants. Information about the meeting should also be made available as early as possible to all potential participants. The intended system should considerably reduce the amount 1
2 of overhead usually incurred in organizing meetings where potential attendees are distributed over many different places. On another hand, the system should as closely as possible reflect the way meetings are typically managed. An extract of Scheduler model Scheduler is given in Table 1 and Fig. 1. Table 1. Definition of Schedule meeting use case Use Case ID: 1 Use Case Name: Schedule meeting Created By: Raimundas Last Updated By: Raimundas Date Created: Date Last Updated: Actors: Scheduler Description: The scheduler executes this function when there is a need for the meeting organisation. The meeting is initiated by meeting initiator, and different participants take part in it. Before the meeting can take place it needs to be scheduled. Trigger: The necessity for the meeting emerges. Preconditions: End of the business stage, need for new planning; Unexpected even in the business processes. Postconditions: The meeting is scheduled: the dates are agreed between meeting participants and every participant is informed about them. Normal Flow: 1. Initiator enters the date range (in01) 2. Participant enter their date range (in02, ex01) 3. Scheduler finds agreeable date (in03) Range Alternative Flows: 4. Participant obtain the agreed date (in04) af1. Initiator announces about the meeting dates using other (manual, s, postal letters, etc) means. Exceptions: ex01. Participants are not registered and do not have account in the Scheduler Includes: in01. Enter date range in02. Enter available dates in03. Find agreeable date in04. Obtain date Priority: 1 the highest priority, if the meeting in urgent. 3 the medium priority if the meeting is for the normal occasion. Frequency of 4 times a month Use: Business Rules: The need for the meeting - this might include the emerging event in the business process, or the end of the business stage. Special All potential meeting participants shall have access to Scheduler Requirements: 2
3 Fig. 1. Scheduler example TASKS Task 1 (10 points): Analyse Scheduler example and define what the business assets are and how they are supported by the system assets. What is security objective? To structure your answer, fill in Table 2. Task 2 (10 points): Consider the meeting Scheduler example and solution of Task 1. Define one security risk using Taxonomy of Seven pernicious kingdom (or any other vulnerability database) to determine vulnerabilities of the systems assets; Characteristics of threat agent to characterise capabilities, motivation and expertise of the threat agent; STRIDE and/or taxonomy of threats to (distributed) systems to determine threats and attack methods; Symptoms of malicious software to indicate the harm to the assets. Indicate what could be the possible negation of the security criterion. To structure your answer, fill in Table 3. 3
4 Task 3 (10 points): For the security risk identified in Task 2, what the possible security risk treatment decision could be applied. What security requirements should be introduced, and how do they mitigate the identified risk? What controls do implement these requirements? Defined security requirements must respect guidelines of the good requirements. To structure your answer, fill in Table 4. Task 4 (10 points): Using security risk-oriented misuse cases create a diagram(s) to represent the security risk defined in Table 3. Task 5 (10 points): Define the model transformation guidelines from security risk-oriented misuse cases to security risk-oriented BPMN (business model process and notation). To structure your answer, fill in Table 5. Task 6 (10 points): Illustrate how your transformation rules (see Table 5) should be applied to the Task 4 solution. Discuss if the received diagram is complete; if not, what should be added to complete the received diagram. Task 7 (10 points): Data about the is gathered in Table 6. What result will be retrieved if the k-anonymity method is applied using these parameters: name and initiator are identifiers; date, place and participants are quasi identifiers; Main topic is sensitive date is generalise, as o From to à Early period o From to à Middle period o From to à Late period participants are generalised as o John, Mari, Rosa, Karl à 4 participants o Karl, Peeter à 2 participants o Rick, John, Karl à 3 participants o Rosa, Karl à 2 participants Fill your answer to Table 7. Discuss if the k-anonymity with the following parameters gives a sufficient protection. Task 8 (10 points): Analyse the meeting Scheduler example and define the UMLsec model representing the role-based access control policy regarding the data (see Table 6), which characterise the. 4
5 Table 2: Template to support answer of Task 1 Security context Scheduler example Business asset Security criteria System assets supports Table 3: Template to support answer of Task 2 System asset(s) (select from Table 1) Vulnerability Threat agent Threat and Attack method Impact and its Harm Risk 5
6 Table 4: Template to support answer of Task 3 Risk treatment decision mitigates Security requirements Controls Table 5: Template to support answer of Task 5 Rule ID Transformation rule TR.MUC-BPMN.1 A misuse case actor is translated to 6
7 Table 6. data name initiator date place participants Main topic BBB3 Mari Tallinn John, Mari, Rosa, Karl Fish industry plans AAD Mari Tartu John, Mari, Rosa, Karl Building construction BCD2 Peeter Tallinn Karl, Peeter A-improvements ABC Karl Tallinn Karl, Peeter Fish industry plans BCD Peeter Tallinn Karl, Peeter Fish industry plans A++ Rosa Tartu Rosa, Karl Fish industry plans AAA2 John Tallinn Rick, John, Karl A-improvements ABA Mari Tartu John, Mari, Rosa, Karl Building construction A+ Rosa Tallinn Rosa, Karl Building construction ABC2 Karl Tartu Karl, Peeter A-improvements Table 7. Template to support answer of Task 7 7
EXAMINATION [The sum of points equals to 100]
Student name and surname: Student ID: EXAMINATION [The sum of points equals to 100] PART I: Meeting Scheduling example Description: Electronic meeting Scheduling system helps meeting initiator to schedule
More informationAligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions
Aligning Mal-activity Diagrams and Security Risk Management for Security Requirements Definitions Mohammad Jabed Morshed Chowdhury 1, 2, Raimundas Matulevičius 1, Guttorm Sindre 2, and Peter Karpati 2
More informationSecurity Risk Management Domain Model
Lecture 2: Security Modelling Understanding security goals and secure business activities Dr. Raimundas Matulevičius email: rma@ut.ee 1" Security Risk Management Domain Model "2"" Goals and Questions What
More informationGoal. Introduce the bases used in the remaining of the book. This includes
Fundamentals of Secure System Modelling Springer, 2017 Chapter 1: Introduction Raimundas Matulevičius University of Tartu, Estonia, rma@ut.ee Goal Introduce the bases used in the remaining of the book.
More informationA Model Transformation from Misuse Cases to Secure Tropos
A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed 1, Raimundas Matulevičius 1, and Haralambos Mouratidis 2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee
More informationChapter 1 Introduction
Chapter 1 Introduction Secure system development is not a trivial task. It comprises a number of activities, which need to be combined, analysed, and executed to produce a secure software system. In this
More informationITSY Information Technology Security Course Syllabus Spring 2018
ITSY 1342 - Information Technology Security Course Syllabus Spring 2018 Instructor Course Reference Number (CRN) Course Description: Name: Fidelis Ngang Tel: 713-718-5552 Office: Spring Branch, Room 900L
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified Management System Auditor www.pecb.com The objective of the PECB Certified Management System Auditor examination is to ensure that the candidates
More informationCertificate Software Asset Management Essentials Syllabus. Version 2.0
Certificate Software Asset Management Essentials Syllabus Version 2.0 June 2010 Certificate in Software Asset Management Essentials Leaning Objectives Holders of the ISEB Certificate in SAM Essentials
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22301 Lead Implementer www.pecb.com The objective of the Certified ISO 22301 Lead Implementer examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27001 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 27001 Lead Auditor examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27005 Risk Manager www.pecb.com The objective of the PECB Certified ISO/IEC 27005 Risk Manager examination is to ensure that the candidate
More informationExtension and Application of Eventdriven Process Chain for Information System Security Risk Management
UNIVERSITY OF TARTU FACULTY OF MATHEMATICS AND COMPUTER SCIENCE Institute of Computer Science Yenal Turan Extension and Application of Eventdriven Process Chain for Information System Security Risk Management
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Implementer www.pecb.com The objective of the PECB Certified ISO 14001 Lead Implementer examination is to ensure that the candidate
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 14001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 14001 Lead Auditor examination is to ensure that the candidate
More informationSynergy Distributed Meeting Scheduler. Project Plan. Revision 2.0. CS 6361 Advance Requirements Engineering Fall 2008
Synergy Distributed Meeting Scheduler Project Plan Revision 2.0 CS 6361 Advance Requirements Engineering Fall 2008 Team Members: Name Email Phone Student ID Animesh Roy animesh.roy@student.utdallas.edu
More informationAdvanced IT Risk, Security management and Cybercrime Prevention
Advanced IT Risk, Security management and Cybercrime Prevention Course Goal and Objectives Information technology has created a new category of criminality, as cybercrime offers hackers and other tech-savvy
More informationLecture 8: Goals and Scenarios. Pohl K., Requirements Engineering: Fundamentals, Principles, and Techniques, Springer, 2010, 814p.
Lecture 8: Goals and Scenarios Pohl K., Requirements Engineering: Fundamentals, Principles, and Techniques, Springer, 2010, 814p. 2 Documenting Goals 3 Documenting Goals 1. Each goal must have a unique
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27005 Risk Manager The objective of the Certified ISO/IEC 27005 Risk Manager examination is to ensure that the candidate has the knowledge and the skills to
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager www.pecb.com The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has
More informationAdvanced Security Tester Course Outline
Advanced Security Tester Course Outline General Description This course provides test engineers with advanced skills in security test analysis, design, and execution. In a hands-on, interactive fashion,
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 31000 Risk Manager www.pecb.com The objective of the PECB Certified ISO 31000 Risk Manager examination is to ensure that the candidate
More informationApproved Trainers Certification
Approved Trainers Certification The APM Group Limited QMS Related Documents Eligibility Requirements Training Certification Overview Application forms Training Organisation Certification Certification
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Implementer www.pecb.com The objective of the Certified ISO 22000 Lead Implementer examination is to ensure that the candidate
More informationISM 324: Information Systems Security Spring 2014
ISM 324: Information Systems Security Spring 2014 Instructor: Co-Instructor: Office: E-Mail: Phone: Office Hours: Jeffrey Wall Hamid Nemati 392 Bryan Building jdwall2@uncg.edu (email is the preferred method
More informationBCS Level 4 Certificate in Cyber Security Introduction Syllabus QAN 603/0830/8
in Cyber Security Introduction Syllabus QAN 603/0830/8 Version 1.2 November 2016 This is a United Kingdom government regulated qualification which is administered and approved by one or more of the following:
More informationFOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY
FOUNDATION CERTIFICATE IN INFORMATION SECURITY v2.0 INTRODUCING THE TOP 5 DISCIPLINES IN INFORMATION SECURITY SUMMARY The Foundation Certificate in Information Security (FCIS) course is designed to provide
More informationGUIDELINES FOR APPROVAL OF CONTINUING EDUCATION COURSES and SEMINARS. Accredited Course Providers
GUIDELINES FOR APPROVAL OF CONTINUING EDUCATION COURSES and SEMINARS Accredited Course Providers General Insurance Council Bylaws Section 4. Definition of Continuing Education (1) Continuing education
More informationISAO SO Product Outline
Draft Document Request For Comment ISAO SO 2016 v0.2 ISAO Standards Organization Dr. Greg White, Executive Director Rick Lipsey, Deputy Director May 2, 2016 Copyright 2016, ISAO SO (Information Sharing
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 9001 Lead Auditor www.pecb.com The objective of the PECB Certified ISO 9001 Lead Auditor examination is to ensure that the candidate possesses
More informationBCS Foundation Certificate in Software Asset Management Essentials Syllabus
BCS Foundation Certificate in Software Asset Management Essentials Syllabus Version 4.6 March 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification
More informationPurpose. ERO Enterprise-Endorsed Implementation Guidance
Lesson Learned CIP Version 5 Transition Program CIP-002-5.1 Requirement R1: Impact Rating of Generation Resource Shared BES Cyber Systems Version: January 29, 2015 Authorized by the Standards Committee
More informationCYSE 411/AIT 681 Secure Software Engineering. Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun
CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun Reading This lecture [McGraw]: Ch. 7-9 2 Seven Touchpoints 1. Code review 2. Architectural
More informationMaster the implementation and management of a Cybersecurity Program based on ISO/IEC 27032
Master the implementation and management of a Program based on ISO/IEC 27032 Why should you attend? Manager training enables you to acquire the expertise and competence needed to support an organization
More informationIncident Response Lessons From the Front Lines. Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles
Incident Response Lessons From the Front Lines Session 276, March 8, 2018 Nolan Garrett, CISO, Children s Hospital Los Angeles 1 Conflict of Interest Nolan Garrett Has no real or apparent conflicts of
More information4. Risk-Based Security Testing. Reading. CYSE 411/AIT 681 Secure Software Engineering. Seven Touchpoints. Application of Touchpoints
Reading This lecture [McGraw]: Ch. 7-9 CYSE 411/AIT 681 Secure Software Engineering Topic #6. Seven Software Security Touchpoints (III) Instructor: Dr. Kun Sun 2 Seven Touchpoints Application of Touchpoints
More informationService Description: CNS Federal High Touch Technical Support
Page 1 of 1 Service Description: CNS Federal High Touch Technical Support This service description ( Service Description ) describes Cisco s Federal High Touch Technical support (CNS-HTTS), a tier 2 in
More informationIT Service Level Agreement
The Glasgow School of Art IT Service Level Agreement September 2016 Policy Control Title IT Service Level Agreement Date Approved Sep 2016 Approving Bodies Executive Group Implementation Date September
More informationFrequently asked questions on the Exam Period
Frequently asked questions on the Exam Period - Autumn 2018/2019-1. What can I do if I passed the exam, but I am not satisfied with my mark? You can take a grade improvement examination: retaking a successful
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 22000 Lead Auditor www.pecb.com The objective of the Certified ISO 22000 Lead Auditor examination is to ensure that the candidate has
More informationDeveloping a Model for Cyber Security Maturity Assessment
Developing a Model for Cyber Security Maturity Assessment Tariq Al-idrissi, Associate Vice President IT, Trent University Ian Thomson, Information Security Officer, Trent University June 20 th, 2018 (8:45am
More informationExternal Supplier Control Obligations. Cyber Security
External Supplier Control Obligations Cyber Security Control Title Control Description Why this is important 1. Cyber Security Governance The Supplier must have cyber risk governance processes in place
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO/IEC 20000 Lead Auditor www.pecb.com The objective of the Certified ISO/IEC 20000 Lead Auditor examination is to ensure that the candidate
More informationBCS Specialist Certificate in Change Management Syllabus
BCS Specialist Certificate in Change Management Syllabus Version 2.0 April 2017 This qualification is not regulated by the following United Kingdom Regulators - Ofqual, Qualification in Wales, CCEA or
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified ISO 37001 Lead Auditor www.pecb.com The objective of the Certified ISO 37001 Lead Auditor examination is to ensure that the candidate possesses
More informationSan Jose State University - Department of Computer Science
San Jose State University - Department of Computer Science CS 151, Section 4 - Object-Oriented Design Instructor:Cay S. Horstmann Email: cay.horstmann@sjsu.edu Telephone: +1-408-924-5060 Office Hours:
More informationMIS5206-Section Protecting Information Assets-Exam 1
Your Name Date 1. Which of the following contains general approaches that also provide the necessary flexibility in the event of unforeseen circumstances? a. Policies b. Standards c. Procedures d. Guidelines
More informationThis course contains the subject matter to prepare candidates for the ivanti Certified Service Desk 2017 Administrator exam.
Course Overview The Service Desk Administration 2017 course is a five-day training course covering topics for both administrative and design functions within the Service Desk 2017. Students will learn
More informationUniversity of Wisconsin-Madison Policy and Procedure
Page 1 of 10 I. Policy The Health Information Technology for Economic and Clinical Health Act regulations ( HITECH ) amended the Health Information Portability and Accountability Act ( HIPAA ) to establish
More information25 Live Scheduling System Student Instructions
25 Live Scheduling System Student Instructions Students will now be able to reserve the small study rooms in the Learning Commons. This guide will give you simple instructions on how to do this. Once at
More informationSAMU Club Event Approval Form
SAMU Club Event Approval Form Please hand in the Event Approval Form to the Clubs Manager at least 4-6 weeks in advance. If you do not receive approval in one week please contact the Clubs Department.
More informationEHWLC Exams Terms & Conditions:
EHWLC Exams Terms & Conditions: Registration: Candidates will not be enrolled and accepted for the exam under any circumstances without payment. Late entries: Where spaces are available, a late entry fee
More informationLab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure
Lab #3 Defining an Information Systems Security Policy Framework for an IT Infrastructure Introduction In any company, a security policy helps to mitigate the risks and threats the business encounters.
More informationSTANDARD INFORMATION SHARING FORMATS. Will Semple Head of Threat and Vulnerability Management New York Stock Exchange
STANDARD INFORMATION SHARING FORMATS Will Semple Head of Threat and Vulnerability Management New York Stock Exchange AGENDA Information Sharing from the Practitioner s view Changing the focus from Risk
More informationConstruction Document: Petitions, Claims and Complaints Management Bizagi Process Modeler
Construction Document: Petitions, Claims and Complaints Management Bizagi Process Modeler Copyright 2011 - bizagi Table of Contents 1. 2. Process Description... 4 Main Facts in the Process Construction...
More informationSofware Requirements Engineeing
Sofware Requirements Engineeing Three main tasks in RE: 1 Elicit find out what the customers really want. Identify stakeholders, their goals and viewpoints. 2 Document write it down (Requirements Specification).
More informationInformation Security Controls Policy
Information Security Controls Policy Version 1 Version: 1 Dated: 21 May 2018 Document Owner: Head of IT Security and Compliance Document History and Reviews Version Date Revision Author Summary of Changes
More informationEssentials of Database Management (Hoffer et al.) Chapter 2 Modeling Data in the Organization
Essentials of Database Management (Hoffer et al.) Chapter 2 Modeling Data in the Organization 1) The logical representation of an organization's data is called a(n): A) database model. B) entity-relationship
More informationCSE Computer Security (Fall 2007)
CSE 543 - Computer Security (Fall 2007) Lecture 1 - Introduction Professor: Trent Jaeger URL: http://www.cse.psu.edu/~tjaeger/cse543-f07/ Some bedtime stories This course We are going to explore why these
More informationWW0BYLS EXAMINATION HANDBOOK
WW0BYLS EXAMINATION HANDBOOK Overview Examinations at the Law School are given during a period (normally two weeks) at the end of the term. All papers assigned during the term, and all papers submitted
More informationBDS Markets Ltd COMPLAINTS HANDLING PROCEDURE POLICY
BDS Markets Ltd COMPLAINTS HANDLING PROCEDURE POLICY Regulated by the Financial Services Commission, License Number C116016172 CONTENTS 1. Introduction...2 2.Scope and Purpose.2 3.Definitions...2 4.Complaints
More informationManaged Security Services - Automated Analysis, Threat Analyst Monitoring and Notification
Service Description Managed Security Services - Automated Analysis, Threat Analyst Monitoring and Notification The services described herein are governed by the terms and conditions of the agreement specified
More informationAdvisory: Students should have already taken MICROCOMPUTER APPLICATIONS II - 431
Cyber Security I - CoSci 411 Los Angeles Mission College - Spring 2018 Instructor: Javier Rios E-mail: rios.javier@gmail.com E-mail communications will be will receive a response within 24 hours. Advisory:
More informationData Protection Policy
Page 1 of 6 General Statement The Local Governing Bodies of the academies have overall responsibility for ensuring that records are maintained, including security and access arrangements, in accordance
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO 50001 Lead Auditor The objective of the PECB Certified ISO 50001 Lead Auditor examination is to ensure that the candidate has the knowledge and skills to plan
More informationOklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017
Oklahoma State University Institute of Technology Face-to-Face Common Syllabus Fall 2017 ITD 3443 Network Security Students will provide Cyber Defense while understanding Cyber Threats. Their attack types
More informationA Distributed Multi-Agent Meeting Scheduler System
A Distributed Multi-Agent Meeting Scheduler System Ali Durmus, Nadia Erdogan Electrical-Electronics Faculty, Department of Computer Engineering Istanbul Technical University Ayazaga, 34469, Istanbul, Turkey.
More informationReport. An Evaluation of a Test driven Security Risk Analysis Method Based on an Industrial Case Study
Unrestricted Report An Evaluation of a Test driven Security Risk Analysis Method Based on an Industrial Case Study Author(s) Gencer Erdogan Fredrik Seehusen Yan Li SINTEF ICT Networked Systems and Services
More informationPMP Exam Preparation Workshop Setting expectations for the PMP Review
PMP Exam Preparation Workshop Setting expectations for the PMP Review Copyright 2016 PMI SOC 1 Contact Information Bobby Kapoor, PMP PMP Prep Session Coordinator Email: bobby_kapoor@hotmail.com Paolo Treves,
More informationStandard Course Outline IS 656 Information Systems Security and Assurance
Standard Course Outline IS 656 Information Systems Security and Assurance I. General Information s Course number: IS 656 s Title: Information Systems Security and Assurance s Units: 3 s Prerequisites:
More information25Live - Quick Guide
25Live - Quick Guide Location Search - Used for learning which events are happening in a specific building/area or finding room availability. Step 1: Select the Location tab Step 2: Type in a location
More informationEXAM PREPARATION GUIDE
When Recognition Matters EXAM PREPARATION GUIDE PECB Certified OHSAS 18001 Lead Auditor www.pecb.com The objective of the PECB Certified OHSAS 18001 Lead Auditor examination is to ensure that the candidate
More informationWye Valley NHS Trust. Data protection audit report. Executive summary June 2017
Wye Valley NHS Trust Data protection audit report Executive summary June 2017 1. Background The Information Commissioner is responsible for enforcing and promoting compliance with the Data Protection Act
More informationWP3 Technologies and methods for Web applications
WP3 Technologies and methods for Web applications Introduction The primary goal of work package WP3 - Technologies and methods for Web applications - is the definition, design, and implementation of the
More informationSAMPLE REPORT. Business Continuity Gap Analysis Report. Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx
SAMPLE REPORT Business Continuity Gap Analysis Report Prepared for XYZ Business by CSC Business Continuity Services Date: xx/xx/xxxx COMMERCIAL-IN-CONFIDENCE PAGE 1 OF 11 Contact Details CSC Contacts CSC
More informationRequirements. Requirements. Types of Requirement. What Is a Requirement?
Beatrice Åkerblom beatrice@dsv.su.se Everything else in software development depends on the requirements. If you cannot get stable requirements you cannot get a predictable plan... What Is a Requirement?!
More informationNetwork Security
44-555 Network Security Instructor: Scott Bell Office: 2220 Colden Hall Email: sbell@nwmissouri.edu Phone: (660) 562-1699 Description: An introduction to the fundamentals of network security, including
More informationJohn Port Spencer Academy. Exam Contingency Plan 2017/18
John Port Spencer Academy Exam Contingency Plan 2017/18 1 Contents Purpose of the plan... 3 Causes of potential disruption to the exam process... 3 1. Exam officer extended absence at key points in the
More informationUTHealth Medical School Internal User Guide
UTHealth Medical School Internal User Guide Welcome to UTHealth Medical School Internal User Guide for the Ad Astra Event Scheduling application! The MS Internal User Guide has been created to introduce
More informationISO Lead Auditor Training
ISO 22301 Lead Auditor Training Course Description Customers expect organizations to plan and prepare for unforeseen events. Through an effective Business Continuity Management System (BCMS) based on ISO
More informationISO Lead Auditor Program Risk Management System (RMS) Training Program
FINAL CERTIFICATION AWARDED BY PECB CANADA ISO 31000 Lead Auditor Program Risk Management System (RMS) Training Program ISO 31000 Lead Auditor Risk Manager training enables you to gain comprehensive and
More informationEXAM PREPARATION GUIDE
EXAM PREPARATION GUIDE PECB Certified ISO/IEC 27002 Manager The objective of the PECB Certified ISO/IEC 27002 Manager examination is to ensure that the candidate has the knowledge for implementing information
More informationHow To Make Threat Modeling Work For You
How To Make Threat Modeling Work For You Strategic Approaches to Real-World Architecture Challenges O Reilly Software Architecture Online Conference March 1, 2016 Robert Hurlbut Robert Hurlbut Software
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationLecture 4: Goals and Scenarios. System context. Usage facet. IT system facet. Core activities. Negotiation. Requirements artefacts
Lecture 4: Goals and Scenarios Stakeholders Identifying the problem owners Goals Identifying the success criteria Scenarios Identifying how it works 1 System context Subject facet Usage facet IT system
More informationTEL2813/IS2820 Security Management
TEL2813/IS2820 Security Management Security Management Models And Practices Lecture 6 Jan 27, 2005 Introduction To create or maintain a secure environment 1. Design working security plan 2. Implement management
More informationCourses. X E - Verify that system acquisitions policies and procedures include assessment of risk management policies X X
4016 Points * = Can include a summary justification for that section. FUNCTION 1 - INFORMATION SYSTEM LIFE CYCLE ACTIVITIES Life Cycle Duties No Subsection 2. System Disposition/Reutilization *E - Discuss
More informationComputer Science Technology Department
Computer Science Technology Department Houston Community College Department Phone Number: ab Houston Community College ITMT 1370 Windows Client Operating System - Windows 10 Course Syllabus Summer 2017
More informationThe School of the Arts, English and Media (TAEM): exhibition guidelines
The School of the Arts, English and Media (TAEM): exhibition guidelines Thank you for your interest in exhibiting as part of the TAEM (School of the Arts English and Media) exhibition program, University
More informationCERTIFICATE IN LUXEMBOURG COMPANY SECRETARIAL & GOVERNANCE PRACTICE
CERTIFICATE IN LUXEMBOURG COMPANY SECRETARIAL & GOVERNANCE PRACTICE POLICY ILA asbl 19, rue de Bitbourg L-1273 Luxembourg TABLE OF CONTENTS Program Entry 3 Eligibility criteria 3 Training program 4 Application
More informationSoftware Architectural Risk Analysis (SARA): SSAI Roadmap
Software Architectural Risk Analysis (SARA): SSAI Roadmap Frédéric Painchaud DRDC Valcartier / Systems of Systems November 2010 Agenda Introduction Software Architectural Risk Analysis Linking to SSAI
More informationBILLING CODE P DEPARTMENT OF ENERGY Federal Energy Regulatory Commission. [Docket No. RM ] Cyber Systems in Control Centers
This document is scheduled to be published in the Federal Register on 07/28/2016 and available online at http://federalregister.gov/a/2016-17854, and on FDsys.gov BILLING CODE 6717-01-P DEPARTMENT OF ENERGY
More informationSwiss Markets COMPLAINTS HANDLING PROCEDURE POLICY
Swiss Markets COMPLAINTS HANDLING PROCEDURE POLICY Swiss Markets is a trading division of BDSwiss Holding PLC, a Company regulated by the Cyprus Securities and Exchange Commission (CySEC), License Number
More informationDigital Communication and Aesthetics,
Curriculum for the Elective Study at Bachelor Level in Digital Communication and Aesthetics, 2016 Corrected 2017 Amended 2018 Department of Media, Cognition and Communication Faculty of Humanities University
More informationRequirements Engineering. Contents. Functional requirements. What is a requirement?
Contents Ø Introduction 4 Ø Engineering Ø Project Management Ø Software Design Ø Detailed Design and Coding Ø Quality Assurance Engineering Ø What is a Requirement? Ø RE Activities Ø Documentation Ø RE
More informationCisco WebEx Meeting Center Scheduling Guide
Cisco WebEx Meeting Center Scheduling Guide Scheduling Tasks Australia 1800 468 225 +61 2 8295 9000 China 10800 650 0155 +852 3073 0418 Hong Kong 800 901 603 +852 3073 0418 India 000 800 650 1158 +61 2
More informationSecurity Assessment. Prepared For: Prospect Or Customer Prepared By: Your Company Name
Security Assessment Prepared For: Prospect Or Customer Prepared By: Your Company Name Agenda Security - External & Outbound - Policy Compliance Risk and Issue Score Issue Review Next Steps Security - External
More informationRequirements Validation and Negotiation
REQUIREMENTS ENGINEERING LECTURE 2017/2018 Joerg Doerr Requirements Validation and Negotiation AGENDA Fundamentals of Requirements Validation Fundamentals of Requirements Negotiation Quality Aspects of
More informationBCS Advanced International Diploma in Business Analysis
RETURN FORM TO: BCS The Chartered Institute for IT Professional Certifications First Floor, Block D North Star House North Star Avenue Swindon SN2 1FA United Kingdom T +44 (0) 1793 417 655 E certifications@hq.bcs.org.uk
More informationGuidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1
Guidelines for Submitting NERC Reliability Standards Required Documents to the SPP Reliability Coordinator and the SPP Balancing Authority Version 1 Revision History Version Effective Date Summary of Revisions
More information