Requirements Driven Mediation for Collaborative Security. Amel Bennaceur The Open University, UK
|
|
- Garry Walton
- 6 years ago
- Views:
Transcription
1 Requirements Driven Mediation for Collaborative Security Amel Bennaceur The Open University, UK
2 Collaborative Security Making multiple, heterogeneous, software intensive components collaborate in order to meet security requirements The boundary of the systems is uncertain The components can change The components are designed and implemented independently Component 1 Component 2 Component 5 Component 3 Environment Component 4 2
3 Collaborative Security Example Protect phone from theft Keep the room accessible if possible Collaborative Security: Make NAO and Create collaborate to protect the phone and keep the room accessible Lock: I can lock and unlock the room NAO: I can see, talk, and pick up objects Create: I can clean and move 3
4 Adaptive Security meets Collaborative Adaptation Adaptive Security Collaborative Security Collaborative Adaptation Reasoning about assets, threats, attacks, and vulnerabilities Identify the security controls necessary to keep security requirements satisfied How to enact these security controls? Reasoning about dynamic discovery and composition Making multiple components collaborate How to reason about assets, threats and security controls? 4
5 Collaborative Security àla Michael Jackson Component 1 Component 2 Component 1 Component 2 Component 3 Mediator Component 5 Secure Operational Environment Environment Component 4 Component 4 Feature based Behaviour based 5
6 Collaborative Security Framework Components Capabilities S discover Component 1 Component 2 Component 4 Component 3 Operational Environment E 6
7 Capabilities as Featured Transition Systems 7
8 Capabilities as Featured Transition Systems 8
9 Collaborative Security Framework Requirements R analyse Security Controls SC Components Capabilities S discover Component 1 Component 2 Component 4 Component 3 Operational Environment E 9
10 Identifying Security Controls Legend Feature Goal Potential conflict Domaine Property Soft Goal Refinement 10
11 Collaborative Security Framework Requirements R analyse Security Controls SC Feature Selection Components Capabilities S discover Component 1 Component 2 Component 4 Component 3 Operational Environment E 11
12 Feature Selection using Constraint Programming Reason CP Solver Subsumes the features of a selected security control provided some domain properties Respects the constraints between features 12
13 Reason Feature Selection 13
14 Collaborative Security Framework Requirements R analyse Security Controls SC Feature Selection Features-driven Mediator Synthesis Components Capabilities S discover Component 1 Component 2 Component 4 Component 3 Operational Environment E 14
15 Projection of Featured Transition Systems 15
16 Synthesise Feature based Mediation 16
17 Features driven Mediator Synthesis Synthesise Use the selected features to project the behaviour of the components Synthesise, if possible, a mediator that enables the composed system to reach 17
18 Collaborative Security Framework Requirements R analyse Security Controls SC Component 1 Component 2 Feature Selection Features-driven Mediator Synthesis Component 3 Mediator Component 4 Components Capabilities S Secure Operational Environment discover Component 1 Component 2 Component 4 Component 3 Operational Environment E 18
19 Tool Support 19
20 Summary Features and behavioural models to reason about and achieve collaborative security Capability selection (and mediation) as a multiobjective optimisation problem Features to scope components behaviours and reduce the space for mediation 20
21 Open Questions Can collaboration be applied to other types of requirements besides security? Yes but security exacerbates and opens many issues that make collaboration more challenging, e.g., dealing with change and assurance What are the limitations of the approach? Predefined set of security control Shared vocabulary between the specification of security controls and capabilities Independent iterations between feature selection and mediator synthesis individual components are trustworthy and implement the capabilities advertised 21
22 Open Questions How about the user? How to explain the choice and implementation of the security control? Is the user just another component? Where do the models come from? What is the impact of their inaccuracy on the model? 22
23 Thank you Adaptive Security and Privacy project.eu
Requirements-Driven Mediation for Collaborative Security
Requirements-Driven Mediation for Collaborative Security Amel Bennaceur 1, Arosha Bandara 1, Michael Jackson 1, Wei Liu 2, Lionel Montrieux 1, Thein Than Tun 1, Yijun Yu 1, Bashar Nuseibeh 1,3 1 The Open
More information1 Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things
1 Feature-driven Mediator Synthesis: Supporting Collaborative Security in the Internet of Things AMEL BENNACEUR, The Open University THEIN THAN TUN, The Open University AROSHA K. BANDARA, The Open University
More informationEmergent Middleware Facing the Interoperability Challenge
Emergent Middleware Facing the Interoperability Challenge Valérie Issarny, Inria Joint work with colleagues of ARLES team and EC CONNECT project Special thanks to Amel Bennaceur Outline The interoperability
More informationNATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium
NATIONAL DEFENSE INDUSTRIAL ASSOCIATION Homeland Security Symposium Securing Cyber Space & America s Cyber Assets: Threats, Strategies & Opportunities September 10, 2009, Crystal Gateway Marriott, Arlington,
More informationCyber Security in the time of Austerity. Shannon Simpson, CCO CNS Group
Cyber Security in the time of Austerity Shannon Simpson, CCO CNS Group The Austerity Agenda 1. Budgets are being cut. 2. Budgets are harder to compete for. 3. Cyber Security ROI is often hard to demonstrate
More informationFeliCa Approval for Security and Trust (FAST) Overview. Copyright 2018 FeliCa Networks, Inc.
FeliCa Approval for Security and Trust (FAST) Overview Introduction The security certification scheme called FeliCa Approval for Security and Trust (FAST) has been set up to enable the evaluation and certification
More informationPanel 1 Service Platform and Network Infrastructure for Ubiquitous Services
Panel 1 Platform and Network Infrastructure for Ubiquitous s Wolfgang Kellerer DoCoMo Euro-Labs Munich, Germany WWRF WG2 ( Architecture) Vice Chair DoCoMo Communications Landsberger Str. 312 80687 Munich
More informationPHYSICAL AND ENVIRONMENTAL SECURITY
PHYSICAL AND ENVIRONMENTAL SECURITY 1.0 STANDARD FOR PHYSICAL AND ENVIRONMENTAL SECURITY - EQUIPMENT 1.1 PURPOSE The purpose of this standard is to establish baseline controls to prevent loss, damage,
More informationAutomated Synthesis of Mediators to Support Component Interoperability
IEEE TRANSACTIONS ON SOFTWARE ENGINEERING 1 Automated Synthesis of Mediators to Support Component Interoperability Amel Bennaceur and Valérie Issarny Abstract Interoperability is a major concern for the
More informationHippo Software BPMN and UML Training
Hippo Software BPMN and UML Training Icon Key: www.hippo-software.co.uk Teaches theory concepts and notation Teaches practical use of Enterprise Architect Covers BPMN, UML, SysML, ArchiMate Includes paper
More informationKey Findings from the Global State of Information Security Survey 2017 Indonesian Insights
www.pwc.com/id Key Findings from the State of Information Security Survey 2017 n Insights Key Findings from the State of Information Security Survey 2017 n Insights By now, the numbers have become numbing.
More informationA Model Transformation from Misuse Cases to Secure Tropos
A Model Transformation from Misuse Cases to Secure Tropos Naved Ahmed 1, Raimundas Matulevičius 1, and Haralambos Mouratidis 2 1 Institute of Computer Science, University of Tartu, Estonia {naved,rma}@ut.ee
More informationService-Oriented Advanced Metering Infrastructure for Smart Grids
Journal of Energy and Power Engineering 5 (2011) 455-460 Service-Oriented Advanced Metering Infrastructure for Smart Grids S. Chen 1, J.J. Lukkien 1 and L. Zhang 2 1. Department of Mathematics and Computer
More informationLife. Embedding Security into the Lifecycle of Projects. pmi mtc pdd Monday, September 26, 2006
Life Embedding Security into the Lifecycle of Projects pmi mtc pdd Monday, September 26, 2006 J Wolfgang Goerlich Security Strategist Conception and Initiation Definition and Planning Launch and Execution
More informationReview Kaspersky Internet Security - multi-device 2015 online software downloader ]
Review Kaspersky Internet Security - multi-device 2015 online software downloader ] Description: Benefits Protecting all your connected devices the one-licence, easy-touse solution Kaspersky Internet Security
More informationGDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool. Contact. Ashley House, Ashley Road London N17 9LZ
GDPR: Get Prepared! A Checklist for Implementing a Security and Event Management Tool Contact Ashley House, Ashley Road London N17 9LZ 0333 234 4288 info@networkiq.co.uk The General Data Privacy Regulation
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationBCS Level 4 Certificate in Cyber Security Introduction Syllabus QAN 603/0830/8
in Cyber Security Introduction Syllabus QAN 603/0830/8 Version 1.2 November 2016 This is a United Kingdom government regulated qualification which is administered and approved by one or more of the following:
More informationSystem Assurance. Beyond Detecting. Vulnerabilities. Djenana Campara. Nikolai Mansourov
System Assurance Beyond Detecting Vulnerabilities Nikolai Mansourov Djenana Campara ELSEVIER AMSTERDAM BOSTON HEIDELBERG LONDON NEW YORK OXFORD PARIS SAN DIEGO SAN FRANCISCO SYDNEY TOKYO Morgan Kaufmann
More informationAdvent IM Ltd ISO/IEC 27001:2013 vs
Advent IM Ltd ISO/IEC 27001:2013 vs 2005 www.advent-im.co.uk 0121 559 6699 bestpractice@advent-im.co.uk Key Findings ISO/IEC 27001:2013 vs. 2005 Controls 1) PDCA as a main driver is now gone with greater
More informationMetadata for Component Optimisation
Metadata for Component Optimisation Olav Beckmann, Paul H J Kelly and John Darlington ob3@doc.ic.ac.uk Department of Computing, Imperial College London 80 Queen s Gate, London SW7 2BZ United Kingdom Metadata
More informationICT-SHOK Project Proposal: PROFI
ICT-SHOK Project Proposal: PROFI Full Title: Proactive Future Internet: Smart Semantic Middleware Overlay Architecture for Declarative Networking ICT-SHOK Programme: Future Internet Project duration: 2+2
More informationSýnishorn ISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 Second edition 2011-06-01 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationSecurity In A Box. Modular Security Services Offering - BFSI. A new concept to Security Services Delivery.
Modular Security Services Offering - BFSI Security In A Box A new concept to Security Services Delivery. 2017 Skillmine Technology Consulting Pvt. Ltd. The information in this document is the property
More informationRecommender System for Personalization in. Daniel Mican Nicolae Tomai
Association-Rules-Based Recommender System for Personalization in Adaptive Web-Based Applications Daniel Mican Nicolae Tomai Introduction The ability of a web application to offer personalised content
More informationThe Key Principles of Cyber Security for Connected and Automated Vehicles. Government
The Key Principles of Cyber Security for Connected and Automated Vehicles Government Contents Intelligent Transport System (ITS) & Connected and Automated Vehicle (CAV) System Security Principles: 1. Organisational
More informationMASP Chapter on Safety and Security
MASP Chapter on Safety and Security Daniel Watzenig Graz, Austria https://artemis.eu MASP Chapter on Safety & Security Daniel Watzenig daniel.watzenig@v2c2.at Francois Tuot francois.tuot@gemalto.com Antonio
More informationMODEL BASED TEST DESIGN AT UNITY
Sophia Antipolis, French Riviera 20-22 October 2015 MODEL BASED TEST DESIGN AT UNITY Marek Turski, Ilya Turshatov, Tomasz Paszek Unity Technologies All rights reserved Unity Technologies Provider of an
More informationINFORMATICS RESEARCH PROPOSAL REALTING LCC TO SEMANTIC WEB STANDARDS. Nor Amizam Jusoh (S ) Supervisor: Dave Robertson
INFORMATICS RESEARCH PROPOSAL REALTING LCC TO SEMANTIC WEB STANDARDS Nor Amizam Jusoh (S0456223) Supervisor: Dave Robertson Abstract: OWL-S as one of the web services standards has become widely used by
More informationPROGRAM SPECIFICATION INTRODUCTION
INTRODUCTION We start from: requirements specifications (made by the client) project plan financial feasibility study The comprehension of the requirements is essential Basically it is an analysis task
More informationIntroduction and Charge
GENI and Security Deborah Frincke, PNNL, co-chair Matt Bishop, UCD, co-chair Chen-Nee Chuah, UCD, community collaborator Karl Levitt, NSF, NSF co-ordinator Mike Reiter, CMU, GENI security leader and provider
More informationPatient Information Security
Patient Information Security An overview of practice and procedure UK CAB Meeting 13th April 2012 Nathan Lea Senior Research Associate CHIME, UCL Overview - Questions that have been asked What happens
More informationSECURITY SERVICES SECURITY
SECURITY SERVICES SECURITY SOLUTION SUMMARY Computacenter helps organisations safeguard data, simplify compliance and enable users with holistic security solutions With users, data and devices dispersed
More informationDIGITAL ACCOUNTANCY FORUM CYBER SESSION. Sheila Pancholi Partner, Technology Risk Assurance
DIGITAL ACCOUNTANCY FORUM CYBER SESSION Sheila Pancholi Partner, Technology Risk Assurance Section 1: The background World s biggest data breaches 10 years ago 2007 2006 accidentally published hacked inside
More informationISO/IEC INTERNATIONAL STANDARD. Information technology Security techniques Information security risk management
INTERNATIONAL STANDARD ISO/IEC 27005 First edition 2008-06-15 Information technology Security techniques Information security risk management Technologies de l'information Techniques de sécurité Gestion
More informationICT & Computing Progress Grid
ICT & Computing Progress Grid Pupil Progress ion 9 Select, Algorithms justify and apply appropriate techniques and principles to develop data structures and algorithms for the solution of problems Programming
More informationSecurity at the Digital Cocktail Party. Social Networking meets IAM
Security at the Digital Cocktail Party Social Networking meets IAM What I m going to talk about Social Networking and its benefits Social Networking is an Identity Management System But not always a very
More informationData Sharing Agreement. Between Integral Occupational Health Ltd and the Customer
Data Sharing Agreement Between Integral Occupational Health Ltd and the Customer 1. Definitions a. Customer means any person, organisation, group or entity accepted as a customer of IOH to access OH services
More informationThe Role of in Supporting On-the-fly Interoperability
The Role of Models@run.time in Supporting On-the-fly Interoperability Nelly Bencomo, Amel Bennaceur, Paul Grace, Gordon Blair, Valérie Issarny To cite this version: Nelly Bencomo, Amel Bennaceur, Paul
More informationSoftware Design Patterns. Background 1. Background 2. Jonathan I. Maletic, Ph.D.
Software Design Patterns Jonathan I. Maletic, Ph.D. Department of Computer Science Kent State University J. Maletic 1 Background 1 Search for recurring successful designs emergent designs from practice
More informationTCG activities on Mobile Security standardization. Mr. Janne Uusilehto, Nokia Chairman, TCG MPWG Embedded Security Seminar September 12, 2005
TCG activities on Mobile Security standardization Mr. Janne Uusilehto, Nokia Chairman, TCG MPWG Embedded Security Seminar September 12, 2005 1 Trusted Computing Definition Hardware and Software behave
More informationCognitive Security in the Era of Always Online. Yiannis Giokas VP R&D
Cognitive Security in the Era of Always Online Yiannis Giokas VP R&D Our Parent Company: HKT PCCW Global is an international operating division of HKT, Hong Kong s premier telecommunications service provider,
More informationSoftware Development Methodologies
Software Development Methodologies Lecturer: Raman Ramsin Lecture 3 Seminal Object-Oriented Methodologies: A Feature-Focused Review (Part 1) 1 Coad-Yourdon Two-phase introduction: Object-Oriented Analysis
More informationSystems 2020 Strategic Initiative Overview
Systems 2020 Strategic Initiative Overview Kristen Baldwin ODDR&E/Systems Engineering 13 th Annual NDIA Systems Engineering Conference San Diego, CA October 28, 2010 Oct 2010 Page-1 DISTRIBUTION STATEMENT
More informationUNCLASSIFIED. R-1 Program Element (Number/Name) PE D8Z / Software Engineering Institute (SEI) Applied Research. Prior Years FY 2013 FY 2014
Exhibit R-2, RDT&E Budget Item Justification: PB 2015 Office of Secretary Of Defense Date: March 2014 0400: Research, Development, Test & Evaluation, Defense-Wide / BA 2: COST ($ in Millions) Prior Years
More informationRealizing the Army Net-Centric Data Strategy (ANCDS) in a Service Oriented Architecture (SOA)
Realizing the Army Net-Centric Data Strategy (ANCDS) in a Service Oriented Architecture (SOA) A presentation to GMU/AFCEA symposium "Critical Issues in C4I" Michelle Dirner, James Blalock, Eric Yuan National
More informationAddressing Future Challenges in the Development of Safe and Secure Software Components The MathWorks, Inc. 1
Addressing Future Challenges in the Development of Safe and Secure Software Components 2016 The MathWorks, Inc. 1 Cybersecurity Emerging Topic in the Auto Industry Vehicle-to-Infrastructure Wifi Hotspot
More informationComposite Evaluation for Smart Cards and Similar Devices
Composite Evaluation for Smart Cards and Similar Devices ISCI-WG1 and T-Systems GEI GmbH Composite EAL Certificate 25th-27th September, 2007, page 1. What are we speaking about? Motivation Terminology
More informationCloud Security Standards
Cloud Security Standards Classification: Standard Version Number: 1-00 Status: Published Approved by (Board): University Leadership Team Approval Date: 30 January 2018 Effective from: 30 January 2018 Next
More informationWorking with Project Sonar Data in Nexpose
Working with Project Sonar Data in Nexpose 6.1.16 Release date: 03/23/2016 Working with Project Sonar in Nexpose 6.1.16 When Nexpose 5.17 was released back in October 2015, it introduced the ability to
More informationAnonymous Connections and Onion Routing
Anonymous Connections and Onion Routing David Goldschlag, Michael Reed, and Paul Syverson Center for High Assurance Computer Systems Naval Research Laboratory Washington, D.C. 1 Who is Talking to Whom?
More informationDagstuhl Seminar on Service-Oriented Computing Session Summary Cross Cutting Concerns. Heiko Ludwig, Charles Petrie
Dagstuhl Seminar on Service-Oriented Computing Session Summary Cross Cutting Concerns Heiko Ludwig, Charles Petrie Participants of the Core Group Monika Kazcmarek, University of Poznan Michael Klein, Universität
More informationWelcome Guide for KT Series Token
Welcome Guide for KT Series Token Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2012 SafeNet, Inc. All rights reserved. All attempts have been made to make the information
More informationCloud Security Standards and Guidelines
Cloud Security Standards and Guidelines V1 Document History and Reviews Version Date Revision Author Summary of Changes 0.1 May 2018 Ali Mitchell New document 1 May 2018 Ali Mitchell Approved version Review
More informationAustralian/New Zealand Standard
AS/NZS ISO/IEC 27005:2012 Australian/New Zealand Standard Information technology Security techniques Information security risk management (ISO/IEC 27005:2011, MOD) This Joint Australian/New Zealand Standard
More informationAutonomous Model of Software Architecture for Smart Grids
Autonomous Model of Software Architecture for Smart Grids Zenon Chaczko 1, Shahrzad Aslanzadeh 1, Alqarni Lulwah 1 1 University of Technology, Sydney, Faculty of Engineering and IT, Sydney, Australia Zenon.Chaczko@uts.edu.au,
More informationWorkflow Detail: Data Capture (for flat sheets and packets)
Workflow Detail: Data Capture (for flat sheets and packets) Module 6: Data Capture Task ID Task Description Explanations and Comments Resources T1 Determine extent of record level data fields to capture
More informationTowards Trustworthy Internet of Things for Mission-Critical Applications. Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things
Towards Trustworthy Internet of Things for Mission-Critical Applications Arjmand Samuel, Ph.D. Microsoft Azure - Internet of Things Internet of Things is a game changer Organizations are benefiting from
More informationOVERVIEW OF SUBJECT REQUIREMENTS
Course Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank OVERVIEW OF SUBJECT REQUIREMENTS Note: This document is intended as a guide only. Enrolling students
More informationManaging the Emerging Semantic Risks
The New Information Security Agenda: Managing the Emerging Semantic Risks Dr Robert Garigue Vice President for information integrity and Chief Security Executive Bell Canada Page 1 Abstract Today all modern
More informationIBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT
IBM Security technology and services for GDPR programs GIULIA CALIARI SECURITY ARCHITECT NOTICE Clients are responsible for ensuring their own compliance with various laws and regulations, including the
More informationAn Integrated Model for Requirements Structuring and Architecture Design
AWRE 2002 19 An Integrated Model for Requirements Structuring and Architecture Design Abstract Juha Savolainen, Tuomo Vehkomäki Nokia Research Center {Juha.Savolainen Tuomo.Vehkomäki}@nokia.com Mike Mannion
More informationAugmented SEND: Aligning Security, Privacy, and Usability. Dr. Ahmad Alsadeh Birzeit University Palestine
Augmented SEND: Aligning Security, Privacy, and Usability Dr. Ahmad Alsadeh Birzeit University Palestine Neighbor Discovery Protocol (NDP) Fundamental protocol in IPv6 suite Obtain configuration information
More informationSoftware Development Methodologies
Software Development Methodologies Lecturer: Raman Ramsin Lecture 3 Seminal Object-Oriented Methodologies: A Feature-Focused Review 1 Responsibility-Driven Design (RDD) Introduced in 1990; a UML-based
More informationAPI MANAGEMENT WITH WEBMETHODS
API MANAGEMENT WITH WEBMETHODS Subhash Ramachandran SVP, Product Management & Marketing DIGITAL TRANSFORMATION #WITHOUTCOMPROMISE 2017 Software AG. All rights reserved. WEBMETHODS API MANAGEMENT PLATFORM
More informationVulnerability Assessments and Penetration Testing
CYBERSECURITY Vulnerability Assessments and Penetration Testing A guide to understanding vulnerability assessments and penetration tests. OVERVIEW When organizations begin developing a strategy to analyze
More informationThis document is a preview generated by EVS
INTERNATIONAL STANDARD ISO/IEC 29151 First edition 2017-08 Information technology Security techniques Code of practice for personally identifiable information protection Technologies de l'information Techniques
More informationBUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE
BUILDING CYBERSECURITY CAPABILITY, MATURITY, RESILIENCE 1 WHAT IS YOUR SITUATION? Excel spreadsheets Manually intensive Too many competing priorities Lack of effective reporting Too many consultants Not
More informationCCISO Blueprint v1. EC-Council
CCISO Blueprint v1 EC-Council Categories Topics Covered Weightage 1. Governance (Policy, Legal, & Compliance) & Risk Management 1.1 Define, implement, manage and maintain an information security governance
More informationB C ISO/IEC TR TECHNICAL REPORT
TECHNICAL REPORT ISO/IEC TR 13335-3 First edition 1998-06-15 Information technology Guidelines for the management of IT Security Part 3: Techniques for the management of IT Security Technologies de l'information
More informationAn Integrated Framework for Multi-layer Certification-based Assurance
1 An Integrated Framework for Multi-layer Certification-based Assurance ACSAC 2014 - Layered Assurance Workshop New Orleans, Louisiana, USA. December 2014 Authors: Rajesh Harjani, Marcos Arjona, Javier
More informationNetwork Visibility and Segmentation
Network Visibility and Segmentation 2019 Cisco and/ or its affiliates. All rights reserved. Contents Network Segmentation A Services Approach 3 The Process of Segmentation 3 Segmentation Solution Components
More informationCERT Overview. Jeffrey J. Carpenter 2008 Carnegie Mellon University
CERT Overview Jeffrey J. Carpenter 2008 Carnegie Mellon University Software Engineering Institute Department of Defense R&D Laboratory FFRDC Created in 1984 Administered by Carnegie Mellon
More informationAADL Requirements Annex Review
Dominique Blouin Lab-STICC Université de Bretagne-Occidentale Université de Bretagne-Sud Bretagne, France 1 AADL Standards Meeting, April 23 th, 2013 Agenda Comments from Annex Document Review Motivations
More informationChapter 6 Supporting ISO Compliant ISMS Establishment with Si*
Chapter 6 Supporting ISO 27001 Compliant ISMS Establishment with Si* Abstract The establishment of an ISO 27001 security standard demands a description of the environment including its stakeholders and
More informationISO compliant verification of functional requirements in the model-based software development process
requirements in the model-based software development process Hans J. Holberg SVP Marketing & Sales, BTC Embedded Systems AG An der Schmiede 4, 26135 Oldenburg, Germany hans.j.holberg@btc-es.de Dr. Udo
More informationKenji Tei Associate Professor National Institute of Informatics, Japan
Kenji Tei Associate Professor National Institute of Informatics, Japan tei@nii.ac.jp http://researchmap.jp/teikenji/?lang=english Joint work with Moeka Tanabe, Ezequiel Castellano, Leandro Nahabedian,
More informationThe Automatic Design of Batch Processing Systems
The Automatic Design of Batch Processing Systems by Barry Dwyer, M.A., D.A.E., Grad.Dip. A thesis submitted for the degree of Doctor of Philosophy in the Department of Computer Science University of Adelaide
More informationSemantic Web Services and Cloud Platforms
Semantic Web Services and Cloud Platforms Lecture 10: Mobile Applications and Web Services module Payam Barnaghi Institute for Communication Systems (ICS) Faculty of Engineering and Physical Sciences University
More informationENISA & Cybersecurity. Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010
ENISA & Cybersecurity Dr. Udo Helmbrecht Executive Director, European Network & Information Security Agency (ENISA) 25 October 2010 Agenda Some Definitions Some Statistics ENISA & Cybersecurity Conclusions
More informationGramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.
Gramm Leach Bliley Act 15 U.S.C. 6801-6809 GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev. 11/30/2016 1 Objectives for GLBA Training GLBA Overview Safeguards Rule
More informationREFLECTIONS ON OPERATOR SUITES
REFLECTIONS ON OPERATOR SUITES FOR REFACTORING AND EVOLUTION Ralf Lämmel, VU & CWI, Amsterdam joint work with Jan Heering, CWI QUESTIONS What s the distance between refactoring and evolution? What are
More informationInternet of Things Security standards
Internet of Things Security standards Vangelis Gazis (vangelis.gazis@huawei.com) Chief Architect Security Internet of Things (IoT) Security Solution Planning & Architecture Design (SPD) Security standards
More informationLevel Access Information Security Policy
Level Access Information Security Policy INFOSEC@LEVELACCESS.COM Table of Contents Version Control... 3 Policy... 3 Commitment... 3 Scope... 4 Information Security Objectives... 4 + 1.800.889.9659 INFOSEC@LEVELACCESS.COM
More informationKPI Dictionary ABRIDGED SAMPLE. A KPI Reference Guide for Use in Performance Management. Information Technology (IT)
KPI Dictionary Information Technology (IT) A KPI Reference Guide for Use in Performance Management ABRIDGED SAMPLE Do you need a customized KPI Dictionary for your organization? Contact us - we're ready
More informationVocabulary-Driven Enterprise Architecture Development Guidelines for DoDAF AV-2: Design and Development of the Integrated Dictionary
Vocabulary-Driven Enterprise Architecture Development Guidelines for DoDAF AV-2: Design and Development of the Integrated Dictionary December 17, 2009 Version History Version Publication Date Author Description
More informationPTA. Practical Threat Analysis Calculative Tool
PTA Practical Threat Analysis Calculative Tool Welcome to Practical Threat Analysis (PTA) - a calculative threat modeling methodology and software technology that assist security consultants and analysts
More informationKen Hines, Ph.D GraniteEdge Networks
Ken Hines earned his Ph.D. in computer science at the University of Washington in 2000, by successfully defending his dissertation, which applied causal analysis to debugging heterogeneous distributed
More informationBachelor of Information Technology (Network Security)
Course information for Bachelor of Information Technology (Network Security) Course Number HE20524 Location Meadowbank Course Design The Bachelor of Information Technology (Network Security) is a three-year
More informationCHALLENGES GOVERNANCE INTEGRATION SECURITY
CLOUD SERVICES The adoption and migration to the cloud is rooted in the need for speed and flexibility in creating and managing services. These benefits are often impacted by the difficulty of enterprises
More informationSafeguarding company from cyber-crimes and other technology scams ASSOCHAM
www.pwc.com Safeguarding company from cyber-crimes and other technology scams ASSOCHAM Rahul Aggarwal - Director The new digital business ecosystem is complex and highly interconnected The new business
More informationFabrizio Patriarca. Come creare valore dalla GDPR
Fabrizio Patriarca Come creare valore dalla GDPR Disclaimer Notice: Clients are responsible for ensuring their own compliance with various laws and regulations, including the European Union General Data
More informationThe Process of Software Architecting
IBM Software Group The Process of Software Architecting Peter Eeles Executive IT Architect IBM UK peter.eeles@uk.ibm.com 2009 IBM Corporation Agenda IBM Software Group Rational software Introduction Architecture,
More informationWelcome Guide for MP-1 Token for Microsoft Windows
Welcome Guide for MP-1 Token for Microsoft Windows Protecting Your On-line Identity Authentication Service Delivery Made EASY Copyright 2013 SafeNet, Inc. All rights reserved. All attempts have been made
More informationThis tutorial has been prepared for computer science graduates to help them understand the basic-to-advanced concepts related to data mining.
About the Tutorial Data Mining is defined as the procedure of extracting information from huge sets of data. In other words, we can say that data mining is mining knowledge from data. The tutorial starts
More informationCity, University of London Institutional Repository
City Research Online City, University of London Institutional Repository Citation: Foster, H. & Spanoudakis, G. (2012). Taming the cloud: Safety, certification and compliance for software services - Keynote
More informationPSEG Nuclear Cyber Security Supply Chain Guidance
PSEG Nuclear Cyber Security Supply Chain Guidance Developed by: Jim Shank PSEG Site IT Manager & Cyber Security Program Manager Presented at Rapid 2018 by: Bob Tilton- Director Procurement PSEG Power Goals
More information10 Steps to Building an Architecture for Space Surveillance Projects. Eric A. Barnhart, M.S.
10 Steps to Building an Architecture for Space Surveillance Projects Eric A. Barnhart, M.S. Eric.Barnhart@harris.com Howard D. Gans, Ph.D. Howard.Gans@harris.com Harris Corporation, Space and Intelligence
More informationDesign. Introduction
Design Introduction a meaningful engineering representation of some software product that is to be built. can be traced to the customer's requirements. can be assessed for quality against predefined criteria.
More informationUNCLASSIFIED R-1 ITEM NOMENCLATURE FY 2013 OCO
Exhibit R-2, RDT&E Budget Item Justification: PB 2013 Office of Secretary Of Defense DATE: February 2012 COST ($ in Millions) FY 2011 FY 2012 Base OCO Total FY 2014 FY 2015 FY 2016 FY 2017 Cost To Complete
More information