M Software management
|
|
- Duane McKinney
- 6 years ago
- Views:
Transcription
1 M Software anageent This docuent is part of the UCISA Inforation Security Toolkit providing guidance on the policies and processes needed to ipleent an organisational inforation security policy. To use the Toolkit effectively it should be read alongside the Toolkit Introduction and the How to use guide and then used to develop appropriate inforation security eleents for inclusion in your organisation s policies. 1. Introduction The Software Manageent Policy sets out how the software which runs on the organisation s inforation systes is anaged. The policy includes controls on the installation and use of software, the features provided and the granting of access to software packages. In addition, it covers the aintenance of software, with appropriate procedures for upgrades, to iniise the risk to inforation and inforation systes. The policy should be failiar to all staff involved in the specification, installation and aintenance of software. 2. BS 7799 definitions and nubering Software anageent issues relating to inforation security are covered by sections , 12.1 and 12.5 of the standards docuent Protection against alicious and obile code Objective: To protect the integrity of software and inforation against obile code Where the use of obile code is authorized, the configuration shall ensure that the authorized obile code operates according to a clearly defined security policy, and unauthorized obile code shall be prevented fro executing Security requireents of inforation systes Objective: To ensure that security is an integral part of inforation systes Security requireents analysis and specification Stateents of business requireents for new inforation systes, or enhanceents to existing inforation systes shall specify the requireents for security controls Security in developent and support processes Objective: To aintain the security of application syste software and inforation Change control procedures The ipleentation of changes shall be controlled by the use of foral change control procedures Technical review of applications after operating syste changes When operating systes are changed, business critical applications shall be reviewed and tested to ensure there is no adverse ipact on organisational operations or security Restrictions on changes to software packages Modifications to software packages shall be discouraged, liited to necessary changes, and all changes shall be strictly controlled Inforation leakage Opportunities for inforation leakage shall be prevented. s o f t w a r e a n a g e e n t 118
2 3. Interrelationship between policies in this docuent and related BS 7799 references In this Toolkit, each subsection addresses a nuber of software anageent controls fro the standard. All of the controls in section 12.1 of the standards docuent are covered, as are control and the controls to in section Toolkit subsection Security anageent Change control Packaged software/systes Malicious and obile code Control(s) Security requireents analysis and specification Change control procedures Technical review of applications after operating syste changes Restrictions on changes to software packages against obile code Inforation leakage 4. Guidelines for use Security requireents analysis and specification Stateents of business requireents for new systes, or enhanceents to existing systes, ust docuent the requireents for security controls. It is iportant that inforation security issues are considered fro the outset of each developent project and an analysis of security requireents ust be carried out at the requireent analysis stage. Often, specifications focus on the autoated controls to be incorporated in the application but the need for controls in the associated anual operations should also be considered. Security requireents and controls should reflect the business value of the inforation assets involved, and the potential business daage that ight result fro a failure, absence or inadequacy of security. These considerations should be applied when evaluating all software for use in business processes and appropriate security controls ust be designed into application systes. Change control For all software that can access or use sensitive inforation, foral change control procedures should be established if inforation security is to be protected. Change control procedures should ensure that security and control procedures are not coproised, that staff are given access only to those parts of the syste that are necessary for their work, and that foral interdisciplinary agreeent and approval for the change is obtained. The change control procedures for operating syste upgrades should include a need for any supported applications to be reviewed and tested to check the security ipact of any changes. Packaged software Wherever possible, vendor-supplied software packages should be used without odification. Changes should be discouraged, but where they are seen to be necessary, the changes should be strictly controlled with the risks to inforation security fully assessed. Such changes usually iply a need for changes to future versions of the package and the ongoing support iplications need to be quantified. All changes should be fully docuented and the inforation assets afforded the necessary security protection. Malicious and obile code Malicious software includes software such as viruses, Trojans, back-doors and spyware and these ight be introduced during the ipleentation of new or upgraded software. Because of the potential security threat of such software, controls are needed to inhibit its introduction. Mobile code consists of progras, often in the for of scripts or applets, that are downloaded across the network to run on a local achine and have the potential to be alicious. The purchase, downloading, use, ipleentation or odification of any software that ight run on any syste supporting business applications, or any software that ight be used in an operational process, ust be controlled and checked to ensure that the organisation s inforation is suitably protected against such software. u c i s a i n f o r a t i o n s e c u r i t y t o o l k i t e d i t i o n 3. 0
3 5. Security anageent i. Suggested Policy Stateent The organisation s business applications are to be anaged by suitably trained and qualified staff to oversee their day to day running and to preserve security and integrity in collaboration with noinated individual application owners. All business application staff shall be given relevant training in inforation security issues. All business applications require ongoing anageent and the anagers will be responsible for overseeing their day to day running. The anageent of business applications necessarily involves a significant aount of security related work. A anager who lacks the relevant knowledge, experience, and training ight ake errors that cost the organisation dearly. Inappropriate control over access to a business application threatens the confidentiality and integrity of inforation. The high degree of discretion inherent in the anager s job in itself poses a security threat. Inadequate capacity or inappropriate configuration can ake efficient operation difficult or ipossible. Slow or inadequate response tie ipedes business processing. ii. Suggested Policy Stateent The procureent or ipleentation of new, or upgraded, software ust be carefully planned and anaged and any developent for or by the organisation ust always follow a foralised developent process. Inforation security risks associated with such projects ust be itigated using a cobination of procedural and technical controls. All organisations will, fro tie to tie, consider replacing or upgrading the applications that support their business processes. The procedures required to carry out the ipleentation or upgrade need to be properly anaged if security is not to be coproised. Where a new syste is inadequately tested, it can result in substantial daage to the business processes that rely on it and to the data it processes. Considering security requireents of a syste as an afterthought ay expose the organisation to loss or fraud. Inadequate training for both technical and user staff can result in costly errors in inforation content and in business processing. This ay coproise other systes that rely on the. iii. Suggested Policy Stateent Business requireents for new software or enhanceent of existing software shall specify the requireents for inforation security controls. An analysis of security requireents ust be carried out at the requireents analysis stage of each developent project and appropriate security controls ust be designed into both the application systes and the operational procedures being supported. Security controls should reflect the value of the inforation assets involved. These considerations should also be applied when evaluating software packages for business applications. In general, the business case for a bespoke developent ust be very strong to reject the selection of a suitable packaged solution. s o f t w a r e a n a g e e n t 120
4 6. Change control iv. Suggested Policy Stateent Foral change control procedures, with coprehensive audit trails, ust be used for all changes or upgrades to business software. All changes ust be properly authorised and all software, including that which interacts with the aended software, ust be tested before changes are oved to the live environent. All software needs to be updated periodically and, whether it is a inor change or ajor upgrade, the inforation security issues need to be actively addressed with safeguards to protect the live operations of the organisation. Change control ensures that all changes are analysed, authorised, fully tested and docuented before being ade available for live or operational use. Procedures should include rules for anaging all inforation assets including progra source, operational libraries, old versions and test environents. When an operating syste is upgraded, the supported applications should be reviewed to ensure that there is no adverse ipact on security. If foral change control procedures are not ipleented, it can be very difficult to anage changes on a prioritised basis. Insufficient testing of new software can result in errors that disrupt operational systes or corrupt files. Any aendent to your systes, even seeingly harless ones, can result in inforation security weaknesses. Unless carefully anaged, what begins as a inor odification can igrate into inforal systes developent effort, but with none of the necessary controls. Where prograers work independently, without anageent supervision, poor or alicious code could be copied into the source with alicious or fraudulent intent. Software under developent can becoe confused with operational software and potentially disrupt live operations. Conversely, old versions of progras can be confused with the latest version, resulting in either the loss of recent enhanceents or a failure of other systes, which depend on recent features. 7. Package software/systes v. Suggested Policy Stateent Modifications to vendor supplied software shall be discouraged, only strictly controlled essential changes shall be peritted and the developent of interfacing software shall only be undertaken in a planned and controlled anner. Modifications to vendor supplied software can lead to unforeseen security issues and ongoing inforation security aintenance overheads when future versions are ipleented. Interfacing of such systes with other business applications, by transferring inforation between the, is usually required. Such processes can put data at significant risk. The purchase of a new syste ay have been agreed based on the apparent ease of interfacing to current syste(s). Interfacing probles can result in substantial delays and even cause entire projects to fail, especially where coplex data anipulation is required. Where an interface progra is required to reforat the data to eet the needs of the target syste, such data anipulation poses a risk of data odification (possibly aliciously) and, thereby, inaccurate processing. Teporary files, created by interface progra processing and saved in a teporary location, ight contain sensitive data which unauthorised persons ight access, thus coproising the confidentiality of inforation. u c i s a i n f o r a t i o n s e c u r i t y t o o l k i t e d i t i o n 3. 0
5 8. Malicious and obile code vi. Suggested Policy Stateent The ipleentation, use or odification of all software on the organisation s business systes shall be controlled. All software shall be checked before ipleentation to protect against alicious code. When ipleenting new or odified software there are risks of unintentionally introducing viruses, Trojans, spyware or other alicious software that will pose significant inforation security risks. It is iportant that all software is subject to appropriate checking before ipleentation and that no software is introduced in an ad hoc anner. vii. Suggested Policy Stateent The need for systes to support obile code (applets, scripts, etc.) shall be reviewed. Where the use of obile code is necessary, the environent shall be configured so as to restrict its ability to har inforation or other applications. Mobile code consists of progras, often in the for of scripts or applets, that are downloaded across the network and run on a local achine. It can provide useful functions, for exaple in web pages or as part of iddleware, however it also provides a route by which alicious or unintended functions can be dynaically installed on coputers. Most applications that support obile code allow it to be isolated to soe degree fro the surrounding coputer and network by restricting the functions it can perfor. Such configuration options should be enabled wherever possible. It ay also be possible to use firewalls to restrict the passage of obile code into and out of sensitive areas. Specien Inforation Security Eleents of a Software Manageent Policy The organisation s business applications are to be anaged by suitably trained and qualified staff to oversee their day to day running and to preserve security and integrity in collaboration with noinated individual application owners. All business application staff shall be given relevant training in inforation security issues. The procureent or ipleentation of new, or upgraded, software ust be carefully planned and anaged and any developent for or by the organisation ust always follow a foralised developent process. Inforation security risks associated with such projects ust be itigated using a cobination of procedural and technical controls. Business requireents for new software or enhanceent of existing software shall specify the requireents for inforation security controls. Foral change control procedures, with coprehensive audit trails, ust be used for all changes or upgrades to business software. All changes ust be properly authorised and all software, including that which interacts with the aended software, ust be tested before changes are oved to the live environent. Modifications to vendor supplied software shall be discouraged, only strictly controlled essential changes shall be peritted and the developent of interfacing software shall only be undertaken in a planned and controlled anner. The ipleentation, use or odification of all software on the organisation s business systes shall be controlled. All software shall be checked before ipleentation to protect against alicious code. The need for systes to support obile code (applets, scripts, etc.) shall be reviewed. Where the use of obile code is necessary, the environent shall be configured so as to restrict its ability to har inforation or other applications. These specien policy eleents are intended only as a guide and should be adapted for individual organisations. The ipleentation of a software anageent policy will also require the developent of processes and procedures. To satisfy an external party, such as an auditor, that the policy has been fully ipleented will require docuentary evidence of these. s o f t w a r e a n a g e e n t 122
Controls Electronic messaging Information involved in electronic messaging shall be appropriately protected.
I Use of computers This document is part of the UCISA Information Security Toolkit providing guidance on the policies and processes needed to implement an organisational information security policy. To
More informationDefining and Surveying Wireless Link Virtualization and Wireless Network Virtualization
1 Defining and Surveying Wireless Link Virtualization and Wireless Network Virtualization Jonathan van de Belt, Haed Ahadi, and Linda E. Doyle The Centre for Future Networks and Counications - CONNECT,
More informationDesign and Implementation of Business Logic Layer Object-Oriented Design versus Relational Design
Design and Ipleentation of Business Logic Layer Object-Oriented Design versus Relational Design Ali Alharthy Faculty of Engineering and IT University of Technology, Sydney Sydney, Australia Eail: Ali.a.alharthy@student.uts.edu.au
More informationTARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS
Target2-Securities Project Team TARGET2-SECURITIES INFORMATION SECURITY REQUIREMENTS Reference: T2S-07-0270 Date: 09 October 2007 Version: 0.1 Status: Draft Target2-Securities - User s TABLE OF CONTENTS
More informationStructuring Business Metadata in Data Warehouse Systems for Effective Business Support
Structuring Business Metadata in Data Warehouse Systes for Effective Business Support arxiv:cs/0110020v1 [cs.db] 8 Oct 2001 N.L. Sarda Departent of Coputer Science and Engineering Indian Institute of Technology
More informationAuthor. Published. Journal Title DOI. Copyright Statement. Downloaded from. Griffith Research Online. Kandjani, Hadi, Wen, Larry, Bernus, Peter
Enterprise Architecture Cybernetics for Global Mining Projects: Reducing the Structural Coplexity of Global Mining Supply Networks via Virtual Brokerage Author Kandjani, Hadi, Wen, Larry, Bernus, Peter
More informationcm3520 cm3525 Security Function
wwwiagisticsco c3520 c3525 Security Function Contents Contents 1 Security 11 Introduction 1-2 12 Tradearks and Registered Tradearks 1-2 13 Copliance with the ISO15408 Standard 1-2 14 Operating Precautions1-2
More informationCarving Differential Unit Test Cases from System Test Cases
Carving Differential Unit Test Cases fro Syste Test Cases Sebastian Elbau, Hui Nee Chin, Matthew B. Dwyer, Jonathan Dokulil Departent of Coputer Science and Engineering University of Nebraska - Lincoln
More informationFlucs: Artificial Lighting & Daylighting. IES Virtual Environment
Flucs: Artificial Lighting & Daylighting IES Virtual Environent Contents 1. General Description of the FLUCS Interface... 6 1.1. Coon Controls... 6 1.2. Main Application Window... 6 1.3. Other Windows...
More informationAnnexure- (Modified) 07
RFP for Selection of Service Provider for Panchdeep O&M (Annexure-07) Annexure- (Modified) 07 Profile of Software Manpower required for nology proveent, Additional Software Functionalities Developent Change
More informationMAPPING THE DATA FLOW MODEL OF COMPUTATION INTO AN ENHANCED VON NEUMANN PROCESSOR * Peter M. Maurer
MAPPING THE DATA FLOW MODEL OF COMPUTATION INTO AN ENHANCED VON NEUMANN PROCESSOR * Peter M. Maurer Departent of Coputer Science and Engineering University of South Florida Tapa, FL 33620 Abstract -- The
More informationMapping Data in Peer-to-Peer Systems: Semantics and Algorithmic Issues
Mapping Data in Peer-to-Peer Systes: Seantics and Algorithic Issues Anastasios Keentsietsidis Marcelo Arenas Renée J. Miller Departent of Coputer Science University of Toronto {tasos,arenas,iller}@cs.toronto.edu
More informationEnergy-Efficient Disk Replacement and File Placement Techniques for Mobile Systems with Hard Disks
Energy-Efficient Disk Replaceent and File Placeent Techniques for Mobile Systes with Hard Disks Young-Jin Ki School of Coputer Science & Engineering Seoul National University Seoul 151-742, KOREA youngjk@davinci.snu.ac.kr
More informationVerifying the structure and behavior in UML/OCL models using satisfiability solvers
IET Cyber-Physical Systes: Theory & Applications Review Article Verifying the structure and behavior in UML/OCL odels using satisfiability solvers ISSN 2398-3396 Received on 20th October 2016 Revised on
More informationI-0 Introduction. I-1 Introduction. Objectives: Quote:
I-0 Introduction Objectives: Explain necessity of parallel/ultithreaded algoriths Describe different fors of parallel processing Present coonly used architectures Introduce a few basic ters Coents: Try
More informationSecure Wireless Multihop Transmissions by Intentional Collisions with Noise Wireless Signals
Int'l Conf. Wireless etworks ICW'16 51 Secure Wireless Multihop Transissions by Intentional Collisions with oise Wireless Signals Isau Shiada 1 and Hiroaki Higaki 1 1 Tokyo Denki University, Japan Abstract
More informationVodafone MachineLink. Port Forwarding / DMZ Configuration Guide
Vodafone MachineLink Port Forwarding / DMZ Configuration Guide Docuent history This guide covers the following products: Vodafone MachineLink 3G (NWL-10) Vodafone MachineLink 3G Plus (NWL-12) Vodafone
More informationImprove Peer Cooperation using Social Networks
Iprove Peer Cooperation using Social Networks Victor Ponce, Jie Wu, and Xiuqi Li Departent of Coputer Science and Engineering Florida Atlantic University Boca Raton, FL 33431 Noveber 5, 2007 Corresponding
More informationQUERY ROUTING OPTIMIZATION IN SENSOR COMMUNICATION NETWORKS
QUERY ROUTING OPTIMIZATION IN SENSOR COMMUNICATION NETWORKS Guofei Jiang and George Cybenko Institute for Security Technology Studies and Thayer School of Engineering Dartouth College, Hanover NH 03755
More informationDevelopment of an Integrated Cost Estimation and Cost Control System for Construction Projects
ABSTRACT Developent of an Integrated Estiation and Control Syste for Construction s by Salan Azhar, Syed M. Ahed and Aaury A. Caballero Florida International University 0555 W. Flagler Street, Miai, Florida
More informationDRAFT Master List of WMS Roles and Permissions DRAFT Last updated 8/1/2012
DRAFT Master List of WMS Roles and Perissions DRAFT Last updated 8/1/2012 Roles Acq adin 3 KB adin 31 Acq order staff 3 KB staff 31 Acq receive staff 3 KB supervisor 31 Acq senior staff 3 Network delivery
More informationDifferent criteria of dynamic routing
Procedia Coputer Science Volue 66, 2015, Pages 166 173 YSC 2015. 4th International Young Scientists Conference on Coputational Science Different criteria of dynaic routing Kurochkin 1*, Grinberg 1 1 Kharkevich
More informationEnhancing Real-Time CAN Communications by the Prioritization of Urgent Messages at the Outgoing Queue
Enhancing Real-Tie CAN Counications by the Prioritization of Urgent Messages at the Outgoing Queue ANTÓNIO J. PIRES (1), JOÃO P. SOUSA (), FRANCISCO VASQUES (3) 1,,3 Faculdade de Engenharia da Universidade
More informationShortest Path Determination in a Wireless Packet Switch Network System in University of Calabar Using a Modified Dijkstra s Algorithm
International Journal of Engineering and Technical Research (IJETR) ISSN: 31-869 (O) 454-4698 (P), Volue-5, Issue-1, May 16 Shortest Path Deterination in a Wireless Packet Switch Network Syste in University
More informationA New Generic Model for Vision Based Tracking in Robotics Systems
A New Generic Model for Vision Based Tracking in Robotics Systes Yanfei Liu, Ada Hoover, Ian Walker, Ben Judy, Mathew Joseph and Charly Heranson lectrical and Coputer ngineering Departent Cleson University
More information1 Extended Boolean Model
1 EXTENDED BOOLEAN MODEL It has been well-known that the Boolean odel is too inflexible, requiring skilful use of Boolean operators to obtain good results. On the other hand, the vector space odel is flexible
More informationClosing The Performance Gap between Causal Consistency and Eventual Consistency
Closing The Perforance Gap between Causal Consistency and Eventual Consistency Jiaqing Du Călin Iorgulescu Aitabha Roy Willy Zwaenepoel EPFL ABSTRACT It is well known that causal consistency is ore expensive
More informationCyber risk management into the ISM Code
Building trust. Shaping Safety No. Subject: Cyber risk management into the ISM Code To: insb auditors/managing companies IMO Resolution incorporates maritime cyber risk management into the ISM Code making
More information6.1 Topological relations between two simple geometric objects
Chapter 5 proposed a spatial odel to represent the spatial extent of objects in urban areas. The purpose of the odel, as was clarified in Chapter 3, is ultifunctional, i.e. it has to be capable of supplying
More informationA Practical Introduction to ATLAS
A Practical Introduction to ATLAS Christophe Laprun, Jonathan G. Fiscus, John Garofolo, Sylvain Pajot National Institute of Standards and Technology 100 Bureau Drive Mail Stop 8940 Gaithersburg, MD 20899-8940
More informationDesign Optimization of Mixed Time/Event-Triggered Distributed Embedded Systems
Design Optiization of Mixed Tie/Event-Triggered Distributed Ebedded Systes Traian Pop, Petru Eles, Zebo Peng Dept. of Coputer and Inforation Science, Linköping University {trapo, petel, zebpe}@ida.liu.se
More informationGUIDELINES ON MARITIME CYBER RISK MANAGEMENT
E 4 ALBERT EMBANKMENT LONDON SE1 7SR Telephone: +44 (0)20 7735 7611 Fax: +44 (0)20 7587 3210 GUIDELINES ON MARITIME CYBER RISK MANAGEMENT MSC-FAL.1/Circ.3 5 July 2017 1 The Facilitation Committee, at its
More informationNON-RIGID OBJECT TRACKING: A PREDICTIVE VECTORIAL MODEL APPROACH
NON-RIGID OBJECT TRACKING: A PREDICTIVE VECTORIAL MODEL APPROACH V. Atienza; J.M. Valiente and G. Andreu Departaento de Ingeniería de Sisteas, Coputadores y Autoática Universidad Politécnica de Valencia.
More informationComputer Security Policy
Administration and Policy: Computer usage policy B 0.2/3 All systems Computer and Rules for users of the ECMWF computer systems May 1995 Table of Contents 1. The requirement for computer security... 1
More informationAnalysing Real-Time Communications: Controller Area Network (CAN) *
Analysing Real-Tie Counications: Controller Area Network (CAN) * Abstract The increasing use of counication networks in tie critical applications presents engineers with fundaental probles with the deterination
More informationTHE rapid growth and continuous change of the real
IEEE TRANSACTIONS ON SERVICES COMPUTING, VOL. 8, NO. 1, JANUARY/FEBRUARY 2015 47 Designing High Perforance Web-Based Coputing Services to Proote Teleedicine Database Manageent Syste Isail Hababeh, Issa
More informationThe Henryk Niewodniczański INSTITUTE OF NUCLEAR PHYSICS Polish Academy of Sciences ul. Radzikowskiego 152, Kraków
The Henryk Niewodniczański INSTITUT OF NUCLAR PHYSICS Polish Acadey of Sciences ul. Radzikowskiego 152, 31-342 Kraków www.ifj.edu.pl/reports/2005.htl Kraków, October 2005 Report No. 1968/D The theroluinescence
More informationRelief shape inheritance and graphical editor for the landscape design
Relief shape inheritance and graphical editor for the landscape design Egor A. Yusov Vadi E. Turlapov Nizhny Novgorod State University after N. I. Lobachevsky Nizhny Novgorod Russia yusov_egor@ail.ru vadi.turlapov@cs.vk.unn.ru
More informationA Beam Search Method to Solve the Problem of Assignment Cells to Switches in a Cellular Mobile Network
A Bea Search Method to Solve the Proble of Assignent Cells to Switches in a Cellular Mobile Networ Cassilda Maria Ribeiro Faculdade de Engenharia de Guaratinguetá - DMA UNESP - São Paulo State University
More informationSherlock is Around: Detecting Network Failures with Local Evidence Fusion
Sherlock is Around: Detecting Network Failures with Local Evidence Fusion Qiang Ma, Kebin Liu 2, Xin Miao, Yunhao Liu,2 Departent of Coputer Science and Engineering, Hong Kong University of Science and
More informationIdentifying Converging Pairs of Nodes on a Budget
Identifying Converging Pairs of Nodes on a Budget Konstantina Lazaridou Departent of Inforatics Aristotle University, Thessaloniki, Greece konlaznik@csd.auth.gr Evaggelia Pitoura Coputer Science and Engineering
More informationNode +key : int +left : Node +right : Node. root where m is either 0..1, 0..*, or * Node +key : int +left : Node +right : Node 0..
Question 1: è12 pointsè CISC323 Midter Exa Saple Solution March 19, 2003 J. Dingel Consider the following code fragent for ipleenting binary search trees. class BinSearchTree í public Node root;... í class
More informationGuidelines. on the security measures for operational and security risks of payment services under Directive (EU) 2015/2366 (PSD2) EBA/GL/2017/17
GUIDELINES ON SECURITY MEASURES FOR OPERATIONAL AND SECURITY RISKS UNDER EBA/GL/2017/17 12/01/2018 Guidelines on the security measures for operational and security risks of payment services under Directive
More informationDesigning High Performance Web-Based Computing Services to Promote Telemedicine Database Management System
Designing High Perforance Web-Based Coputing Services to Proote Teleedicine Database Manageent Syste Isail Hababeh 1, Issa Khalil 2, and Abdallah Khreishah 3 1: Coputer Engineering & Inforation Technology,
More informationRule Extraction using Artificial Neural Networks
Rule Extraction using Artificial Neural Networks S. M. Karuzzaan 1 Ahed Ryadh Hasan 2 Abstract Artificial neural networks have been successfully applied to a variety of business application probles involving
More informationMultipath Selection and Channel Assignment in Wireless Mesh Networks
Multipath Selection and Channel Assignent in Wireless Mesh Networs Soo-young Jang and Chae Y. Lee Dept. of Industrial and Systes Engineering, KAIST, 373-1 Kusung-dong, Taejon, Korea Tel: +82-42-350-5916,
More informationRequirements for IT Infrastructure
Requirements for IT Infrastructure This information contained in this document is taken from the NCSC Website directly via: https://www.cyberessentials.ncsc.gov.uk/requirements-for-it-infrastructure.html
More informationAn Architecture for a Distributed Deductive Database System
IEEE TENCON '93 / B eih An Architecture for a Distributed Deductive Database Syste M. K. Mohania N. L. Sarda bept. of Coputer Science and Engineering, Indian Institute of Technology, Bobay 400 076, INDIA
More informationInformation Security Incident
Good Practice Guide Author: A Heathcote Date: 22/05/2017 Version: 1.0 Copyright 2017 Health and Social Care Information Centre. The Health and Social Care Information Centre is a non-departmental body
More informationA Generic Architecture for Programmable Trac. Shaper for High Speed Networks. Krishnan K. Kailas y Ashok K. Agrawala z. fkrish,
A Generic Architecture for Prograable Trac Shaper for High Speed Networks Krishnan K. Kailas y Ashok K. Agrawala z fkrish, agrawalag@cs.ud.edu y Departent of Electrical Engineering z Departent of Coputer
More informationPROGRAMMING SOLUTIONS FOR ENCODERS AND INCLINATION SENSORS
PROGRAMMING SOLUTIONS FOR ENCODERS AND INCLINATION SENSORS Configuration using a handheld device, coputer, control unit, web server or DIP switch PROGRAMMING SOLUTIONS FOR ENCODERS AND INCLINATION SENSORS
More informationTensorFlow and Keras-based Convolutional Neural Network in CAT Image Recognition Ang LI 1,*, Yi-xiang LI 2 and Xue-hui LI 3
2017 2nd International Conference on Coputational Modeling, Siulation and Applied Matheatics (CMSAM 2017) ISBN: 978-1-60595-499-8 TensorFlow and Keras-based Convolutional Neural Network in CAT Iage Recognition
More informationCollaborative Web Caching Based on Proxy Affinities
Collaborative Web Caching Based on Proxy Affinities Jiong Yang T J Watson Research Center IBM jiyang@usibco Wei Wang T J Watson Research Center IBM ww1@usibco Richard Muntz Coputer Science Departent UCLA
More informationFacilities Study for XXXXXXXXXXXX 50 MW PV
Final Report on the Facilities Study for XXXXXXXXXXXX 50 MW PV Project No. 67270 July 2012 Facilities Study for XXXXXXXXXXXX 50 MW PV Prepared for Copany El Paso, Texas July 2012 Project No. 67270 Prepared
More informationIT risks and controls
Università degli Studi di Roma "Tor Vergata" Master of Science in Business Administration Business Auditing Course IT risks and controls October 2018 Agenda I IT GOVERNANCE IT evolution, objectives, roles
More informationSolving the Damage Localization Problem in Structural Health Monitoring Using Techniques in Pattern Classification
Solving the Daage Localization Proble in Structural Health Monitoring Using Techniques in Pattern Classification CS 9 Final Project Due Dec. 4, 007 Hae Young Noh, Allen Cheung, Daxia Ge Introduction Structural
More informationISO27001 Preparing your business with Snare
WHITEPAPER Complying with ISO27001 Preparing your business with Snare T he technical controls imposed by ISO (International Organisation for Standardization) Standard 27001 cover a wide range of security
More informationM a c intosh Cyr i l lic Lang u age Ki t. Installation and User s Manual Manuel d installation et d u t i l i s a t i o n
apple M a c intosh Cyr i l lic Lang u age Ki t Installation and User s Manual Manuel d installation et d u t i l i s a t i o n K Apple Coputer, Inc. This anual and the software described in it are copyrighted
More informationAPPLICATION NOTE #175
APPLICATION NOTE #175 INTRODUCTION Application Note #175 suppleents the recoended protection circuitry discussions currently found in Ceretek product data sheets. The contents of Application Note #175
More informationREVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009
APPENDIX 1 REVIEW OF MANAGEMENT AND OVERSIGHT OF THE INTEGRATED BUSINESS MANAGEMENT SYSTEM (IBMS) January 16, 2009 Auditor General s Office Jeffrey Griffiths, C.A., C.F.E. Auditor General City of Toronto
More informationA Soft Real-time Scheduling Server on the Windows NT
A Soft Real-tie Scheduling Server on the Windows NT Chih-han Lin, Hao-hua Chu, Klara Nahrstedt Departent of Coputer Science University of Illinois at Urbana Chapaign clin2, h-chu3, klara@cs.uiuc.edu Abstract
More informationISO/IEC Solution Brief ISO/IEC EventTracker 8815 Centre Park Drive, Columbia MD 21045
Solution Brief 8815 Centre Park Drive, Columbia MD 21045 About delivers business critical software and services that transform high-volume cryptic log data into actionable, prioritized intelligence that
More informationNews Events Clustering Method Based on Staging Incremental Single-Pass Technique
News Events Clustering Method Based on Staging Increental Single-Pass Technique LI Yongyi 1,a *, Gao Yin 2 1 School of Electronics and Inforation Engineering QinZhou University 535099 Guangxi, China 2
More informationOn the Accuracy of MANET Simulators
On the ccuracy of MNT Siulators avid avin david.cavin@epfl.ch Yoav Sasson yoav.sasson@epfl.ch istributed Systes Laboratory cole Polytechnique Fédérale de Lausanne (PFL) H-115 Lausanne ndré Schiper andre.schiper@epfl.ch
More informationReal-Time Detection of Invisible Spreaders
Real-Tie Detection of Invisible Spreaders MyungKeun Yoon Shigang Chen Departent of Coputer & Inforation Science & Engineering University of Florida, Gainesville, FL 3, USA {yoon, sgchen}@cise.ufl.edu Abstract
More informationInternet copy. EasyGo security policy. Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement
EasyGo security policy Annex 1.3 to Joint Venture Agreement Toll Service Provider Agreement This copy of the document was published on and is for information purposes only. It may change without further
More informationInnovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection
Florida International University FIU Digital Coons FIU Electronic Theses and Dissertations University Graduate School 3--06 Innovative Two-Stage Fuzzy Classification for Unknown Intrusion Detection Xueyan
More informationThe Application of Bandwidth Optimization Technique in SLA Negotiation Process
The Application of Bandwidth Optiization Technique in SLA egotiation Process Srećko Krile University of Dubrovnik Departent of Electrical Engineering and Coputing Cira Carica 4, 20000 Dubrovnik, Croatia
More informationDatabase Design on Mechanical Equipment Operation Management System Zheng Qiu1, Wu kaiyuan1, Wu Chengyan1, Liu Lei2
2nd International Conference on Advances in Mechanical Engineering and Industrial Inforatics (AMEII 206) Database Design on Mechanical Equipent Manageent Syste Zheng Qiu, Wu kaiyuan, Wu Chengyan, Liu Lei2
More informationOn the Computation and Application of Prototype Point Patterns
On the Coputation and Application of Prototype Point Patterns Katherine E. Tranbarger Freier 1 and Frederic Paik Schoenberg 2 Abstract This work addresses coputational probles related to the ipleentation
More informationControl Message Reduction Techniques in Backward Learning Ad Hoc Routing Protocols
Control Message Reduction Techniques in Backward Learning Ad Hoc Routing Protocols Navodaya Garepalli Kartik Gopalan Ping Yang Coputer Science, Binghaton University (State University of New York) Contact:
More informationAnnual Report on the Status of the Information Security Program
October 2, 2014 San Bernardino County Employees Retirement Association 348 W. Hospitality Lane, Third Floor San Bernardino, CA 92415-0014 1 Table of Contents I. Executive Summary... 3 A. Overview... 3
More informationComparing Techniques by Means of Encapsulation and onnascence
rusuur lt suaries and Meilir Page-Jones Coparing Techniques by Means of Encapsulation and onnascence oday the object-oriented approach to software developent is at the height of fashion. As such, it threatens
More informationDetection of Outliers and Reduction of their Undesirable Effects for Improving the Accuracy of K-means Clustering Algorithm
Detection of Outliers and Reduction of their Undesirable Effects for Iproving the Accuracy of K-eans Clustering Algorith Bahan Askari Departent of Coputer Science and Research Branch, Islaic Azad University,
More informationThe Flaw Attack to the RTS/CTS Handshake Mechanism in Cluster-based Battlefield Self-organizing Network
The Flaw Attack to the RTS/CTS Handshake Mechanis in Cluster-based Battlefield Self-organizing Network Zeao Zhao College of Counication Engineering, Hangzhou Dianzi University, Hangzhou 310018, China National
More informationST. VINCENT AND THE GRENADINES
ST. VINCENT AND THE GRENADINES MARITIME ADMINISTRATION CIRCULAR N ISM 014 MARITIME CYBER RISK MANAGEMENT MSC.1/CIRC.1526, MSC-FAL.1/CIRC.3, RESOLUTION MSC.428 (98) TO: APPLICABLE TO: SHIPOWNERS, SHIPS
More informationAn Efficient Approach for Content Delivery in Overlay Networks
An Efficient Approach for Content Delivery in Overlay Networks Mohaad Malli, Chadi Barakat, Walid Dabbous Projet Planète, INRIA-Sophia Antipolis, France E-ail:{alli, cbarakat, dabbous}@sophia.inria.fr
More informationA Measurement-Based Model for Parallel Real-Time Tasks
A Measureent-Based Model for Parallel Real-Tie Tasks Kunal Agrawal 1 Washington University in St. Louis St. Louis, MO, USA kunal@wustl.edu https://orcid.org/0000-0001-5882-6647 Sanjoy Baruah 2 Washington
More informationEUROPEAN ETS TELECOMMUNICATION August 1995 STANDARD
EUROPEAN ETS 300 428 TELECOMMUNICATION August 1995 STANDARD Source: ETSI TC-NA Reference: DE/NA-052619 ICS: 33.040 Key words: B-ISDN, ATM Broadband Integrated Services Digital Network (B-ISDN); Asynchronous
More informationGeneralised Mixin-based Inheritance to Support Multiple Inheritance
Vrije Universiteit russel Faculteit Wetenschappen VRIJE UNIVERSITEIT RUSSEL SCI EN T I V INCERE T ENE R S Generalised Mixin-based Inheritance to Support Multiple Inheritance Niels oyen, Carine Lucas, Patrick
More informationA verifiable architecture for multi-task, multi-rate synchronous software
A verifiable architecture for ulti-task, ulti-rate synchronous software A. Jean-Louis Caus,Pierre Vincent, Olivier Graff 2, Sebastien Poussard 2 : Esterel Technologies, 9 rue Michel Labrousse 300 Toulouse
More informationA Low-Cost Multi-Failure Resilient Replication Scheme for High Data Availability in Cloud Storage
216 IEEE 23rd International Conference on High Perforance Coputing A Low-Cost Multi-Failure Resilient Replication Schee for High Data Availability in Cloud Storage Jinwei Liu* and Haiying Shen *Departent
More information(54) OPENING UNSUPPORTED FILE TYPES (52) US. Cl. THROUGH REMOTING SESSIONS CPC... G06F 17/30174 ( )
US 20150058286A1 (19) United States (12) Patent Application Publication (10) Pub. No.: US 2015/0058286 A1 LEIBOVICI et al. (43) Pub. Date: Feb. 26, 2015 (54) OPENING UNSUPPORTED FILE TYPES (52) US. Cl.
More informationETSI TS V1.2.1 ( )
TS 103 253 V1.2.1 (2016-04) TECHNICAL SPECIFICATION Methods for Testing and Specification (MTS); TTCN-3 Conforance Test Suite for use of XML schea; Ipleentation Conforance Stateent 2 TS 103 253 V1.2.1
More informationCyber Essentials. Requirements for IT Infrastructure. QG Adaption Publication 25 th July 17
Cyber Essentials Requirements for IT Infrastructure NCSC Publication 6 th February 17 QG Adaption Publication 25 th July 17 Document No. BIS 14/696/1.2 Requirements for IT Infrastructure Specifying the
More information1 P a g e. F x,x...,x,.,.' written as F D, is the same.
11. The security syste at an IT office is coposed of 10 coputers of which exactly four are working. To check whether the syste is functional, the officials inspect four of the coputers picked at rando
More informationAutomatic Graph Drawing Algorithms
Autoatic Graph Drawing Algoriths Susan Si sisuz@turing.utoronto.ca Deceber 7, 996. Ebeddings of graphs have been of interest to theoreticians for soe tie, in particular those of planar graphs and graphs
More informationCompiling an Honest but Curious Protocol
6.876/18.46: Advanced Cryptography May 7, 003 Lecture 1: Copiling an Honest but Curious Protocol Scribed by: Jonathan Derryberry 1 Review In previous lectures, the notion of secure ultiparty coputing was
More informationLOGGING AND AUDIT TRAILS
LOGGING AND AUDIT TRAILS Policy LOGGING AND AUDIT TRAILS - POLICY TMP-POL-LAT V3.00-EN, 26/06/2009 TABLE OF CONTENTS 1 INTRODUCTION... 3 1.1 Document Purpose... 3 1.2 Target Audience...3 1.3 Business Context...4
More informationEntity-Relationship Models of Information Artefacts
Entity-Relationship Models of Inforation Artefacts T. R. G. Green MRC Applied Psychology Unit 5 Chaucer Rd, Cabridge CB2 2EF thoas.green@rc-apu.ca.ac.uk http: //www.rc-apu.ca.ac.uk/personal/thoas.green/
More informationProceedings of the First Symposium on Networked Systems Design and Implementation
USENIX Association Proceedings of the First Syposiu on Networked Systes Design and Ipleentation San Francisco, CA, USA March 29 31, 2004 2004 by The USENIX Association All Rights Reserved For ore inforation
More informationOPTIMAL COMPLEX SERVICES COMPOSITION IN SOA SYSTEMS
Key words SOA, optial, coplex service, coposition, Quality of Service Piotr RYGIELSKI*, Paweł ŚWIĄTEK* OPTIMAL COMPLEX SERVICES COMPOSITION IN SOA SYSTEMS One of the ost iportant tasks in service oriented
More informationGDPR Draft: Data Access Control and Password Policy
wea.org.uk GDPR Draft: Data Access Control and Password Policy Version Number Date of Issue Department Owner 1.2 21/01/2018 ICT Mark Latham-Hall Version 1.2 last updated 27/04/2018 Page 1 Contents GDPR
More informationA Periodic Dynamic Load Balancing Method
2016 3 rd International Conference on Engineering Technology and Application (ICETA 2016) ISBN: 978-1-60595-383-0 A Periodic Dynaic Load Balancing Method Taotao Fan* State Key Laboratory of Inforation
More informationELECTRONIC RECORDS (EVIDENCE) ACT (No. 13 of 2014) ELECTRONIC RECORDS (EVIDENCE) REGULATIONS. (Published on, 2015) ARRANGEMENT OF REGULATIONS
Statutory Instrument No. of 2015 ELECTRONIC RECORDS (EVIDENCE) ACT (No. 13 of 2014) ELECTRONIC RECORDS (EVIDENCE) REGULATIONS (Published on, 2015) REGULATION ARRANGEMENT OF REGULATIONS 1. Citation 2. Interpretation
More informationETSI EN V1.1.1 ( )
EN 300 462-4-2 V1.1.1 (1999-12) European Standard (Telecounications series) Transission and Multiplexing (TM); Generic requireents for synchronization networks; Part 4-2: Tiing characteriztics of slave
More informationThird Party Security Review Process
Third Party Security Review Process Rev. 10/11/2016 OIT/IPS-Information Security Office Version Control Version Date Name Change 1.0 9/26/16 V. Guerrero First version of the document 1.2 10/11/16 S. Foote
More informationStructural Balance in Networks. An Optimizational Approach. Andrej Mrvar. Faculty of Social Sciences. University of Ljubljana. Kardeljeva pl.
Structural Balance in Networks An Optiizational Approach Andrej Mrvar Faculty of Social Sciences University of Ljubljana Kardeljeva pl. 5 61109 Ljubljana March 23 1994 Contents 1 Balanced and clusterable
More informationCIP Cyber Security Configuration Change Management and Vulnerability Assessments
CIP-010-2 3 Cyber Security Configuration Change Management and Vulnerability Assessments A. Introduction 1. Title: Cyber Security Configuration Change Management and Vulnerability Assessments 2. Number:
More informationSTAFF REPORT. January 26, Audit Committee. Information Security Framework. Purpose:
STAFF REPORT January 26, 2001 To: From: Subject: Audit Committee City Auditor Information Security Framework Purpose: To review the adequacy of the Information Security Framework governing the security
More information