Towards a Reliable Formal Framework for Enhancing Risk Assessment in Access Control Systems

The constant evolution of access control requirements and the dynamic environment in which they evolve require nowadays quick and instant decision-making related to risk of illegitimate access in Information Systems. Various contributions defined in the literature aim to overcome or to mitigate related risks and paradoxically adopted the hypothesis of reliability and validity of access control policies. However, the corruption of these policies is a security aspect of great importance and should be handled actively because (i) an access control policy is also exposed to the same threats as the managed data is and (ii) properties and parameters of the concrete policy at a given stage may differ, in a critical manner, from a reference stage. We define a reliable and complete solution for risk management in the context of Database Servers. We intend to define a rigorous risk management approach that mainly verifies recommendations of the standard ISO 31000:2009. Our approach takes into consideration all identified threats on a Database Server and provides an environment for the analysis of the correlationbetween the threats detected in particular by different security devices.To ensure a high level of surety, we opt for defining a formal framework that allows to efficiently address this problematic and to formally represent and verify our risk managementprocesses.

Download Full-text

Risk Management Decisions and Organizational Structure in the Case of a Development Management Firm

Cases on Management and Organizational Behavior in an Arab Context - Advances in Logistics, Operations, and Management Science ◽

10.4018/978-1-4666-5067-1.ch011 ◽

2013 ◽

pp. 181-202

Author(s):

Mohammad Baydoun

Keyword(s):

Risk Management ◽

Saudi Arabia ◽

Organizational Structure ◽

Large Scale ◽

Management Practices ◽

Decision Makers ◽

Management Approach ◽

Development Projects ◽

High Level ◽

Large Scale Project

This case aims to analyze risk management practices of Millennium Development International (MDI) and suggest enhancements based on a theoretical framework derived from the literature while considering the implications to its organizational structure. Al-Shamiyah project in Makkah, Saudi Arabia, is used as an example to illustrate the practices of MDI. Due to a high level of risk associated with large-scale development projects, it is argued that the traditional risk management approach is not convenient to the context of these projects. Each large-scale project has a high level of uniqueness that renders benchmarks generated out of previous projects obsolete. Hence, a reactive risk management approach is being promoted. For the purpose of optimizing this approach, engaging necessary experts and securing the presence of key decision makers in the process, the formulated system defines key milestones at which risks need to be assessed and proper decisions need to be taken.

Download Full-text

Risk Management Decisions and Organizational Structure in the Case of a Development Management Firm

Project Management ◽

10.4018/978-1-5225-0196-1.ch060 ◽

2016 ◽

pp. 1220-1237 ◽

Cited By ~ 1

Author(s):

Mohammad Baydoun

Keyword(s):

Risk Management ◽

Saudi Arabia ◽

Organizational Structure ◽

Large Scale ◽

Management Practices ◽

Decision Makers ◽

Management Approach ◽

Development Projects ◽

High Level ◽

Large Scale Project

Download Full-text

Mining a high level access control policy in a network with multiple firewalls

Journal of Information Security and Applications ◽

10.1016/j.jisa.2014.10.010 ◽

2015 ◽

Vol 20 ◽

pp. 61-73 ◽

Cited By ~ 1

Author(s):

Safaà Hachana ◽

Nora Cuppens-Boulahia ◽

Frédéric Cuppens

Keyword(s):

Access Control ◽

Control Policy ◽

Access Control Policy ◽

High Level

Download Full-text

Risk Management Application for Business Startups"Jamu Partnership" in Indonesia

International Journal of Research and Review ◽

10.52403/ijrr.20210821 ◽

2021 ◽

Vol 8 (8) ◽

pp. 148-155

Author(s):

Andhika Saputra ◽

Rhian Indradewa ◽

Tantri Yanuar Rahmat Syah

Keyword(s):

Risk Management ◽

Healthy Lifestyle ◽

Treatment Method ◽

Management Approach ◽

Daily Routine ◽

Business Opportunity ◽

Management Application ◽

Iso 31000 ◽

The Right ◽

Potential Opportunity

Background – Awareness of a healthy lifestyle and thinking back to nature makes society in Indonesia choose jamu as their daily routine drink. Jamu itself is a term for natural traditional medicine from Indonesia. Unfortunately the types of jamu products are still very limited in variants, have a bitter taste and difficult to find in modern places such as cafes. Currently the Indonesian government provides support in health and fitness tourism business activities in the form of jamu cafes. In addition, the community's desire for entrepreneurship through SMEs is also very large. This is a potential opportunity for startup companies in the field of jamu partnerships (business opportunity). Besides that, risks in this startup business also need to be identified, analyzed and treatment. Method – Using the ISO 31000:2018 risk management approach. Result – This analysis help jamu startup companies (business opportunity) in making the right decisions to mitigate risks, so that the business can be sustainable. Keywords: Risk Management, Startups, Jamu Partnership, Business Opportunity, Indonesia.

Download Full-text

MODEL RANCANGAN PENGELOLAAN MANAJEMEN RISIKO PADA PT. XYZ MENGGUNAKAN ISO 31000

Majalah Ilmiah Bijak ◽

10.31334/bijak.v14i2.18 ◽

2017 ◽

Vol 14 (2) ◽

pp. 206-218

Author(s):

M. Rezky Iqbal P.

Keyword(s):

Risk Management ◽

High Risk ◽

Mining Industry ◽

Heavy Equipment ◽

Iso 31000 ◽

Forestry Industry ◽

Equipment Unit ◽

High Level ◽

The Impact ◽

Level Of Risk

Heavy equipment trading industry is an industry that has a high level of risk. The heavy equipment trading industry is influenced by several factors that determine the condition of the mining industry, the condition of the property industry, the forestry industry and the price of the world's coal commodities. Segmentation to heavy equipment unit is very focused on the company because the heavy equipment unit has a high risk. When viewed from the impact of the impact of the industry is highly a requirement of risk. In accepting and managing these risks, it is necessary to apply risk management with the objective to minimize the risk of loss to the company.

Download Full-text

Early Central Banks’ Economics and Balance Sheets

Central Banking before 1800 ◽

10.1093/oso/9780198849995.003.0007 ◽

2019 ◽

pp. 155-171

Author(s):

Ulrich Bindseil

Keyword(s):

Risk Management ◽

Central Bank ◽

Business Model ◽

Balance Sheet ◽

Central Banks ◽

Central Banking ◽

Management Approach ◽

Balance Sheets ◽

Bank Funding ◽

High Level

This chapter summarizes the roles of the various central bank operations in the pre-1800 world, what one can conclude on the overall economics and business model of early central banking, and what this implies in terms of overall balance sheet and risk management approach. The ‘alchemical quest’ of early central banking included in particular the universal challenge of bank balance sheet management to achieve significant liquidity, maturity, and credit transformation while preserving bank funding stability also in future stress situations at a high level of confidence. Section 6.1 reviews again in one context the key balance sheet positions of early central banks and the associated economic functions and market operations. Section 6.2 systematically compares the operations of the major early central banks and reviews their balance sheet structures and relative sizes.

Download Full-text

Attribute - Semantic Based Access Control Policy Model for IoT

International Journal of Engineering and Advanced Technology - Regular Issue ◽

10.35940/ijeat.a1124.1291s419 ◽

2019 ◽

Vol 9 (1S4) ◽

pp. 560-564

Keyword(s):

Access Control ◽

Control Policy ◽

Sensitive Information ◽

Access Control Policy ◽

Trust Value ◽

Policy Model ◽

Fine Grained ◽

Iot Devices ◽

New Policies ◽

High Level

Internet of Things (IoT) devices under cloud assistance is deployed in different distributed environment. It collects sensed data and outsources the data to remote server and user for sharing. As IoT is used in important fields like healthcare, business and research, the sensed data are sensitive information which needs to be protected. Encryption is usual technique to protect data from adversaries. A fine grained access control is essential for heterogeneous device involved social network. The existing access control policies were defined for predefined identity and role which needs to be changed in dynamic situations. Moreover, all the necessary policies cannot be defined in advance and new policies were demanded for new situational context. To solve these issues, this work design a model which calculate final trust value based on semantic information dynamically referring to ontology. a access control policy is also designed on semantic role of the device. The semantic technology is used for high level reasoning of the context situation

Download Full-text

A Comparative Analysis of Access Control Policy Modeling Approaches

International Journal of Secure Software Engineering ◽

10.4018/jsse.2012100104 ◽

2012 ◽

Vol 3 (4) ◽

pp. 65-83

Author(s):

K. Shantha Kumari ◽

T.Chithraleka

Keyword(s):

Comparative Analysis ◽

Access Control ◽

Control Policy ◽

Functional Requirements ◽

Access Control Policy ◽

Policy Modeling ◽

The Past ◽

Access Control Policies ◽

Modeling Techniques ◽

High Level

Access control policies (ACPs) characterize the high-level rules according to which the access control of a system is regulated. Generally they are defined separately from the functional requirements (FRs) of an application and added to the system as an afterthought after being built. But, many problems arose during the integration of ACPs and FRs. Hence, over the past years, researchers have suggested for the modifying the design phase to include an earlier focus on access control issues through various modeling techniques. This paper reviews the important approaches in ACP modeling and makes a comparative analysis of the advantages and limitations of those techniques especially in addressing complex ACPs. Based on the comparative analysis, this paper presents directions for further work needed in handling the intricate nature of today’s ACPs.

Download Full-text

EVALUASI KESIAPAN IMPLEMENTASI ISO 31000:2009 PADA DEPARTEMEN TEKNIK INDUSTRI UNIVERSITAS DIPONEGORO

J TI UNDIP JURNAL TEKNIK INDUSTRI ◽

10.14710/jati.12.1.23-34 ◽

2017 ◽

Vol 12 (1) ◽

pp. 23

Author(s):

Naniek Utami Handayani ◽

Diana Puspita Sari ◽

Dhindi Oxiana Irawan ◽

Zihramna Afdi

Keyword(s):

Risk Management ◽

Teaching And Learning ◽

Risk Mitigation ◽

Educational Institution ◽

Industrial Engineering ◽

Risk Level ◽

Iso 31000 ◽

Operational Activities ◽

High Level

Departemen Teknik Industri sebagai bagian dari Fakultas Teknik Universitas Diponegoro dituntut untuk terus meningkatkan kualitas dan daya saingnya agar mampu melaksanakan tugas Tri Dharma Perguruan Tinggi dan menghasilkan lulusan yang dapat diterima pada lapangan kerja. Sebagai institusi pendidikan Departemen Teknik Industri tidak terlepas dari berbagai tantangan dan risiko terhadap kegagalan manajemen kegiatan terkait Tri Dharma Perguruan Tinggi. Risiko-risiko tersebut dapat menyebabkan kerugian yang jika tidak diantisipasi dapat menurunkan daya saing dan kredibilitas institusi. Tingkat kerugian akibat risiko yang dihadapi sangat bervariasi bergantung penyebab dan dampaknya terhadap institusi. Pada institusi pendidikan, risiko yang dihadapi tidak sekedar berupa finansial tetapi juga ketidakefektifan proses belajar mengajar, kegagalan mahasiswa dalam memperoleh kelulusan, dan rendahnya peluang lulusan untuk mendapatkan pekerjaan. Penelitian ini bertujuan untuk mengevaluasi kesiapan implementasi Manajemen Risiko ISO 31000:2009 pada Departemen Teknik Industri. Tujuan implementasi manajemen risiko adalah menjaga agar aktivitas operasional yang dilakukan tidak menimbulkan kerugian yang melebihi kemampuan entitas untuk menyerap kerugian tersebut ataupun membahayakan kelangsungan proses pencapaian visi. Penelitian ini berfokus pada peningkatan kualitas sumber daya manusia, peningkatan kualitas proses belajar mengajar dan peningkatan kualitas output lulusan. Penelitian dilakukan dengan metode wawancara dan observasi langsung. Berdasarkan hasil wawancara didapatkan 45 risiko yang mungkin terjadi pada Departemen Teknik Industri. Risiko-risiko tersebut didapat dari 6 konteks atau sasaran yang terkait dengan tujuan yang ingin dicapai oleh Departemen Teknik Industri. Hasil dari pengolahan data menunjukkan terdapat 2 risiko dengan tingkat extremely high, 9 risiko dengan tingkat high, 27 risiko dengan tingkat medium, dan 7 risiko dengan tingkat low. Mitigasi risiko dilakukan untuk risiko dengan tingkat extremely high dan high.AbstractDepartment of Industrial Engineering as part of the Faculty of Engineering, University of Diponegoro required to continuously improve the quality and competitiveness to be able to carry out the taskof Tri Dharma Universities and produce graduates who can be accepted in the field of employment. As an educational institution of the Department of Industrial Engineering is inseparable from the various challenges and risks to management failures related activities Tri Dharma Universities. The risks that can cause harm if not anticipated can lower the competitiveness and credibility of institutions. The level of loss due to the risk of facing the highly variable dependent causes and its impact on the institution. In educational institutions, the risks faced not only be financial but also the ineffectiveness of teaching and learning, student failure in obtaining the graduation, and the low chances of graduates to get jobs. This study aimed to evaluate the readiness of the implementation of ISO 31000 : 2009 Risk Management in the Department of Industrial Engineering. The purpose of implementation of risk management is to keep operational activities that do not result in losses that exceed the entity's ability to absorb such losses or endanger the continuation of the process of achieving the vision. This research focuses on improving the quality of human resources, improving the quality of teaching and learning processes and improving the quality of graduate output. Research conducted by interview and direct observation. Based on the results of interviews obtained 45 risks that may occur in the Department of Industrial Engineering. These risks come from 6 context or goal related to the objectives to be achieved by the Department of Industrial Engineering. The results of processing the data shows that there are two risks with extremely high levels, 9 risk with high levels, 27 medium risk level, and 7 risks with low leve ls. Risk mitigation is done to extremely high level risk and high level risk.

Download Full-text

Data Management in Metagenomics: A Risk Management Approach

International Journal of Digital Curation ◽

10.2218/ijdc.v9i1.299 ◽

2014 ◽

Vol 9 (1) ◽

pp. 41-56 ◽

Cited By ~ 1

Author(s):

Filipe Ferreira ◽

Miguel E. Coimbra ◽

Raquel Bairrão ◽

Ricardo Viera ◽

Ana T. Freitas ◽

...

Keyword(s):

Risk Management ◽

Data Management ◽

Digital Preservation ◽

Management Plan ◽

Scientific Workflows ◽

Management Approach ◽

Research Projects ◽

Analysis Process ◽

Iso 31000 ◽

Data Collections

In eScience, where vast data collections are processed in scientific workflows, new risks and challenges are emerging. Those challenges are changing the eScience paradigm, mainly regarding digital preservation and scientific workflows. To address specific concerns with data management in these scenarios, the concept of the Data Management Plan was established, serving as a tool for enabling digital preservation in eScience research projects. We claim risk management can be jointly used with a Data Management Plan, so new risks and challenges can be easily tackled. Therefore, we propose an analysis process for eScience projects using a Data Management Plan and ISO 31000 in order to create a Risk Management Plan that can complement the Data Management Plan. The motivation, requirements and validation of this proposal are explored in the MetaGen-FRAME project, focused in Metagenomics.

Download Full-text