scholarly journals Maintaining Zero Trust With Federation

2021 ◽  
Vol 11 (5) ◽  
pp. 17-32
Author(s):  
William R. Simpson ◽  
◽  
Kevin E. Foltz
Keyword(s):  
Information Sharing ◽  
Security Policies ◽  
Internal Security ◽  
Security Services ◽  
Partner Organization ◽  
Starting Point ◽  
Security Properties ◽  
Supplemental Services ◽  
High Level ◽  
Security Standards

Federated activity presents a challenge for enterprises with high-level security architectures. Federation involves information sharing among services and with working partners, coalition partners, first responders, and other organizations. Federation may be unilateral or bilateral with similar or dissimilar information-sharing goals. Strong internal security, including zero trust controls, often do not extend cleanly across enterprise boundaries, potentially leading to insecure shortcuts and workarounds that can become the rule instead of the exception. This paper presents methods for an enterprise to extend its zero trust security policies to include federation partners. It applies to federation partners that support the same security policies with compatible standards and services and to partners that provide a similar but incompatible security framework, a subset of required security services, or no security services. The partner organization may be fully trusted, partially trusted, or untrusted. Even for trusted partners, the services may not meet required security standards. Our solution combines selected partner security services, internal services, derived credentials, delegated authorities, and supplemental services to form the federation security architecture based on zero trust premises to the maximum extent. This paper uses the Zero Trust for Enterprise (ZTE) architecture as the starting point for a secure enterprise and addresses the challenge of extending this model to federate with different types of partners. We review the security approach, the security properties, and several options for an enterprise to maintain the ZTE security properties while enabling federated sharing with other enterprises that have different capabilities and levels of trust

scholarly journals Establishing a consensus for the hallmarks of cancer based on gene ontology and pathway annotations

2021 ◽  
Vol 22 (1) ◽  
Author(s):  
Yi Chen ◽  
Fons. J. Verbeek ◽  
Katherine Wolstencroft
Keyword(s):  
Gene Ontology ◽  
Enrichment Analysis ◽  
Biological Data ◽  
Hallmarks Of Cancer ◽  
High Throughput Analysis ◽  
Knowledge Resources ◽  
Gene Set ◽  
Cancer Hallmarks ◽  
Starting Point ◽  
High Level

Abstract Background The hallmarks of cancer provide a highly cited and well-used conceptual framework for describing the processes involved in cancer cell development and tumourigenesis. However, methods for translating these high-level concepts into data-level associations between hallmarks and genes (for high throughput analysis), vary widely between studies. The examination of different strategies to associate and map cancer hallmarks reveals significant differences, but also consensus. Results Here we present the results of a comparative analysis of cancer hallmark mapping strategies, based on Gene Ontology and biological pathway annotation, from different studies. By analysing the semantic similarity between annotations, and the resulting gene set overlap, we identify emerging consensus knowledge. In addition, we analyse the differences between hallmark and gene set associations using Weighted Gene Co-expression Network Analysis and enrichment analysis. Conclusions Reaching a community-wide consensus on how to identify cancer hallmark activity from research data would enable more systematic data integration and comparison between studies. These results highlight the current state of the consensus and offer a starting point for further convergence. In addition, we show how a lack of consensus can lead to large differences in the biological interpretation of downstream analyses and discuss the challenges of annotating changing and accumulating biological data, using intermediate knowledge resources that are also changing over time.

scholarly journals Security assurance cases—state of the art of an emerging approach

2021 ◽  
Vol 26 (4) ◽  
Author(s):  
Mazen Mohamad ◽  
Jan-Philipp Steghöfer ◽  
Riccardo Scandariato
Keyword(s):  
State Of The Art ◽  
Tool Support ◽  
Security Assurance ◽  
The Past ◽  
Depth Analysis ◽  
Structured Argumentation ◽  
Security Properties ◽  
Standards And Regulations ◽  
Assurance Cases ◽  
Security Standards

AbstractSecurity Assurance Cases (SAC) are a form of structured argumentation used to reason about the security properties of a system. After the successful adoption of assurance cases for safety, SAC are getting significant traction in recent years, especially in safety-critical industries (e.g., automotive), where there is an increasing pressure to be compliant with several security standards and regulations. Accordingly, research in the field of SAC has flourished in the past decade, with different approaches being investigated. In an effort to systematize this active field of research, we conducted a systematic literature review (SLR) of the existing academic studies on SAC. Our review resulted in an in-depth analysis and comparison of 51 papers. Our results indicate that, while there are numerous papers discussing the importance of SAC and their usage scenarios, the literature is still immature with respect to concrete support for practitioners on how to build and maintain a SAC. More importantly, even though some methodologies are available, their validation and tool support is still lacking.

FORMALIZATION OF THE DEFINITION APPROACH THE LEVEL OF MOTIVATION OF THE VIOLATOR

2021 ◽  
pp. 29-34
Author(s):  
Оксана Михайловна Голембиовская ◽  
Екатерина Владимировна Кондрашова ◽  
Михаил Юрьевич Рытов ◽  
Максим Михайлович Голембиовский
Keyword(s):  
Protective Equipment ◽  
Security Services ◽  
High Level ◽  
Level Of Motivation

В статье рассматривается подход, связанный с определение уровня мотивации нарушителя к совершению того или иного противоправного деяния относительно ресурсов организации. Предлагаемый подход, возможно, применять службам безопасности предприятия относительно работников как при приеме на работу, так и в процессе работы с целью выявления высокого уровня мотивации к совершению противоправного деяния и выполнению различных мер по нейтрализации или минимизации данного уровня. Уровень мотивации напрямую влияет на потенциал нарушителя и на вероятность реализации им угрозы, так как не только наличие на объекте средств защиты или наличие у нарушителя современных средств атак приводит к реализации угрозы. В первую очередь к ней приводит заинтересованность в совершении данного деяния, мотивируемость и цели, которые преследует нарушитель. The article considers an approach related to determining the level of motivation of the violator to commit a particular illegal act with respect to the resources of the organization. The proposed approach can be applied by the security services of the enterprise in relation to employees both when hiring and in the process of work in order to identify a high level of motivation to commit an illegal act and to implement various measures to neutralize or minimize this level. The level of motivation directly affects the potential of the violator and the probability of the threat implementation, since not only the presence of protective equipment on the object or the presence of modern means of attack on the violator leads to the implementation of the threat. First of all, it leads to the interest in the commission of this act, the motivation and goals that the violator pursues.

scholarly journals Evidence for Inhibition of Topoisomerase 1A by Gold(III) Macrocycles and Chelates TargetingMycobacterium tuberculosisandMycobacterium abscessus

2018 ◽  
Vol 62 (5) ◽  
Author(s):  
Rashmi Gupta ◽  
Carolina Rodrigues Felix ◽  
Matthew P. Akerman ◽  
Kate J. Akerman ◽  
Cathryn A. Slabber ◽  
...  
Keyword(s):  
Mycobacterium Abscessus ◽  
Cross Resistance ◽  
Human Pathogens ◽  
Intrinsic Resistance ◽  
Content Type ◽  
Starting Point ◽  
Scalable Synthesis ◽  
High Level ◽  
Novel Drug

ABSTRACTMycobacterium tuberculosisand the fast-growing speciesMycobacterium abscessusare two important human pathogens causing persistent pulmonary infections that are difficult to cure and require long treatment times. The emergence of drug-resistantM. tuberculosisstrains and the high level of intrinsic resistance ofM. abscessuscall for novel drug scaffolds that effectively target both pathogens. In this study, we evaluated the activity of bis(pyrrolide-imine) gold(III) macrocycles and chelates, originally designed as DNA intercalators capable of targeting human topoisomerase types I and II (Topo1 and Topo2), againstM. abscessusandM. tuberculosis. We identified a total of 5 noncytotoxic compounds active against both mycobacterial pathogens under replicatingin vitroconditions. We chose one of these hits, compound 14, for detailed analysis due to its potent bactericidal mode of inhibition and scalable synthesis. The clinical relevance of this compound was demonstrated by its ability to inhibit a panel of diverseM. tuberculosisandM. abscessusclinical isolates. Prompted by previous data suggesting that compound 14 may target topoisomerase/gyrase enzymes, we demonstrated that it lacked cross-resistance with fluoroquinolones, which target theM. tuberculosisgyrase.In vitroenzyme assays confirmed the potent activity of compound 14 against bacterial topoisomerase 1A (Topo1) enzymes but not gyrase. Novel scaffolds like compound 14 with potent, selective bactericidal activity againstM. tuberculosisandM. abscessusthat act on validated but underexploited targets like Topo1 represent a promising starting point for the development of novel therapeutics for infections by pathogenic mycobacteria.

Secure e-Government Services

2012 ◽  
Vol 8 (1) ◽  
pp. 1-25 ◽  
Author(s):  
Geoffrey Karokola ◽  
Louise Yngström ◽  
Stewart Kowalski
Keyword(s):  
Soft Systems Methodology ◽  
Frame Of Reference ◽  
Business Community ◽  
Systems Methodology ◽  
Soft Systems ◽  
Government Services ◽  
Security Services ◽  
Security Challenges ◽  
Security Standards ◽  
Common Frame Of Reference

E-Government offers many benefits to government agencies, citizens and the business community. However, e-Government services are prone to current and emerging security challenges posing potential threats to critical information assets. Securing it appears to be a major challenge facing governments globally. Based on the international security standards – the paper thoroughly investigates and analyzes eleven e-government maturity models (eGMMs) for security services. Further, it attempts to establish a common frame of reference for eGMM critical stages. The study utilizes the Soft Systems Methodology (SSM) of scientific inquiry/ learning cycle adopted from Checkland and Scholes. The findings show that security services (technical and non-technical) are lacking in eGMMs – implying that eGMMs were designed to measure more quantity of offered e-government services than the quality of security services. Therefore, as a step towards achieving secure e-government services the paper proposes a common frame of reference for eGMM with five critical stages. These stages will later be extended to include the required security services.

scholarly journals Den glatte musikken og muligheten for en erfaring

2020 ◽  
pp. 79-94
Author(s):  
Bendik Fredriksen
Keyword(s):  
Work Of Art ◽  
Negative Term ◽  
Starting Point ◽  
Physical Objects ◽  
High Level

A word often used to describe music is “smooth”. It is mostly meant as a negative term, used to label music as commercial, light, superficial and easily forgotten. However, smooth music is also well-made, with a high level of professionality. In this chapter I take as a starting point the criticism of beauty as smoothness found in Byung-Chul Han’s book Die Errettung des Schönen [Saving beauty], and investigate how this criticism applies to music. Furthermore, I try to define what makes music smooth. While smoothness can easily be defined when speaking about physical objects, music is evasive. Hence, smoothness is defined metaphorically, and according to what it is not, e.g. a work of art, or something that can lead to an experience, a concept I discuss in light of Gadamer, Heidegger, Adorno and Vetlesen. I claim that due to the elusive character of music almost any music can lead to an experience, but it is not a product of the subject’s efforts alone. Moreover, smoothness as a characteristic of music seems to have a liminal quality to it, as it cannot be defined in light of its opposite, but is trapped in its own perfection.

Anxiety in cardiology. The use of pregabalin in the treatment of anxiety disorders in patients with cardiovascular diseases

2021 ◽  
Vol 14 (4) ◽  
pp. 428-432
Author(s):  
Anna Antosik-Wójcińska
Keyword(s):  
Cardiovascular Diseases ◽  
Early Diagnosis ◽  
Anxiety Disorders ◽  
Pharmacological Treatment ◽  
Anxiety Symptoms ◽  
Health Consequences ◽  
Cardiovascular Patients ◽  
Starting Point ◽  
Patient Prognosis ◽  
High Level

The paper discusses two issues: the multidirectional relationship between the occurrence of anxiety symptoms and cardiovascular diseases, and the influence of the persistently high level of anxiety on the course of cardiological diseases and patient prognosis. In the discussion on the negative health consequences of anxiety disorders, there is emphasized importance of early diagnosis of these disorders and implementation of its treatment. As a starting point there were presented clinical cases of cardiovascular patients in whom developed anxiety disorders. The following sections discuss various aspects of the pharmacological treatment of anxiety disorders, focusing on the possible use of pregabalin in this.

Securing the External Interfaces of a Federated Infrastructure Cloud

2013 ◽  
pp. 1876-1903
Author(s):  
Philippe Massonet ◽  
Arnaud Michot ◽  
Syed Naqvi ◽  
Massimo Villari ◽  
Joseph Latanicki
Keyword(s):  
Access Control ◽  
Open Source ◽  
Mutual Authentication ◽  
Security Policies ◽  
Role Based Access Control ◽  
Security Services ◽  
Reservoir Architecture ◽  
Role Based ◽  
Illustrative Case Study ◽  
Service Manager

This chapter describes an open source solution for securing the Claudia service manager and the OpenNebula virtual execution environment manager when combined in a federated RESERVOIR architecture. The security services provide confidentiality, authentication, and integrity by securing the external API. The chapter describes how to integrate the security solution in an open source cloud computing system, how to install it, and provides an illustrative case study showing its potential for the community. The aim of the chapter is to help those who want to build their own secure infrastructure clouds. The open source security code provides mutual authentication between clients and the Claudia service manager, and secures the SMI interface with role based access control. The same security services can also secure the VMI with role based access control and X509 certificates. Finally the federation can be secured by combining an LDAP server to manage the federation and XACML security policies, and using policy matching to guarantee the respect of security policies within the federation.

Enterprise Information Security Policies, Standards, and Procedures

2012 ◽  
pp. 67-89
Author(s):  
Syed Irfan Nabi ◽  
Ghmlas Saleh Al-Ghmlas ◽  
Khaled Alghathbar
Keyword(s):  
Information Security ◽  
Security Policies ◽  
Mutual Relationship ◽  
Enterprise Information ◽  
Key Players ◽  
Different Types ◽  
Standards And Guidelines ◽  
Security Standards ◽  
National Information

This chapter explores enterprise information security policies, standards, and procedures. It examines the existing resources, analyses the available options, and offers recommendations to the CIOs and other people that have to make decisions about policies, standards, and procedures to ensure information security in their enterprise. Additionally, the need, requirements, and audience for different types of security documents are scrutinized. Their mutual relationship is examined, and the association among them is illustrated with a diagram supplemented by an example to bring about better comprehension of these documents. It is important to know the sources and organizations that make standards and guidelines. Therefore, the major ones are discussed. This research involved finding all of the relevant documents and analyzing the reasons for the ever-increasing number of newer ones and the revisions of the existing ones. Various well-known and established international, as well as national, information security standards and guidelines are listed to provide a pertinent collection from which to choose. The distinguishing factors and common attributes are researched to make it easier to classify these documents. Finally, the crux of the chapter involves recommending appropriate information security standards and guidelines based on the sector to which an organization belongs. An analysis of the role played by these standards and guidelines in the effectiveness of information security is also discussed, along with some caveats. It is important for practitioners and researchers to know what is available, who the key players are, and the potential issues with information security standards and guidelines; they are all concisely presented in this chapter.

Sign in / Sign up

Export Citation Format

Share Document