A Business-Context-Based Approach for Message Standards Use - A Validation Study

Jelisic, Elena; Ivezic, Nenad; Kulvatunyou, Boonserm; Anicic, Nenad; Marjanovic, Zoran

doi:10.1007/978-3-030-30278-8_35

Cited by 5 publications

(7 citation statements)

References 3 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The score considers the control effectiveness to determine the residual risk. Through the process the assessor answers specified questions/consideration and can define the arbitrary controls and their effectiveness in the scale of [1][2][3][4][5]. The tool does not focus on identifying technical aspects of the implementations to shed light on privacy risks that can be raised due to actual threat vectors targeting the deployment.…”

Section: The Current Landscape In Pia Framework and Toolsmentioning

confidence: 99%

“…It must be stated that the exact value of the weights is a parameter that can be adjusted accordingly, given the preferences and the domain knowledge of experts of the organisation. The weighted scale formula is given in Equation (1).…”

Section: Privacy Impact Scoring Systemmentioning

confidence: 99%

“…It must be noted that in the case where an asset is affected by multiple vulnerabilities, the highest value (max) among the Asset-level privacy scores will be assigned to the asset. The privacy score is calculated following Equation (1).…”

Section: Privacy Scores Of Processing Activitiesmentioning

confidence: 99%

“…However, this evolution brings several new challenges (or makes existing unsolved challenges urgent to be tackled) with security, interoperability, integrability, and composability being some of the major concerns at both logical extremes of a network. Currently, such challenges are addressed by next-generation approaches including model-based standards, ontology, Business Process Model Life-Cycle Management (BPM LCM), context of business process, and a host of other transport protocols [1][2][3].…”

Section: Introductionmentioning

confidence: 99%

See 3 more Smart Citations

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

et al. 2021

View full text Add to dashboard Cite

As the upsurge of information and communication technologies has become the foundation of all modern application domains, fueled by the unprecedented amount of data being processed and exchanged, besides security concerns, there are also pressing privacy considerations that come into play. Compounding this issue, there is currently a documented gap between the cybersecurity and privacy risk assessment (RA) avenues, which are treated as distinct management processes and capitalise on rather rigid and make-like approaches. In this paper, we aim to combine the best of both worlds by proposing the APSIA (Automated Privacy and Security Impact Assessment) methodology, which stands for Automated Privacy and Security Impact Assessment. APSIA is powered by the use of interdependency graph models and data processing flows used to create a digital reflection of the cyber-physical environment of an organisation. Along with this model, we present a novel and extensible privacy risk scoring system for quantifying the privacy impact triggered by the identified vulnerabilities of the ICT infrastructure of an organisation. We provide a prototype implementation and demonstrate its applicability and efficacy through a specific case study in the context of a heavily regulated sector (i.e., assistive healthcare domain) where strict security and privacy considerations are not only expected but mandated so as to better showcase the beneficial characteristics of APSIA. Our approach can complement any existing security-based RA tool and provide the means to conduct an enhanced, dynamic and generic assessment as an integral part of an iterative and unified risk assessment process on-the-fly. Based on our findings, we posit open issues and challenges, and discuss possible ways to address them, so that such holistic security and privacy mechanisms can reach their full potential towards solving this conundrum.

show abstract

Section: The Current Landscape In Pia Framework and Toolsmentioning

confidence: 99%

Section: Privacy Impact Scoring Systemmentioning

confidence: 99%

Section: Privacy Scores Of Processing Activitiesmentioning

confidence: 99%

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

et al. 2021

View full text Add to dashboard Cite

show abstract

“…However, the adoption of Industry 4.0 presents many significant technical challenges [ 5 ], including integrability, interoperability, composability, and security [ 6 , 7 , 8 ]. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, Business Process Model Life Cycle Management (BPM LCM), context of business process, and a host of other transport protocol standards [ 9 , 10 , 11 , 12 ]. Security is addressed by conducting risk management as a first step.…”

Section: Introductionmentioning

confidence: 99%

ARES: Automated Risk Estimation in Smart Sensor Environments

Dimitriadis

Flores

Kulvatunyou

et al. 2020

Sensors

Self Cite

View full text Add to dashboard Cite

Industry 4.0 adoption demands integrability, interoperability, composability, and security. Currently, integrability, interoperability and composability are addressed by next-generation approaches for enterprise systems integration such as model-based standards, ontology, business process model life cycle management and the context of business processes. Security is addressed by conducting risk management as a first step. Nevertheless, security risks are very much influenced by the assets that the business processes are supported. To this end, this paper proposes an approach for automated risk estimation in smart sensor environments, called ARES, which integrates with the business process model life cycle management. To do so, ARES utilizes standards for platform, vulnerability, weakness, and attack pattern enumeration in conjunction with a well-known vulnerability scoring system. The applicability of ARES is demonstrated with an application example that concerns a typical case of a microSCADA controller and a prototype tool called Business Process Cataloging and Classification System. Moreover, a computer-aided procedure for mapping attack patterns-to-platforms is proposed, and evaluation results are discussed revealing few limitations.

show abstract

Towards Inter-Operable Enterprise Systems – Graph-Based Validation of a Context-Driven Approach for Message Profiling

Jelisic¹,

Ivezic²,

Kulvatunyou³

et al. 2020

IFIP Advances in Information and Communication Technology

Self Cite

View full text Add to dashboard Cite

Providing the business context has a potential to become a powerful mechanism for the interoperable usage and efficient maintenance of message standards. In the literature, there are multiple techniques for its representation and application. Industry use cases have identified multiple issues that come with currently used techniques, which can represent that context. Initial assessment of a logic-based technique for doing so has been conducted and showed that some of the identified issues can be resolved. This paper presents plan for validation of the logic-based technique where proposed algorithms will be assessed in realistic integration scenarios. The paper gives details of the validation steps, goals that need to be met, and indicates issues that guide our future research plans.

show abstract

A Business-Context-Based Approach for Message Standards Use - A Validation Study

Cited by 5 publications

References 3 publications

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

A Perfect Match: Converging and Automating Privacy and Security Impact Assessment On-the-Fly

ARES: Automated Risk Estimation in Smart Sensor Environments

Towards Inter-Operable Enterprise Systems – Graph-Based Validation of a Context-Driven Approach for Message Profiling

Contact Info

Product

Resources

About