Design for securability Applying engineering principles to the design of security architectures
|
|
- Abraham Barton
- 8 years ago
- Views:
Transcription
1 Design fr securability Applying engineering principles t the design f security architectures Amund Hunstad Phne number: Fax: amund@fi.se Jnas Hallberg Phne number: jnhal@fi.se Swedish Defence Research Agency DEPARTMENT OF SYSTEMS ANALYSIS AND IT-SECURITY P.O. BOX 1165, SE LINKÖPING, SWEDEN POC: Amund Hunstad Design fr securability is an apprach t btain distributed infrmatin systems pssible t secure during peratin. T achieve this, three steps have t be supprted in the design f these distributed systems. Firstly, the interactins and relatins between the system and its envirnment have t be captured. Secndly, a set f security requirements n the system has t be frmulated. Thirdly, the set f requirements has t be implemented in the system. This psitin paper fcus n the third step which requires system mdels and design methds and tls. An ACSA - WAEPSSD 2002 Psitin Paper Page 1/8
2 Intrductin There are many prblems inherent with the launch and patch apprach t security. Als the mre careful apprach f using red teams/tiger teams rather than waiting fr things t break, has its limitatins and drawbacks (Gula, 1999), (Schudel & Wd, 2000). The use f vastly distributed infrmatin systems will drastically increase the risks assciated with security breaches (Schneier, 2001). Thus, the need t get it right frm the start shuld be a crnerstne in all future system develpment. Unfrtunately, systems will always cntain flaws. Thus, risk management becmes a necessity and t get it right frm the start means building systems able t handle failing cmpnents and unexpected events. This creates new demands n the ability t cmprehend vastly distributed systems and t understand the effects f events in these systems. Design fr securability, ur apprach t applying engineering principles t system security design, can be described as: integrating knwledge f the system and its envirnment and being based n the imprtance f mutual trust between system wner and peratrs and in system and rganizatin, requirements engineering, systems mdeling, methds and tls fr design supprt and finally hw risk management may be eased by such a design apprach. Engineering principles and security architectures Realizing the fact that n system can be designed t be secure, but can include the necessary prerequisites t be secured during peratin; the aim is design fr securability. The characteristics aspired f such a system vary frm case t case and is influenced by factrs such as time, cst, thrughput and risks. Thus, requirements engineering, as described in (Smmerville & Sawyer, 1997), becmes an imprtant tl fr the security engineer. There are ther reasns t use requirements engineering in the system develpment prcess. The An ACSA - WAEPSSD 2002 Psitin Paper Page 2/8
3 main benefit is the ability t decide which system functins are required and thus, decrease the ttal number f functins and number f flaws in the system. Firstly, the interactins and relatins between the system and its envirnment have t be captured. This usually results in a cmplex structure, as illustrated by Figure 1, in which trust is a central cmpnent. Trust relies n peratins perfrmed by peratrs, by infrmatin systems and n peratins perfrmed within an rganizatinal cntext. System wner Trust Security implicatin Distributed infrmatin system Human-system interactin Actins Operatr Trust Organizatinal cntext Figure 1: The relatins between a system, the rganizatin, peratrs and the system wner. At the tp level, the system wner s trust in the system relies n the perfrmance f the infrmatin system and n different actins taken by peratrs. The peratr s trust is mre directly related t the perfrmance f the infrmatin system and especially the way the system s perfrmance is experienced thrugh the human-system interactin. Actins taken by an peratr has security implicatins within the infrmatin system and the way this makes the system perfrm influences the peratr s trust r pssibly lack f trust. The actins taken by the peratr and the functins f the infrmatin system is als set within an rganizatinal cntext, which als has an impact n trust. As an example, a plicy regarding backup f data is wrthless, if yu have n rutines t implement the plicy. Secndly, a set f requirements n the system has t be frmulated. Frm this set securityrelevant requirements can be extracted, as illustrated by Figure 2. Starting with a textual descriptin f the system requirements, the general system requirements are refined int statements cncerning security. These are thereafter validated and checked fr cnsistency. Thrugh this prcess f requirements engineering, security related issues are integrated at an An ACSA - WAEPSSD 2002 Psitin Paper Page 3/8
4 early stage f the system develpment. This is in cntrast t what ften happens with add-n security at a late stage, perhaps even after the rest f the system develpment is ver. Textual descriptin f system requirements Security-related statements Validated security-related statements Cnsistent security-related statements Figure 2: The prcess f frmulating a set f cnsistent security related statements frm a textual descriptin f system requirements. Thirdly, the set f requirements has t be implemented in the system. This is a cmplex prcess that has t extend thrughut the lifetime f the system. Ideally, there wuld be a well-frmulated prcess extending frm the set f requirements t the implemented system, and als facilitating and enhancing risk management f the implemented system. Hwever, this demands, n tp f the task t design an efficient security architecture, the slutin f all traditinal system develpment issues. Therefre, at this pint, the frmulatin f a framewrk fr design and evaluatin f security architectures, based n a system implemented at sme level f abstractin, wuld be a great step frward. Such a framewrk has t be based n the ability t efficiently mdel the studied systems. Thus, systems mdeling and the design framewrk are discussed in the fllwing sectin. Systems mdeling and design framewrk The designers ability t mdel distributed infrmatin systems is essential fr the cmprehensin and assessment f the crrespnding systems and design decisins. Furthermre, design tls have t supprt such an ability. Thus, an efficient mdeling technique is a prerequisite fr the design f distributed infrmatin systems. The purpse f system mdels is t create a ntin where system requirements and characteristics meet. System mdels can be built befre the system actually has been implemented (design mdels) r fr a present system (analysis mdels). As a first step, these system mdels will enable designers t reasn abut the mdeled systems even befre any design methds have been implemented. An ACSA - WAEPSSD 2002 Psitin Paper Page 4/8
5 T efficiently mdel systems, system characteristics have t be extracted bth frm high-level descriptins f the system and frm mdels f system cmpnents, as illustrated by Figure 3. Mrever, the mdels have t be able t capture the system requirements. This is essential in rder t be able t verify, validate, r assess system requirements and alternative implementtatins. Systembeskriv requirements ningar System descriptin System mdel System cmpnents Figure 3: A system mdel has t capture bth the requirements put n a system and its characteristics (frm high-level descriptins and cmpnent mdels). T build the system mdels a mdeling technique is required. An adequate mdeling technique has t fulfill design prcess requirements and enable the capturing f securityrelevant system characteristics. Thus, the frmulatin f an adequate mdeling technique requires knwledge f the security-relevant system characteristics that have t be captured in rder t efficiently design a security architecture. Cnsequently, a set f security-relevant system characteristics is needed fr tw imprtant tasks: t assess the security f a system and t frmulate an apprpriate mdeling technique. It is imprtant t realize that this results in a strng influence n the mechanisms t be included in a mdeling technique, e.g. mechanisms t capture system structure r data flw. Still, a mdeling technique can hpefully be frmulated is such a way that the demands f a dynamic set f security-relevant system characteristics will nt require redesign f the mdeling technique. A cnclusin is that the mdeling technique has t be flexible and expressive. T be able t enumerate imprtant security-relevant system characteristics, a tree structure with the three rts cnfidentiality, integrity, and availability (CIA) can be used. The tree structure is extended by detecting which security characteristics are descendants f C, I, and A respectively, as illustrated by Figure 4. An effrt alng these lines, resulting in a structure with 55 distinct characteristics, is presented in (Stjerneby, 2002). The quest fr a set f security-relevant system characteristics enabling exact assessments f the security level f a system is indeed a difficult task, as discussed at the ISSRR wrkshp 2001 (ACSA, 2002). Still, a set as detailed as pssible will supprt the frmulatin f adequate mdeling An ACSA - WAEPSSD 2002 Psitin Paper Page 5/8
6 techniques and the mdels created with this mdeling technique will enhance the awareness and assessment f security-relevant issues. Cnfidentiality Integrity Availability Figure 4: Security characteristics in a tree structure. Figure 5 illustrates the cncept f a framewrk fr assessment and mdificatin f system descriptins. System requirements, high-level descriptins, and cmpnent descriptins are used t build system mdels. The system mdels are analyzed and mdified using design methds and tls. Finally, the result is fed back t the system descriptins and requirements. The number f ways this prcess can be perfrmed with a mix f manual wrk and autmatic tls is infinite. Hwever, even assuming all analysis, mdificatins, and feedback t be manual, a systematic design prcess facilitated by system mdels wuld enable the security engineer t validate the requirements specified fr the system. T build cmprehensible mdels capturing all the necessary infrmatin, an expressive mdeling technique supprting hierarchies (abstractin) and several different views f a system is required. Using a standardized mdeling language has several advantages, e.g. utilizatin f all the wrk put int the frmulatin f the language, the pssibility f designers already being familiar with the language, and the pssibility t use tls develped accrding t the standard. Cnsidering the requirements n the mdeling technique and the advantages f using a standardized language, the unified mdeling language (UML) is a strng candidate as a base fr the aspired mdeling technique. UML is biased twards bject riented sftware develpment. Hwever, it cntains diagrams fr mdeling f the structure f a system, althugh these mechanisms are rarely used (Akehurst & Waters, 1999). The diversity f UML pens the pssibility t create mdeling techniques fr a number f mdels and mdel views supprting the use f engineering principles thrugh the whle (security architecture) design prcess, enabling design fr securability. An ACSA - WAEPSSD 2002 Psitin Paper Page 6/8
7 Security analysis Mdel mdificatin Systembeskriv requirements ningar System descriptin System mdel System cmpnents Figure 5: A framewrk fr analysis and mdificatin f system mdels. Cnclusins There is a need t frmulate methds cvering the chain f develpment steps frm mapping the structure f a system and its envirnment, via the requirements engineering prcess, t the design f security architectures. Systematic design f security architectures requires pwerful mdeling techniques and design methds and tls. The prcess is called design fr securability since a system cannt be designed secure. Even thugh the feasibility f creating a set f security-relevant system characteristics is an pen questin, we believe that system mdels enabling designers and design tls t assess and mdify current and future systems are viable. The frmulatin f the crrespnding mdeling techniques is greatly imprved by the presence f sets f security-relevant system characteristics. Reference ACSA (2002). Prc. Wrkshp n Infrmatin Security System Scring and Ranking. Applied Cmputer Security Assciates. Akehurst, D. & Waters, A. (1999). UML specificatin f distributed system envirnments. Technical Reprt : Cmputing Labratry, University f Kent at Canterbury. UK. Gula, R. (1999). Bradening the scpe pf penetratin-testing techniques - The Tp 14 Things Yur Ethical Hackers-fr-Hire Didn t Test., Schneier, B. (2000). Secrets & Lies Digital Security in a Netwrked Wrld, Jhn Wiley & Sns. An ACSA - WAEPSSD 2002 Psitin Paper Page 7/8
8 [Schudel,Wd00] G. Schudel and B. Wd, Adversary Wrk Factr as a Metric fr Infrmatin Assurance, Prceedings f the New Security Paradigms Wrkshp, Crk, Ireland, Sep , Smmerville, I. & Sawyer, P. (1997). Requirements engineering: a gd practice guide. Chichester: Wiley. Stjerneby, A. (2002). Identificatin f security relevant characteristics in distributed infrmatin systems. Master s Thesis. Linköping University. An ACSA - WAEPSSD 2002 Psitin Paper Page 8/8
Succession Planning & Leadership Development: Your Utility s Bridge to the Future
Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,
More informationThe Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future
The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents
More informationImportance and Contribution of Software Engineering to the Education of Informatics Professionals
Imprtance and Cntributin f Sftware Engineering t the Educatin f Infrmatics Prfessinals Dr. Tick, József Budapest Plytechnic, Hungary, tick@bmf.hu Abstract: As a result f the Blgna prcess a new frm f higher
More informationThe actions discussed below in this Appendix assume that the firm has already taken three foundation steps:
MAKING YOUR MARK 6.1 Gd Practice This sectin presents an example f gd practice fr firms executing plans t enter the resurces sectr supply chain fr the first time, r fr thse firms already in the supply
More informationChange Management Process
Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses
More informationWhat is Software Risk Management? (And why should I care?)
What is Sftware Risk Management? (And why shuld I care?) Peter Kulik, KLCI, Inc. 1 st Editin, Octber 1996 Risks are schedule delays and cst verruns waiting t happen. As industry practices have imprved,
More informationITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days
ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationITIL Release Control & Validation (RCV) Certification Program - 5 Days
ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management
More informationBusiness Intelligence and DataWarehouse workshop
Business Intelligence and DataWarehuse wrkshp Benefits: Enables the Final year BE student/ Junir IT prfessinals t get a perfect blend f thery and practice n Business Intelligence and Data warehuse s as
More informationBusiness Continuity Management Systems Foundation Training Course
Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE
More informationImproved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1
Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues
More informationSoftware Quality Assurance Plan
Sftware Quality Assurance Plan fr AnthrpdEST pipeline System Versin 1.0 Submitted in partial fulfillment f the requirements f the degree f Master f Sftware Engineering Prepared by Luis Fernand Carranc
More informationData Warehouse Scope Recommendations
Rensselaer Data Warehuse Prject http://www.rpi.edu/datawarehuse Financial Analysis Scpe and Data Audits This dcument describes the scpe f the Financial Analysis data mart scheduled fr delivery in July
More informationSoftware and Hardware Change Management Policy for CDes Computer Labs
Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces
More informationHow To Measure Call Quality On Your Service Desk
Hw T Measure Call Quality On Yur Service Desk - 1 - Declaratin We believe the infrmatin in this dcument t be accurate, relevant and truthful based n ur experience and the infrmatin prvided t us t date.
More informationDisk Redundancy (RAID)
A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.
More informationPerformance Test Modeling with ANALYTICS
Perfrmance Test Mdeling with ANALYTICS Jeevakarthik Kandhasamy Perfrmance test Lead Cnsultant Capgemini Financial Services USA jeevakarthik@gmail.cm Abstract Websites and web/mbile applicatins have becme
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationRequest for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply
Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t
More informationMarketing Consultancy Division (MCD) Export Consultancy Unit (ECU) Export in Focus. Export Market Expansion Strategies. Rabi-I, 1427 (April, 2006)
Marketing Cnsultancy Divisin (MCD) Exprt Cnsultancy Unit (ECU) Exprt in Fcus Exprt Market Expansin Strategies Rabi-I, 1427 (April, 2006) 1 Exprt Market Expansin Strategies Intrductin It is clear that glbalizatin
More informationBetter Practice Guide Financial Considerations for Government use of Cloud Computing
Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.
More informationResearch Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012
Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.
More informationPhi Kappa Sigma International Fraternity Insurance Billing Methodology
Phi Kappa Sigma Internatinal Fraternity Insurance Billing Methdlgy The Phi Kappa Sigma Internatinal Fraternity Executive Bard implres each chapter t thrughly review the attached methdlgy and plan nw t
More informationNetwork Security Trends in the Era of Cloud and Mobile Computing
Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager
More informationTOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE
TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE A N D R E I A F E R R E I R A, A N T Ó N I O C A S T R O, D E L F I N A S Á S O A R E
More informationData Abstraction Best Practices with Cisco Data Virtualization
White Paper Data Abstractin Best Practices with Cisc Data Virtualizatin Executive Summary Enterprises are seeking ways t imprve their verall prfitability, cut csts, and reduce risk by prviding better access
More informationPosition Paper on In-Network Object Cloud Architecture and Design Goals. Interconnecting Smart Objects with Internet Workshop 25 th March 2011
Architecture and Design Gals Intercnnecting Smart Objects with Internet Wrkshp 25 th March 2011 Alex Galis Stuart Clayman University Cllege Lndn Department
More informationJob Profile Data & Reporting Analyst (Grant Fund)
Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract
More informationWEB APPLICATION SECURITY TESTING
WEB APPLICATION SECURITY TESTING Cpyright 2012 ps_testware 1/7 Intrductin Nwadays every rganizatin faces the threat f attacks n web applicatins. Research shws that mre than half f all data breaches are
More informationHUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL
INTERNATIONAL LABOUR ORGANISATION ACT/EMP PUBLICATIONS [Tp] HUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL Training Prgramme (Edited by C.S. Venkata Ratnam) [Next] Table f Cntents Intrductin
More informationHow to put together a Workforce Development Fund (WDF) claim 2015/16
Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF
More informationResearch Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013
Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,
More informationWhat broader insights would you want to explore first to answer the CEO s questions?
Setup The CEO f a majr client has requested a shrt-term study examining a small part f the client s prduct prtfli. The cmpany has a small divisin that manufactures autmatic drip cffeemakers fr the US and
More informationBusiness Plan Overview
Business Plan Overview Organizatin and Cntent Summary A business plan is a descriptin f yur business, including yur prduct yur market, yur peple and yur financing needs. Yu shuld cnsider that a well prepared
More informationTo achieve these objectives we will use a combination of lectures, cases, class discussion, and exercises.
95-730 E-business Technlgy and Management Curse Descriptin The Internet, and assciated technlgies, are nw an established element f the IT prtfli f rganizatins in bth the public and private sectrs. Experiments
More informationData Protection Act Data security breach management
Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing
More informationEASTERN ARIZONA COLLEGE Database Design and Development
EASTERN ARIZONA COLLEGE Database Design and Develpment Curse Design 2011-2012 Curse Infrmatin Divisin Business Curse Number CMP 280 Title Database Design and Develpment Credits 3 Develped by Sctt Russell/Revised
More informationWriting a Compare/Contrast Essay
Writing a Cmpare/Cntrast Essay As always, the instructr and the assignment sheet prvide the definitive expectatins and requirements fr any essay. Here is sme general infrmatin abut the rganizatin fr this
More informationUNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES
UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative
More informationTo transform information into knowledge- a firm must expend additional resources to discover, patterns, rules, and context where the knowledge works
Chapter 15- Managing Knwledge Knwledge Management Landscape Knwledge management systems- supprt the creatin, capture, strage, and disseminatin f firm expertise and knwledge, have becme ne f the fastest-grwing
More informationSystems Load Testing Appendix
Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part
More informationMobile Telecom Expense Management
Mbile Telecm Expense Management Quick Start Mbile Telecm Expense Management Intrductin The BT Mbile Telecm Expense Management Quick Start Service is part BT Managed Mbility Expenses* BT s suite f telecm
More informationKey Steps for Organizations in Responding to Privacy Breaches
Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins
More informationMichigan Transfer Agreement (MTA) Frequently Asked Questions for College Personnel
Michigan Transfer Agreement (MTA) Frequently Asked Questins fr Cllege Persnnel What happened t the MACRAO Agreement? Originally signed in 1972, the MACRAO agreement has been used successfully by many students
More informationInternet and E-Mail Policy User s Guide
Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin
More informationGOLDBLUM & HESS Attorneys at Law
GOLDBLUM & HESS Attrneys at Law PRACTICE LIMITED TO IMMIGRATION, NATIONALITY, AND CONSULAR LAW Jane W. Gldblum* Wendy Castr Hess** 101 GREENWOOD AVENUE PHONE: (215) 885-3600 JENKINTOWN PLAZA, SUITE 380
More informationHow to Reduce Project Lead Times Through Improved Scheduling
Hw t Reduce Prject Lead Times Thrugh Imprved Scheduling PROBABILISTIC SCHEDULING & BUFFER MANAGEMENT Cnventinal Prject Scheduling ften results in plans that cannt be executed and t many surprises. In many
More informationBusiness Intelligence represents a fundamental shift in the purpose, objective and use of information
Overview f BI and rle f DW in BI Business Intelligence & Why is it ppular? Business Intelligence Steps Business Intelligence Cycle Example Scenaris State f Business Intelligence Business Intelligence Tls
More informationThe AppSec How-To: Choosing a SAST Tool
The AppSec Hw-T: Chsing a SAST Tl Surce Cde Analysis Made Easy GIVEN THE WIDE RANGE OF SOURCE CODE ANALYSIS TOOLS, SECURITY PROFESSIONALS, AUDITORS AND DEVELOPERS ALIKE ARE FACED WITH THE QUESTION: Hw
More informationINTEGRATING & AUTOMATING SECURITY ENGINEERING IN UML
INTEGRATING & AUTOMATING SECURITY ENGINEERING IN UML Antni Maña, J.A. Mntenegr, Francisc Sánchez, Dieg Ray, Mariemma Yagüe Cmputer Science Department. University f Malaga ETSI Infrmática. Campus Teatins.
More informationAHI. Foreign Pre-Approval Inspections (PAIs) Points to Consider
AHI Freign Pre-Apprval Inspectins (PAIs) Pints t Cnsider The fllwing suggestins are intended t prvide spnsr guidance fr timeliness and predictability f freign PAIs. The FDA Center fr Veterinary Medicine
More informationVersion: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013
Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch
More informationITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days
ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing
More informationEntrepreneur Purchasing Recommendations for CRM
Entrepreneur Purchasing Recmmendatins fr CRM Salesbm.cm Mst business wners wuld tend t agree that they dn't necessarily think f themselves as entrepreneurs, they are just peple running a business, making
More informationDefining Sales Campaign Automation How e-mail, the Killer App, is best applied to marketing
Defining Sales Campaign Autmatin Hw e-mail, the Killer App, is best applied t marketing Summary: Cmpanies tday are steadily adpting strategies and technlgies t reach prspects, custmers, and partners thrugh
More informationONGOING FEEDBACK AND PERFORMANCE MANAGEMENT. A. Principles and Benefits of Ongoing Feedback
ONGOING FEEDBACK AND PERFORMANCE MANAGEMENT A. Principles and Benefits f Onging Feedback While it may seem like an added respnsibility t managers already "full plate," managers that prvide nging feedback
More informationStandardization or Harmonization? You need Both
Standardizatin r? Yu need Bth Albrecht Richen and Ansgar Steinhrst Recently the CFO f a majr cnsumer electrnics cmpany stated, We dn t need standardizatin f ur wrldwide prcesses, we need harmnizatin. Is
More informationGENERAL EDUCATION. Communication: Students will effectively exchange ideas and information using multiple methods of communication.
Prcedure 3.12 (f) GENERAL EDUCATION General educatin unites cllege students frm diverse areas by adding breadth and depth t their prgrams f study. General educatin cncepts, framewrks, and/r patterns f
More informationCorporate Standards for data quality and the collation of data for external presentation
The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published
More informationHEALTH INFORMATION EXCHANGE GRANTS CRITERIA
1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between
More informationSystem Business Continuity Classification
System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality
More informationLogical design: defining tables, fields, Primary and Foreign keys, establishing table relationships and levels of data integrity.
Database Design fr Mere Mrtals A Hands-On Guide t Relatinal Database Design By Michael J. Hernandez Intrductin It is imprtant t have a prperly designed database s that accurate infrmatin can be prvided
More informationThis report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.
Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an
More informationCaptive outsourcing models
Captive utsurcing mdels India TP hygiene wrkshp Presenter: Vishnu Bagri Octber 23, 2013 2013 Transfer Pricing Assciates Hlding B.V. BACKDROP + India has evlved as a premier utsurcing hub fr IT, ITES, engineering
More informationProfessional Leaders/Specialists
Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and
More informationDec. 2012. Transportation Management System. An Alternative Traffic Solution for the Logistics Professionals
Dec. 2012 Transprtatin Management System An Alternative Traffic Slutin fr the Lgistics Prfessinals What is a TMS-Lite system? What are the features and capabilities f a TMS-Lite system? Why chse a TMS-Lite
More informationAppendix H. Annual Risk Assessment and Audit Plan 2013/14
Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department
More informationResearch Findings from the West Virginia Virtual School Spanish Program
Research Findings frm the West Virginia Virtual Schl Spanish Prgram Funded by the U.S. Department f Educatin Cnducted by R0cKMAN ETAL San Francisc, CA, Chicag, IL, and Blmingtn, IN Octber 4, 2006 R0cKMAN
More informationChris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation
TO: FROM: HR Officers & Human Resurces Representatives Chris Chirn, Interim Senir Directr, Emplyee & Management Relatins Jessica Mre, Senir Directr, Classificatin & Cmpensatin DATE: May 26, 2015 RE: Annual
More informationDocument Management Versioning Strategy
1.0 Backgrund and Overview Dcument Management Versining Strategy Versining is an imprtant cmpnent f cntent creatin and management. Versin management is a key cmpnent f enterprise cntent management. The
More informationConversations of Performance Management
Cnversatins f Perfrmance Management Perfrmance Management at Ohi State The Secnd Cnversatin ~ Develpment 2011 The Ohi State University Office f Human Resurces Cntents Intrductin Welcme t Develping Emplyees...
More informationSuccession management in the Queensland Public Service
Successin management in the Queensland Public Service February 2009 Table f cntents Intrductin... 3 What is successin management?... 3 Why d successin management?... 3 Wh des successin management apply
More informationResearch Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012
Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.
More informationA Model for Automatic Preventive Maintenance Scheduling and Application Database Software
Prceedings f the 2010 Internatinal Cnference n Industrial Engineering and Operatins Management Dhaka, Bangladesh, January 9 10, 2010 A Mdel fr Autmatic Preventive Maintenance Scheduling and Applicatin
More informationDeveloping Expertise as Coaches of Teachers
Develping Expertise as Caches f Teachers Presented by: Elaine M. Bukwiecki, Ed.D. Assciate Prfessr f Literacy Educatin Presented at: 11 th Internatinal Writing Acrss the Curriculum Cnference Savannah,
More informationNC3A SOA Techwatch Day Call for Presentations
NC3A SOA Techwatch Day Call fr Presentatins 1 February 2012 Hsted at NATO C3 Agency, The Hague, The Netherlands By NC3A Chief Technlgy Office (CTO) David Burtn Chief Technlgy fficer Versin 1, 1 December
More informationWhy Can t Johnny Encrypt? A Usability Evaluation of PGP 5.0 Alma Whitten and J.D. Tygar
Class Ntes: February 2, 2006 Tpic: User Testing II Lecturer: Jeremy Hyland Scribe: Rachel Shipman Why Can t Jhnny Encrypt? A Usability Evaluatin f PGP 5.0 Alma Whitten and J.D. Tygar This article has three
More informationCDC UNIFIED PROCESS PRACTICES GUIDE
Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these
More informationCompleting the CMDB Circle: Asset Management with Barcode Scanning
Cmpleting the CMDB Circle: Asset Management with Barcde Scanning WHITE PAPER The Value f Barcding Tday, barcdes are n just abut everything manufactured and are used fr asset tracking and identificatin
More informationGuidelines on Data Management in Horizon 2020
Guidelines n Data Management in Hrizn 2020 Versin 1.0 11 December 2013 Guidelines n Data Management in Hrizn 2020 Versin 16 December 2013 Intrductin In Hrizn 2020 a limited pilt actin n pen access t research
More informationQAD Operations BI Metrics Demonstration Guide. May 2015 BI 3.11
QAD Operatins BI Metrics Demnstratin Guide May 2015 BI 3.11 Overview This demnstratin fcuses n ne aspect f QAD Operatins Business Intelligence Metrics and shws hw this functinality supprts the visin f
More informationLicensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite
Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This
More informationThe Town of Fort Frances
The Twn f Frt Frances PERFORMANCE APPRAISAL POLICY SECTION HUMAN RESOURCES REVISED August 2002 Reslutin N. Supercedes Reslutin N. Plicy Number 3.3 PAGE 1 f 9 1. PURPOSE: The purpse f supprt staff perfrmance
More informationSystem Business Continuity Classification
Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required
More information1 Google Apps for Education Henrico County, Virginia
1 Ggle Apps fr Educatin Henric Cunty, Virginia PROGRAM CATEGORY: Infrmatin Technlgy 1. Abstract f the Prgram Henric Cunty Public Schls (HCPS) prides itself n its innvative apprach t instructin. We believe
More informationHow Hillwatch E-Services Uses Best Practices Benchmarking and the Balanced Scorecard
White Paper Hillwatch E-Impact Benchmark and Visitr Pattern Analytics Alignment With Gvernment Web Asset Perfrmance Measurement Hw Hillwatch E-Services Uses Best Practices Benchmarking and the Balanced
More informationMSc in Civil Engineering (Cycle 2, level 4)
Learning utcmes MSc in Civil Engineering (Cnstructin Management) MSc in Civil Engineering (Cycle 2, level 4) Specializatin: Cnstructin Management MSc in Civil Engineering with specializatin in Cnstructin
More informationAim The aim of a communication plan states the overall goal of the communication effort.
Develping a Cmmunicatin Plan- Aim Aim The aim f a cmmunicatin plan states the verall gal f the cmmunicatin effrt. Determining the Aim Ask yurself r yur team what the verall gal f the cmmunicatin plan is.
More informationPOLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES
POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES M. PĘCIŁŁO Central Institute fr Labur Prtectin ul. Czerniakwska
More informationSymantec User Authentication Service Level Agreement
Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed
More informationREQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES
REQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES The Wyming Legislature is at a pivtal pint in the management f its infrmatin and we are lking fr an accmplished firm with SharePint technlgy
More informationConsiderations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag
Autmating Wrkflws with KwikTag by ImageTag Cnsideratins fr Success in Wrkflw Autmatin KwikTag balances cmprehensive, feature-rich Transactinal Cntent Management with affrdability, fast implementatin, ease
More information366 Degrees Gaining Extra Degrees of Success
366 Degrees Gaining Extra Degrees f Success In the rush t gain new custmers, cmpanies ften verlk their best custmers the nes they already have. While finding and attracting new custmers is certainly fundamental
More informationFundamentals of Engineering Ethics
Fundamentals f Engineering Ethics Preface Natural sciences and engineering are imprtant frces shaping ur future. They exert bth psitive and negative influences upn ur wrld. We all cntribute t these changes.
More informationSecretary of Energy Steven Chu, U.S. Department of Energy. Acting Under Secretary David Sandalow, U.S. Department of Energy
T: Cc: Secretary f Energy Steven Chu, U.S. Department f Energy Acting Under Secretary David Sandalw, U.S. Department f Energy Frm: Steven Ashby, Deputy Directr fr Science & Technlgy, Pacific Nrthwest Natinal
More informationUsing Sentry-go Enterprise/ASPX for Sentry-go Quick & Plus! monitors
Using Sentry-g Enterprise/ASPX fr Sentry-g Quick & Plus! mnitrs 3Ds (UK) Limited, February, 2014 http://www.sentry-g.cm Be Practive, Nt Reactive! Intrductin Sentry-g Enterprise Reprting is a self-cntained
More informationCASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT
CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles
More informationService Level Agreement (SLA) Hosted Products. Netop Business Solutions A/S
Service Level Agreement (SLA) Hsted Prducts Netp Business Slutins A/S Cntents 1 Service Level Agreement... 3 2 Supprt Services... 3 3 Incident Management... 3 3.1 Requesting service r submitting incidents...
More informationData Protection Policy & Procedure
Data Prtectin Plicy & Prcedure Page 1 Prcnnect Marketing Data Prtectin Plicy V1.2 Data prtectin plicy Cntext and verview Key details Plicy prepared by: Adam Haycck Apprved by bard / management n: 01/01/2015
More information