Design for securability Applying engineering principles to the design of security architectures

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Design for securability Applying engineering principles to the design of security architectures"

Transcription

1 Design fr securability Applying engineering principles t the design f security architectures Amund Hunstad Phne number: Fax: Jnas Hallberg Phne number: Swedish Defence Research Agency DEPARTMENT OF SYSTEMS ANALYSIS AND IT-SECURITY P.O. BOX 1165, SE LINKÖPING, SWEDEN POC: Amund Hunstad Design fr securability is an apprach t btain distributed infrmatin systems pssible t secure during peratin. T achieve this, three steps have t be supprted in the design f these distributed systems. Firstly, the interactins and relatins between the system and its envirnment have t be captured. Secndly, a set f security requirements n the system has t be frmulated. Thirdly, the set f requirements has t be implemented in the system. This psitin paper fcus n the third step which requires system mdels and design methds and tls. An ACSA - WAEPSSD 2002 Psitin Paper Page 1/8

2 Intrductin There are many prblems inherent with the launch and patch apprach t security. Als the mre careful apprach f using red teams/tiger teams rather than waiting fr things t break, has its limitatins and drawbacks (Gula, 1999), (Schudel & Wd, 2000). The use f vastly distributed infrmatin systems will drastically increase the risks assciated with security breaches (Schneier, 2001). Thus, the need t get it right frm the start shuld be a crnerstne in all future system develpment. Unfrtunately, systems will always cntain flaws. Thus, risk management becmes a necessity and t get it right frm the start means building systems able t handle failing cmpnents and unexpected events. This creates new demands n the ability t cmprehend vastly distributed systems and t understand the effects f events in these systems. Design fr securability, ur apprach t applying engineering principles t system security design, can be described as: integrating knwledge f the system and its envirnment and being based n the imprtance f mutual trust between system wner and peratrs and in system and rganizatin, requirements engineering, systems mdeling, methds and tls fr design supprt and finally hw risk management may be eased by such a design apprach. Engineering principles and security architectures Realizing the fact that n system can be designed t be secure, but can include the necessary prerequisites t be secured during peratin; the aim is design fr securability. The characteristics aspired f such a system vary frm case t case and is influenced by factrs such as time, cst, thrughput and risks. Thus, requirements engineering, as described in (Smmerville & Sawyer, 1997), becmes an imprtant tl fr the security engineer. There are ther reasns t use requirements engineering in the system develpment prcess. The An ACSA - WAEPSSD 2002 Psitin Paper Page 2/8

3 main benefit is the ability t decide which system functins are required and thus, decrease the ttal number f functins and number f flaws in the system. Firstly, the interactins and relatins between the system and its envirnment have t be captured. This usually results in a cmplex structure, as illustrated by Figure 1, in which trust is a central cmpnent. Trust relies n peratins perfrmed by peratrs, by infrmatin systems and n peratins perfrmed within an rganizatinal cntext. System wner Trust Security implicatin Distributed infrmatin system Human-system interactin Actins Operatr Trust Organizatinal cntext Figure 1: The relatins between a system, the rganizatin, peratrs and the system wner. At the tp level, the system wner s trust in the system relies n the perfrmance f the infrmatin system and n different actins taken by peratrs. The peratr s trust is mre directly related t the perfrmance f the infrmatin system and especially the way the system s perfrmance is experienced thrugh the human-system interactin. Actins taken by an peratr has security implicatins within the infrmatin system and the way this makes the system perfrm influences the peratr s trust r pssibly lack f trust. The actins taken by the peratr and the functins f the infrmatin system is als set within an rganizatinal cntext, which als has an impact n trust. As an example, a plicy regarding backup f data is wrthless, if yu have n rutines t implement the plicy. Secndly, a set f requirements n the system has t be frmulated. Frm this set securityrelevant requirements can be extracted, as illustrated by Figure 2. Starting with a textual descriptin f the system requirements, the general system requirements are refined int statements cncerning security. These are thereafter validated and checked fr cnsistency. Thrugh this prcess f requirements engineering, security related issues are integrated at an An ACSA - WAEPSSD 2002 Psitin Paper Page 3/8

4 early stage f the system develpment. This is in cntrast t what ften happens with add-n security at a late stage, perhaps even after the rest f the system develpment is ver. Textual descriptin f system requirements Security-related statements Validated security-related statements Cnsistent security-related statements Figure 2: The prcess f frmulating a set f cnsistent security related statements frm a textual descriptin f system requirements. Thirdly, the set f requirements has t be implemented in the system. This is a cmplex prcess that has t extend thrughut the lifetime f the system. Ideally, there wuld be a well-frmulated prcess extending frm the set f requirements t the implemented system, and als facilitating and enhancing risk management f the implemented system. Hwever, this demands, n tp f the task t design an efficient security architecture, the slutin f all traditinal system develpment issues. Therefre, at this pint, the frmulatin f a framewrk fr design and evaluatin f security architectures, based n a system implemented at sme level f abstractin, wuld be a great step frward. Such a framewrk has t be based n the ability t efficiently mdel the studied systems. Thus, systems mdeling and the design framewrk are discussed in the fllwing sectin. Systems mdeling and design framewrk The designers ability t mdel distributed infrmatin systems is essential fr the cmprehensin and assessment f the crrespnding systems and design decisins. Furthermre, design tls have t supprt such an ability. Thus, an efficient mdeling technique is a prerequisite fr the design f distributed infrmatin systems. The purpse f system mdels is t create a ntin where system requirements and characteristics meet. System mdels can be built befre the system actually has been implemented (design mdels) r fr a present system (analysis mdels). As a first step, these system mdels will enable designers t reasn abut the mdeled systems even befre any design methds have been implemented. An ACSA - WAEPSSD 2002 Psitin Paper Page 4/8

5 T efficiently mdel systems, system characteristics have t be extracted bth frm high-level descriptins f the system and frm mdels f system cmpnents, as illustrated by Figure 3. Mrever, the mdels have t be able t capture the system requirements. This is essential in rder t be able t verify, validate, r assess system requirements and alternative implementtatins. Systembeskriv requirements ningar System descriptin System mdel System cmpnents Figure 3: A system mdel has t capture bth the requirements put n a system and its characteristics (frm high-level descriptins and cmpnent mdels). T build the system mdels a mdeling technique is required. An adequate mdeling technique has t fulfill design prcess requirements and enable the capturing f securityrelevant system characteristics. Thus, the frmulatin f an adequate mdeling technique requires knwledge f the security-relevant system characteristics that have t be captured in rder t efficiently design a security architecture. Cnsequently, a set f security-relevant system characteristics is needed fr tw imprtant tasks: t assess the security f a system and t frmulate an apprpriate mdeling technique. It is imprtant t realize that this results in a strng influence n the mechanisms t be included in a mdeling technique, e.g. mechanisms t capture system structure r data flw. Still, a mdeling technique can hpefully be frmulated is such a way that the demands f a dynamic set f security-relevant system characteristics will nt require redesign f the mdeling technique. A cnclusin is that the mdeling technique has t be flexible and expressive. T be able t enumerate imprtant security-relevant system characteristics, a tree structure with the three rts cnfidentiality, integrity, and availability (CIA) can be used. The tree structure is extended by detecting which security characteristics are descendants f C, I, and A respectively, as illustrated by Figure 4. An effrt alng these lines, resulting in a structure with 55 distinct characteristics, is presented in (Stjerneby, 2002). The quest fr a set f security-relevant system characteristics enabling exact assessments f the security level f a system is indeed a difficult task, as discussed at the ISSRR wrkshp 2001 (ACSA, 2002). Still, a set as detailed as pssible will supprt the frmulatin f adequate mdeling An ACSA - WAEPSSD 2002 Psitin Paper Page 5/8

6 techniques and the mdels created with this mdeling technique will enhance the awareness and assessment f security-relevant issues. Cnfidentiality Integrity Availability Figure 4: Security characteristics in a tree structure. Figure 5 illustrates the cncept f a framewrk fr assessment and mdificatin f system descriptins. System requirements, high-level descriptins, and cmpnent descriptins are used t build system mdels. The system mdels are analyzed and mdified using design methds and tls. Finally, the result is fed back t the system descriptins and requirements. The number f ways this prcess can be perfrmed with a mix f manual wrk and autmatic tls is infinite. Hwever, even assuming all analysis, mdificatins, and feedback t be manual, a systematic design prcess facilitated by system mdels wuld enable the security engineer t validate the requirements specified fr the system. T build cmprehensible mdels capturing all the necessary infrmatin, an expressive mdeling technique supprting hierarchies (abstractin) and several different views f a system is required. Using a standardized mdeling language has several advantages, e.g. utilizatin f all the wrk put int the frmulatin f the language, the pssibility f designers already being familiar with the language, and the pssibility t use tls develped accrding t the standard. Cnsidering the requirements n the mdeling technique and the advantages f using a standardized language, the unified mdeling language (UML) is a strng candidate as a base fr the aspired mdeling technique. UML is biased twards bject riented sftware develpment. Hwever, it cntains diagrams fr mdeling f the structure f a system, althugh these mechanisms are rarely used (Akehurst & Waters, 1999). The diversity f UML pens the pssibility t create mdeling techniques fr a number f mdels and mdel views supprting the use f engineering principles thrugh the whle (security architecture) design prcess, enabling design fr securability. An ACSA - WAEPSSD 2002 Psitin Paper Page 6/8

7 Security analysis Mdel mdificatin Systembeskriv requirements ningar System descriptin System mdel System cmpnents Figure 5: A framewrk fr analysis and mdificatin f system mdels. Cnclusins There is a need t frmulate methds cvering the chain f develpment steps frm mapping the structure f a system and its envirnment, via the requirements engineering prcess, t the design f security architectures. Systematic design f security architectures requires pwerful mdeling techniques and design methds and tls. The prcess is called design fr securability since a system cannt be designed secure. Even thugh the feasibility f creating a set f security-relevant system characteristics is an pen questin, we believe that system mdels enabling designers and design tls t assess and mdify current and future systems are viable. The frmulatin f the crrespnding mdeling techniques is greatly imprved by the presence f sets f security-relevant system characteristics. Reference ACSA (2002). Prc. Wrkshp n Infrmatin Security System Scring and Ranking. Applied Cmputer Security Assciates. Akehurst, D. & Waters, A. (1999). UML specificatin f distributed system envirnments. Technical Reprt : Cmputing Labratry, University f Kent at Canterbury. UK. Gula, R. (1999). Bradening the scpe pf penetratin-testing techniques - The Tp 14 Things Yur Ethical Hackers-fr-Hire Didn t Test., Schneier, B. (2000). Secrets & Lies Digital Security in a Netwrked Wrld, Jhn Wiley & Sns. An ACSA - WAEPSSD 2002 Psitin Paper Page 7/8

8 [Schudel,Wd00] G. Schudel and B. Wd, Adversary Wrk Factr as a Metric fr Infrmatin Assurance, Prceedings f the New Security Paradigms Wrkshp, Crk, Ireland, Sep , Smmerville, I. & Sawyer, P. (1997). Requirements engineering: a gd practice guide. Chichester: Wiley. Stjerneby, A. (2002). Identificatin f security relevant characteristics in distributed infrmatin systems. Master s Thesis. Linköping University. An ACSA - WAEPSSD 2002 Psitin Paper Page 8/8

Succession Planning & Leadership Development: Your Utility s Bridge to the Future

Succession Planning & Leadership Development: Your Utility s Bridge to the Future Successin Planning & Leadership Develpment: Yur Utility s Bridge t the Future Richard L. Gerstberger, P.E. TAP Resurce Develpment Grup, Inc. 4625 West 32 nd Ave Denver, CO 80212 ABSTRACT A few years ag,

More information

Sample Role Description Immunization Information System (IIS) Testing Analyst

Sample Role Description Immunization Information System (IIS) Testing Analyst Sample Rle Descriptin Immunizatin Infrmatin System (IIS) Testing Analyst Nte: This rle descriptin is meant t ffer sample language and a cmprehensive list f ptential desired respnsibilities with crrespnding

More information

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future

The Importance Advanced Data Collection System Maintenance. Berry Drijsen Global Service Business Manager. knowledge to shape your future The Imprtance Advanced Data Cllectin System Maintenance Berry Drijsen Glbal Service Business Manager WHITE PAPER knwledge t shape yur future The Imprtance Advanced Data Cllectin System Maintenance Cntents

More information

Importance and Contribution of Software Engineering to the Education of Informatics Professionals

Importance and Contribution of Software Engineering to the Education of Informatics Professionals Imprtance and Cntributin f Sftware Engineering t the Educatin f Infrmatics Prfessinals Dr. Tick, József Budapest Plytechnic, Hungary, tick@bmf.hu Abstract: As a result f the Blgna prcess a new frm f higher

More information

FLEET MANAGEMENT SYSTEM

FLEET MANAGEMENT SYSTEM FLEET MANAGEMENT SYSTEM Our web-based Fleet Management Sftware is a functinal system which supprts cmpanies in remving r minimizes the risks assciated with vehicle investment, imprving efficiency, prductivity

More information

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps:

The actions discussed below in this Appendix assume that the firm has already taken three foundation steps: MAKING YOUR MARK 6.1 Gd Practice This sectin presents an example f gd practice fr firms executing plans t enter the resurces sectr supply chain fr the first time, r fr thse firms already in the supply

More information

What is Software Risk Management? (And why should I care?)

What is Software Risk Management? (And why should I care?) What is Sftware Risk Management? (And why shuld I care?) Peter Kulik, KLCI, Inc. 1 st Editin, Octber 1996 Risks are schedule delays and cst verruns waiting t happen. As industry practices have imprved,

More information

Change Management Process

Change Management Process Change Management Prcess B1.10 Change Management Prcess 1. Intrductin This plicy utlines [Yur Cmpany] s apprach t managing change within the rganisatin. All changes in strategy, activities and prcesses

More information

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days

ITIL Service Offerings & Agreement (SOA) Certification Program - 5 Days ITIL Service Offerings & Agreement (SOA) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

ITIL Release Control & Validation (RCV) Certification Program - 5 Days

ITIL Release Control & Validation (RCV) Certification Program - 5 Days ITIL Release Cntrl & Validatin (RCV) Certificatin Prgram - 5 Days Prgram Overview ITIL is a set f best practices guidance that has becme a wrldwide-adpted framewrk fr Infrmatin Technlgy Services Management

More information

Business Intelligence and DataWarehouse workshop

Business Intelligence and DataWarehouse workshop Business Intelligence and DataWarehuse wrkshp Benefits: Enables the Final year BE student/ Junir IT prfessinals t get a perfect blend f thery and practice n Business Intelligence and Data warehuse s as

More information

Business Continuity Management Systems Foundation Training Course

Business Continuity Management Systems Foundation Training Course Certificatin criteria fr Business Cntinuity Management Systems Fundatin Training Curse CONTENTS 1. INTRODUCTION 2. LEARNING OBJECTIVES 3. ENABLING OBJECTIVES KNOWLEDGE & SKILLS 4. TRAINING METHODS 5. COURSE

More information

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1

Improved Data Center Power Consumption and Streamlining Management in Windows Server 2008 R2 with SP1 Imprved Data Center Pwer Cnsumptin and Streamlining Management in Windws Server 2008 R2 with SP1 Disclaimer The infrmatin cntained in this dcument represents the current view f Micrsft Crpratin n the issues

More information

Software Quality Assurance Plan

Software Quality Assurance Plan Sftware Quality Assurance Plan fr AnthrpdEST pipeline System Versin 1.0 Submitted in partial fulfillment f the requirements f the degree f Master f Sftware Engineering Prepared by Luis Fernand Carranc

More information

Software and Hardware Change Management Policy for CDes Computer Labs

Software and Hardware Change Management Policy for CDes Computer Labs Sftware and Hardware Change Management Plicy fr CDes Cmputer Labs Overview The cmputer labs in the Cllege f Design are clsely integrated with the academic needs f faculty and students. Cmputer lab resurces

More information

Data Warehouse Scope Recommendations

Data Warehouse Scope Recommendations Rensselaer Data Warehuse Prject http://www.rpi.edu/datawarehuse Financial Analysis Scpe and Data Audits This dcument describes the scpe f the Financial Analysis data mart scheduled fr delivery in July

More information

How To Measure Call Quality On Your Service Desk

How To Measure Call Quality On Your Service Desk Hw T Measure Call Quality On Yur Service Desk - 1 - Declaratin We believe the infrmatin in this dcument t be accurate, relevant and truthful based n ur experience and the infrmatin prvided t us t date.

More information

Performance Test Modeling with ANALYTICS

Performance Test Modeling with ANALYTICS Perfrmance Test Mdeling with ANALYTICS Jeevakarthik Kandhasamy Perfrmance test Lead Cnsultant Capgemini Financial Services USA jeevakarthik@gmail.cm Abstract Websites and web/mbile applicatins have becme

More information

CDC UNIFIED PROCESS PRACTICES GUIDE

CDC UNIFIED PROCESS PRACTICES GUIDE Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Business Case and t describe the practice verview, requirements, best practices, activities, and key terms related t these

More information

Disk Redundancy (RAID)

Disk Redundancy (RAID) A Primer fr Business Dvana s Primers fr Business series are a set f shrt papers r guides intended fr business decisin makers, wh feel they are being bmbarded with terms and want t understand a cmplex tpic.

More information

Marketing Consultancy Division (MCD) Export Consultancy Unit (ECU) Export in Focus. Export Market Expansion Strategies. Rabi-I, 1427 (April, 2006)

Marketing Consultancy Division (MCD) Export Consultancy Unit (ECU) Export in Focus. Export Market Expansion Strategies. Rabi-I, 1427 (April, 2006) Marketing Cnsultancy Divisin (MCD) Exprt Cnsultancy Unit (ECU) Exprt in Fcus Exprt Market Expansin Strategies Rabi-I, 1427 (April, 2006) 1 Exprt Market Expansin Strategies Intrductin It is clear that glbalizatin

More information

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply

Request for Resume (RFR) CATS II Master Contract. All Master Contract Provisions Apply Sectin 1 General Infrmatin RFR Number: (Reference BPO Number) Functinal Area (Enter One Only) F50B3400026 7 Infrmatin System Security Labr Categry A single supprt resurce may be engaged fr a perid nt t

More information

Better Practice Guide Financial Considerations for Government use of Cloud Computing

Better Practice Guide Financial Considerations for Government use of Cloud Computing Better Practice Guide Financial Cnsideratins fr Gvernment use f Clud Cmputing Nvember 2011 Intrductin Many Australian Gvernment agencies are in the prcess f cnsidering the adptin f clud-based slutins.

More information

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012

Research Report. Abstract: The Emerging Intersection Between Big Data and Security Analytics. November 2012 Research Reprt Abstract: The Emerging Intersectin Between Big Data and Security Analytics By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm Nvember 2012 2012 by The Enterprise Strategy Grup, Inc.

More information

Network Security Trends in the Era of Cloud and Mobile Computing

Network Security Trends in the Era of Cloud and Mobile Computing Research Reprt Abstract: Netwrk Security Trends in the Era f Clud and Mbile Cmputing By Jn Oltsik, Senir Principal Analyst and Bill Lundell, Senir Research Analyst With Jennifer Gahm, Senir Prject Manager

More information

Phi Kappa Sigma International Fraternity Insurance Billing Methodology

Phi Kappa Sigma International Fraternity Insurance Billing Methodology Phi Kappa Sigma Internatinal Fraternity Insurance Billing Methdlgy The Phi Kappa Sigma Internatinal Fraternity Executive Bard implres each chapter t thrughly review the attached methdlgy and plan nw t

More information

TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE

TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE TOWARDS OF AN INFORMATION SERVICE TO EDUCATIONAL LEADERSHIPS: BUSINESS INTELLIGENCE AS ANALYTICAL ENGINE OF SERVICE A N D R E I A F E R R E I R A, A N T Ó N I O C A S T R O, D E L F I N A S Á S O A R E

More information

SECTION 5: EVALUATION METHODOLOGY

SECTION 5: EVALUATION METHODOLOGY SECTION 5: EVALUATION METHODOLOGY The State f Oklahma will cnduct a cmprehensive, fair, and impartial evaluatin f bids received in respnse t this ITB. Technical and Cst Bids will be evaluated and scred

More information

Service Management - Framework 2013

Service Management - Framework 2013 Service - Framewrk 2013 Getting Started Right with Service System Netwrk Firewall Sftware Service App With the right framewrk, enterprises f almst any size small t large can implement effective functinal

More information

Position Paper on In-Network Object Cloud Architecture and Design Goals. Interconnecting Smart Objects with Internet Workshop 25 th March 2011

Position Paper on In-Network Object Cloud Architecture and Design Goals. Interconnecting Smart Objects with Internet Workshop 25 th March 2011 Architecture and Design Gals Intercnnecting Smart Objects with Internet Wrkshp 25 th March 2011 Alex Galis Stuart Clayman University Cllege Lndn Department

More information

Systems Load Testing Appendix

Systems Load Testing Appendix Systems Lad Testing Appendix 1 Overview As usage f the Blackbard Academic Suite grws and its availability requirements increase, many custmers lk t understand the capability f its infrastructure. As part

More information

Job Profile Data & Reporting Analyst (Grant Fund)

Job Profile Data & Reporting Analyst (Grant Fund) Jb Prfile Data & Reprting Analyst (Grant Fund) Directrate Lcatin Reprts t Hurs Finance Slihull Finance Directr Nminally 37 hurs but peratinally available at all times t meet Cmpany requirements Cntract

More information

WEB APPLICATION SECURITY TESTING

WEB APPLICATION SECURITY TESTING WEB APPLICATION SECURITY TESTING Cpyright 2012 ps_testware 1/7 Intrductin Nwadays every rganizatin faces the threat f attacks n web applicatins. Research shws that mre than half f all data breaches are

More information

How to put together a Workforce Development Fund (WDF) claim 2015/16

How to put together a Workforce Development Fund (WDF) claim 2015/16 Index Page 2 Hw t put tgether a Wrkfrce Develpment Fund (WDF) claim 2015/16 Intrductin What eligibility criteria d my establishment/s need t meet? Natinal Minimum Data Set fr Scial Care (NMDS-SC) and WDF

More information

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013

Research Report. Abstract: Advanced Malware Detection and Protection Trends. September 2013 Research Reprt Abstract: Advanced Malware Detectin and Prtectin Trends By Jn Oltsik, Senir Principal Analyst With Jennifer Gahm, Senir Prject Manager September 2013 2013 by The Enterprise Strategy Grup,

More information

What broader insights would you want to explore first to answer the CEO s questions?

What broader insights would you want to explore first to answer the CEO s questions? Setup The CEO f a majr client has requested a shrt-term study examining a small part f the client s prduct prtfli. The cmpany has a small divisin that manufactures autmatic drip cffeemakers fr the US and

More information

Data Protection Act Data security breach management

Data Protection Act Data security breach management Data Prtectin Act Data security breach management The seventh data prtectin principle requires that rganisatins prcessing persnal data take apprpriate measures against unauthrised r unlawful prcessing

More information

Writing a Compare/Contrast Essay

Writing a Compare/Contrast Essay Writing a Cmpare/Cntrast Essay As always, the instructr and the assignment sheet prvide the definitive expectatins and requirements fr any essay. Here is sme general infrmatin abut the rganizatin fr this

More information

HUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL

HUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL INTERNATIONAL LABOUR ORGANISATION ACT/EMP PUBLICATIONS [Tp] HUMAN RESOURCE DEVELOPMENT FOR ADJUSTMENT AT THE ENTERPRISE LEVEL Training Prgramme (Edited by C.S. Venkata Ratnam) [Next] Table f Cntents Intrductin

More information

Business Plan Overview

Business Plan Overview Business Plan Overview Organizatin and Cntent Summary A business plan is a descriptin f yur business, including yur prduct yur market, yur peple and yur financing needs. Yu shuld cnsider that a well prepared

More information

To achieve these objectives we will use a combination of lectures, cases, class discussion, and exercises.

To achieve these objectives we will use a combination of lectures, cases, class discussion, and exercises. 95-730 E-business Technlgy and Management Curse Descriptin The Internet, and assciated technlgies, are nw an established element f the IT prtfli f rganizatins in bth the public and private sectrs. Experiments

More information

Data Abstraction Best Practices with Cisco Data Virtualization

Data Abstraction Best Practices with Cisco Data Virtualization White Paper Data Abstractin Best Practices with Cisc Data Virtualizatin Executive Summary Enterprises are seeking ways t imprve their verall prfitability, cut csts, and reduce risk by prviding better access

More information

EASTERN ARIZONA COLLEGE Database Design and Development

EASTERN ARIZONA COLLEGE Database Design and Development EASTERN ARIZONA COLLEGE Database Design and Develpment Curse Design 2011-2012 Curse Infrmatin Divisin Business Curse Number CMP 280 Title Database Design and Develpment Credits 3 Develped by Sctt Russell/Revised

More information

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES

UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES UNIVERSITY OF CALIFORNIA MERCED PERFORMANCE MANAGEMENT GUIDELINES REFERENCES AND RELATED POLICIES A. UC PPSM 2 -Definitin f Terms B. UC PPSM 12 -Nndiscriminatin in Emplyment C. UC PPSM 14 -Affirmative

More information

To transform information into knowledge- a firm must expend additional resources to discover, patterns, rules, and context where the knowledge works

To transform information into knowledge- a firm must expend additional resources to discover, patterns, rules, and context where the knowledge works Chapter 15- Managing Knwledge Knwledge Management Landscape Knwledge management systems- supprt the creatin, capture, strage, and disseminatin f firm expertise and knwledge, have becme ne f the fastest-grwing

More information

Internet and E-Mail Policy User s Guide

Internet and E-Mail Policy User s Guide Internet and E-Mail Plicy User s Guide Versin 2.2 supprting partnership in mental health Internet and E-Mail Plicy User s Guide Ver. 2.2-1/5 Intrductin Health and Scial Care requires a great deal f cmmunicatin

More information

Mobile Telecom Expense Management

Mobile Telecom Expense Management Mbile Telecm Expense Management Quick Start Mbile Telecm Expense Management Intrductin The BT Mbile Telecm Expense Management Quick Start Service is part BT Managed Mbility Expenses* BT s suite f telecm

More information

Key Steps for Organizations in Responding to Privacy Breaches

Key Steps for Organizations in Responding to Privacy Breaches Key Steps fr Organizatins in Respnding t Privacy Breaches Purpse The purpse f this dcument is t prvide guidance t private sectr rganizatins, bth small and large, when a privacy breach ccurs. Organizatins

More information

How to Reduce Project Lead Times Through Improved Scheduling

How to Reduce Project Lead Times Through Improved Scheduling Hw t Reduce Prject Lead Times Thrugh Imprved Scheduling PROBABILISTIC SCHEDULING & BUFFER MANAGEMENT Cnventinal Prject Scheduling ften results in plans that cannt be executed and t many surprises. In many

More information

Business Intelligence represents a fundamental shift in the purpose, objective and use of information

Business Intelligence represents a fundamental shift in the purpose, objective and use of information Overview f BI and rle f DW in BI Business Intelligence & Why is it ppular? Business Intelligence Steps Business Intelligence Cycle Example Scenaris State f Business Intelligence Business Intelligence Tls

More information

GOLDBLUM & HESS Attorneys at Law

GOLDBLUM & HESS Attorneys at Law GOLDBLUM & HESS Attrneys at Law PRACTICE LIMITED TO IMMIGRATION, NATIONALITY, AND CONSULAR LAW Jane W. Gldblum* Wendy Castr Hess** 101 GREENWOOD AVENUE PHONE: (215) 885-3600 JENKINTOWN PLAZA, SUITE 380

More information

INTEGRATING & AUTOMATING SECURITY ENGINEERING IN UML

INTEGRATING & AUTOMATING SECURITY ENGINEERING IN UML INTEGRATING & AUTOMATING SECURITY ENGINEERING IN UML Antni Maña, J.A. Mntenegr, Francisc Sánchez, Dieg Ray, Mariemma Yagüe Cmputer Science Department. University f Malaga ETSI Infrmática. Campus Teatins.

More information

The AppSec How-To: Choosing a SAST Tool

The AppSec How-To: Choosing a SAST Tool The AppSec Hw-T: Chsing a SAST Tl Surce Cde Analysis Made Easy GIVEN THE WIDE RANGE OF SOURCE CODE ANALYSIS TOOLS, SECURITY PROFESSIONALS, AUDITORS AND DEVELOPERS ALIKE ARE FACED WITH THE QUESTION: Hw

More information

AHI. Foreign Pre-Approval Inspections (PAIs) Points to Consider

AHI. Foreign Pre-Approval Inspections (PAIs) Points to Consider AHI Freign Pre-Apprval Inspectins (PAIs) Pints t Cnsider The fllwing suggestins are intended t prvide spnsr guidance fr timeliness and predictability f freign PAIs. The FDA Center fr Veterinary Medicine

More information

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013

Version: Modified By: Date: Approved By: Date: 1.0 Michael Hawkins October 29, 2013 Dan Bowden November 2013 Versin: Mdified By: Date: Apprved By: Date: 1.0 Michael Hawkins Octber 29, 2013 Dan Bwden Nvember 2013 Rule 4-004J Payment Card Industry (PCI) Patch Management (prpsed) 01.1 Purpse The purpse f the Patch

More information

GENERAL EDUCATION. Communication: Students will effectively exchange ideas and information using multiple methods of communication.

GENERAL EDUCATION. Communication: Students will effectively exchange ideas and information using multiple methods of communication. Prcedure 3.12 (f) GENERAL EDUCATION General educatin unites cllege students frm diverse areas by adding breadth and depth t their prgrams f study. General educatin cncepts, framewrks, and/r patterns f

More information

Defining Sales Campaign Automation How e-mail, the Killer App, is best applied to marketing

Defining Sales Campaign Automation How e-mail, the Killer App, is best applied to marketing Defining Sales Campaign Autmatin Hw e-mail, the Killer App, is best applied t marketing Summary: Cmpanies tday are steadily adpting strategies and technlgies t reach prspects, custmers, and partners thrugh

More information

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days

ITIL V3 Planning, Protection and Optimization (PPO) Certification Program - 5 Days ITIL V3 Planning, Prtectin and Optimizatin (PPO) Certificatin Prgram - 5 Days Prgram Overview The ITIL Intermediate Qualificatin: Planning, Prtectin and Optimizatin (PPO) Certificate is a free-standing

More information

Standardization or Harmonization? You need Both

Standardization or Harmonization? You need Both Standardizatin r? Yu need Bth Albrecht Richen and Ansgar Steinhrst Recently the CFO f a majr cnsumer electrnics cmpany stated, We dn t need standardizatin f ur wrldwide prcesses, we need harmnizatin. Is

More information

System Business Continuity Classification

System Business Continuity Classification System Business Cntinuity Classificatin Business Cntinuity Prcedures Infrmatin System Cntingency Plan (ISCP) Business Impact Analysis (BIA) System Recvery Prcedures (SRP) Cre Infrastructure Criticality

More information

ONGOING FEEDBACK AND PERFORMANCE MANAGEMENT. A. Principles and Benefits of Ongoing Feedback

ONGOING FEEDBACK AND PERFORMANCE MANAGEMENT. A. Principles and Benefits of Ongoing Feedback ONGOING FEEDBACK AND PERFORMANCE MANAGEMENT A. Principles and Benefits f Onging Feedback While it may seem like an added respnsibility t managers already "full plate," managers that prvide nging feedback

More information

Michigan Transfer Agreement (MTA) Frequently Asked Questions for College Personnel

Michigan Transfer Agreement (MTA) Frequently Asked Questions for College Personnel Michigan Transfer Agreement (MTA) Frequently Asked Questins fr Cllege Persnnel What happened t the MACRAO Agreement? Originally signed in 1972, the MACRAO agreement has been used successfully by many students

More information

Corporate Standards for data quality and the collation of data for external presentation

Corporate Standards for data quality and the collation of data for external presentation The University f Kent Crprate Standards fr data quality and the cllatin f data fr external presentatin This paper intrduces a set f standards with the aim f safeguarding the University s psitin in published

More information

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA

HEALTH INFORMATION EXCHANGE GRANTS CRITERIA 1 HEALTH INFORMATION EXCHANGE GRANTS CRITERIA INTRODUCTION On August, 20 th, the federal Office f the Natinal Crdinatr fr Health Infrmatin Technlgy (ONC) released an pprtunity fr states t apply fr between

More information

Professional Leaders/Specialists

Professional Leaders/Specialists Psitin Prfile Psitin Lcatin Reprting t Jb family Band BI/Infrmatin Manager Wellingtn Prfessinal Leaders/Specialists Band I Date February 2013 1. POSITION PURPOSE The purpse f this psitin is t: Lead and

More information

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite

Licensing the Core Client Access License (CAL) Suite and Enterprise CAL Suite Vlume Licensing brief Licensing the Cre Client Access License (CAL) Suite and Enterprise CAL Suite Table f Cntents This brief applies t all Micrsft Vlume Licensing prgrams. Summary... 1 What s New in This

More information

Appendix H. Annual Risk Assessment and Audit Plan 2013/14

Appendix H. Annual Risk Assessment and Audit Plan 2013/14 Annual Risk Assessment and Audit Plan 2013/14 Internal Audit Department September 25, 2013 Table f Cntents Intrductin.. 3 Risk Assessment Prcess... 4 Page 2 Intrductin Each year, the Internal Audit Department

More information

Logical design: defining tables, fields, Primary and Foreign keys, establishing table relationships and levels of data integrity.

Logical design: defining tables, fields, Primary and Foreign keys, establishing table relationships and levels of data integrity. Database Design fr Mere Mrtals A Hands-On Guide t Relatinal Database Design By Michael J. Hernandez Intrductin It is imprtant t have a prperly designed database s that accurate infrmatin can be prvided

More information

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd.

This report provides Members with an update on of the financial performance of the Corporation s managed IS service contract with Agilisys Ltd. Cmmittee: Date(s): Infrmatin Systems Sub Cmmittee 11 th March 2015 Subject: Agilisys Managed Service Financial Reprt Reprt f: Chamberlain Summary Public Fr Infrmatin This reprt prvides Members with an

More information

Document Management Versioning Strategy

Document Management Versioning Strategy 1.0 Backgrund and Overview Dcument Management Versining Strategy Versining is an imprtant cmpnent f cntent creatin and management. Versin management is a key cmpnent f enterprise cntent management. The

More information

Developing Expertise as Coaches of Teachers

Developing Expertise as Coaches of Teachers Develping Expertise as Caches f Teachers Presented by: Elaine M. Bukwiecki, Ed.D. Assciate Prfessr f Literacy Educatin Presented at: 11 th Internatinal Writing Acrss the Curriculum Cnference Savannah,

More information

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation

Chris Chiron, Interim Senior Director, Employee & Management Relations Jessica Moore, Senior Director, Classification & Compensation TO: FROM: HR Officers & Human Resurces Representatives Chris Chirn, Interim Senir Directr, Emplyee & Management Relatins Jessica Mre, Senir Directr, Classificatin & Cmpensatin DATE: May 26, 2015 RE: Annual

More information

Research Findings from the West Virginia Virtual School Spanish Program

Research Findings from the West Virginia Virtual School Spanish Program Research Findings frm the West Virginia Virtual Schl Spanish Prgram Funded by the U.S. Department f Educatin Cnducted by R0cKMAN ETAL San Francisc, CA, Chicag, IL, and Blmingtn, IN Octber 4, 2006 R0cKMAN

More information

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012

Research Report. Abstract: Security Management and Operations: Changes on the Horizon. July 2012 Research Reprt Abstract: Security Management and Operatins: Changes n the Hrizn By Jn Oltsik, Senir Principal Analyst With Kristine Ka and Jennifer Gahm July 2012 2012, The Enterprise Strategy Grup, Inc.

More information

NC3A SOA Techwatch Day Call for Presentations

NC3A SOA Techwatch Day Call for Presentations NC3A SOA Techwatch Day Call fr Presentatins 1 February 2012 Hsted at NATO C3 Agency, The Hague, The Netherlands By NC3A Chief Technlgy Office (CTO) David Burtn Chief Technlgy fficer Versin 1, 1 December

More information

Why Can t Johnny Encrypt? A Usability Evaluation of PGP 5.0 Alma Whitten and J.D. Tygar

Why Can t Johnny Encrypt? A Usability Evaluation of PGP 5.0 Alma Whitten and J.D. Tygar Class Ntes: February 2, 2006 Tpic: User Testing II Lecturer: Jeremy Hyland Scribe: Rachel Shipman Why Can t Jhnny Encrypt? A Usability Evaluatin f PGP 5.0 Alma Whitten and J.D. Tygar This article has three

More information

CDC UNIFIED PROCESS PRACTICES GUIDE

CDC UNIFIED PROCESS PRACTICES GUIDE Dcument Purpse The purpse f this dcument is t prvide guidance n the practice f Risk Management and t describe the practice verview, requirements, best practices, activities, and key terms related t these

More information

Conversations of Performance Management

Conversations of Performance Management Cnversatins f Perfrmance Management Perfrmance Management at Ohi State The Secnd Cnversatin ~ Develpment 2011 The Ohi State University Office f Human Resurces Cntents Intrductin Welcme t Develping Emplyees...

More information

Guidelines on Data Management in Horizon 2020

Guidelines on Data Management in Horizon 2020 Guidelines n Data Management in Hrizn 2020 Versin 1.0 11 December 2013 Guidelines n Data Management in Hrizn 2020 Versin 16 December 2013 Intrductin In Hrizn 2020 a limited pilt actin n pen access t research

More information

Entrepreneur Purchasing Recommendations for CRM

Entrepreneur Purchasing Recommendations for CRM Entrepreneur Purchasing Recmmendatins fr CRM Salesbm.cm Mst business wners wuld tend t agree that they dn't necessarily think f themselves as entrepreneurs, they are just peple running a business, making

More information

QAD Operations BI Metrics Demonstration Guide. May 2015 BI 3.11

QAD Operations BI Metrics Demonstration Guide. May 2015 BI 3.11 QAD Operatins BI Metrics Demnstratin Guide May 2015 BI 3.11 Overview This demnstratin fcuses n ne aspect f QAD Operatins Business Intelligence Metrics and shws hw this functinality supprts the visin f

More information

Completing the CMDB Circle: Asset Management with Barcode Scanning

Completing the CMDB Circle: Asset Management with Barcode Scanning Cmpleting the CMDB Circle: Asset Management with Barcde Scanning WHITE PAPER The Value f Barcding Tday, barcdes are n just abut everything manufactured and are used fr asset tracking and identificatin

More information

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS

INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT CONTENTS INTERNATIONAL STANDARD ON AUDITING 265 COMMUNICATING DEFICIENCIES IN INTERNAL CONTROL TO THOSE CHARGED WITH GOVERNANCE AND MANAGEMENT (Effective fr audits f financial statements fr perids beginning n r

More information

1 Google Apps for Education Henrico County, Virginia

1 Google Apps for Education Henrico County, Virginia 1 Ggle Apps fr Educatin Henric Cunty, Virginia PROGRAM CATEGORY: Infrmatin Technlgy 1. Abstract f the Prgram Henric Cunty Public Schls (HCPS) prides itself n its innvative apprach t instructin. We believe

More information

Dec. 2012. Transportation Management System. An Alternative Traffic Solution for the Logistics Professionals

Dec. 2012. Transportation Management System. An Alternative Traffic Solution for the Logistics Professionals Dec. 2012 Transprtatin Management System An Alternative Traffic Slutin fr the Lgistics Prfessinals What is a TMS-Lite system? What are the features and capabilities f a TMS-Lite system? Why chse a TMS-Lite

More information

System Business Continuity Classification

System Business Continuity Classification Business Cntinuity Prcedures Business Impact Analysis (BIA) System Recvery Prcedures (SRP) System Business Cntinuity Classificatin Cre Infrastructure Criticality Levels Critical High Medium Lw Required

More information

The Town of Fort Frances

The Town of Fort Frances The Twn f Frt Frances PERFORMANCE APPRAISAL POLICY SECTION HUMAN RESOURCES REVISED August 2002 Reslutin N. Supercedes Reslutin N. Plicy Number 3.3 PAGE 1 f 9 1. PURPOSE: The purpse f supprt staff perfrmance

More information

MSc in Civil Engineering (Cycle 2, level 4)

MSc in Civil Engineering (Cycle 2, level 4) Learning utcmes MSc in Civil Engineering (Cnstructin Management) MSc in Civil Engineering (Cycle 2, level 4) Specializatin: Cnstructin Management MSc in Civil Engineering with specializatin in Cnstructin

More information

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT

CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT CASSOWARY COAST REGIONAL COUNCIL POLICY ENTERPRISE RISK MANAGEMENT Plicy Number: 2.20 1. Authrity Lcal Gvernment Act 2009 Lcal Gvernment Regulatin 2012 AS/NZS ISO 31000-2009 Risk Management Principles

More information

How Hillwatch E-Services Uses Best Practices Benchmarking and the Balanced Scorecard

How Hillwatch E-Services Uses Best Practices Benchmarking and the Balanced Scorecard White Paper Hillwatch E-Impact Benchmark and Visitr Pattern Analytics Alignment With Gvernment Web Asset Perfrmance Measurement Hw Hillwatch E-Services Uses Best Practices Benchmarking and the Balanced

More information

Captive outsourcing models

Captive outsourcing models Captive utsurcing mdels India TP hygiene wrkshp Presenter: Vishnu Bagri Octber 23, 2013 2013 Transfer Pricing Assciates Hlding B.V. BACKDROP + India has evlved as a premier utsurcing hub fr IT, ITES, engineering

More information

Aim The aim of a communication plan states the overall goal of the communication effort.

Aim The aim of a communication plan states the overall goal of the communication effort. Develping a Cmmunicatin Plan- Aim Aim The aim f a cmmunicatin plan states the verall gal f the cmmunicatin effrt. Determining the Aim Ask yurself r yur team what the verall gal f the cmmunicatin plan is.

More information

Succession management in the Queensland Public Service

Succession management in the Queensland Public Service Successin management in the Queensland Public Service February 2009 Table f cntents Intrductin... 3 What is successin management?... 3 Why d successin management?... 3 Wh des successin management apply

More information

POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES

POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES POLISH STANDARDS ON HEALTH AND SAFETY AS A TOOL FOR IMPLEMENTING REQUIREMENTS OF THE EUROPEAN DIRECTIVES INTO THE PRACTICE OF ENTERPRISES M. PĘCIŁŁO Central Institute fr Labur Prtectin ul. Czerniakwska

More information

A Model for Automatic Preventive Maintenance Scheduling and Application Database Software

A Model for Automatic Preventive Maintenance Scheduling and Application Database Software Prceedings f the 2010 Internatinal Cnference n Industrial Engineering and Operatins Management Dhaka, Bangladesh, January 9 10, 2010 A Mdel fr Autmatic Preventive Maintenance Scheduling and Applicatin

More information

Symantec User Authentication Service Level Agreement

Symantec User Authentication Service Level Agreement Symantec User Authenticatin Service Level Agreement Overview and Scpe This Symantec User Authenticatin service level agreement ( SLA ) applies t Symantec User Authenticatin prducts/services, such as Managed

More information

Specific Course Objectives (includes SCANS): After studying all materials and resources presented in the course, the student will be able to:

Specific Course Objectives (includes SCANS): After studying all materials and resources presented in the course, the student will be able to: Curse Syllabus ITSC 1425 Persnal Cmputer Hardware Revisin Date: January 12, 2014 Catalg Descriptin: This curse is a study f current persnal cmputer hardware including persnal cmputer assembly and upgrading,

More information

REQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES

REQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES REQUEST FOR PROPOSAL FOR SHAREPOINT LEGISLATIVE MANAGEMENT SERVICES The Wyming Legislature is at a pivtal pint in the management f its infrmatin and we are lking fr an accmplished firm with SharePint technlgy

More information

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag

Considerations for Success in Workflow Automation. Automating Workflows with KwikTag by ImageTag Autmating Wrkflws with KwikTag by ImageTag Cnsideratins fr Success in Wrkflw Autmatin KwikTag balances cmprehensive, feature-rich Transactinal Cntent Management with affrdability, fast implementatin, ease

More information