Filters
total: 319
filtered: 284
-
Catalog
Chosen catalog filters
Search results for: SECURITY, EVIDENCE BASED ARGUMENTS
-
Using evidence based arguments to support trust
PublicationWprowadzono podstawowe koncepcje metodyki TRUST-IT: argumentu i dowodu, modelu argumentacji, szablonu argumentacji, oceny argumentu oraz kontekstu aplikacyjnego. Przedstawiono zakres funkcjonalności, modele udostepniania oraz politykę bezpieczeństwa informacji związane z usługami NOR-STA wspomagającymi zastosowania metodyki TRUST-IT. Przedstawiono również dotychczasowe doświadczenia związane z wdrażaniam uzług NOR-STA w różnych...
-
Challenges in providing support for management of evidence-based arguments
PublicationThe paper considers selected challenges related to the application of evidence based arguments and maps them on the tool support level. In particular, we consider: communication and teamwork, handling large arguments, evidence management and integration, argument assessment and communication, change control and reporting, evidence reuse, user data security and argument portfolio management. Then we explain how these challenges...
-
Using Evidence-based Arguments to Support Dependability Assurance-Experiences and Challenges
PublicationThe article introduces to the problem of evidence-based arguments and their applications. Then, based on the experiences collected during commercial deployment of a concrete solution to this problem (system NOR-STA) we overview selected challenges and the ways of addressing them
-
Using Evidence-based Arguments to Support Dependability Assurance - Experiences and Challenges
PublicationThe presentation introduces to the problem of evidence-based arguments and their applications. Then, based on the experiences collected during development and commercial deployment of a concrete solution to this problem (system NOR-STA) we overview selected challenges and the ways of addressing them.
-
Supporting Cybersecurity Compliance Assessment of Industrial Automation and Control System Components
PublicationThe chapter presents a case study demonstrating how security requirements of an Industrial Automation and Control System (IACS) component can be represented in a form of Protection Profile that is based on IEC 62443 standards and how compliance assessment of such component can be supported by explicitly representing a conformity argument in a form based on the OMG SACM meta-model. It is also demonstrated how an advanced argument...
-
Support for argument structures review and assessment
PublicationArgument structures are commonly used to develop and present cases for safety, security and for other properties of systems. Such structures tend to grow excessively, which causes problems with their review and assessment. Two issues are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant recipients. The paper...
-
Supporting Assurance by Evidence-based Argument Services
PublicationStructured arguments based on evidence are used in many domains, including systems engineering, quality assurance and standards conformance. Development, maintenance and assessment of such arguments is addressed by TRUST-IT methodology outlined in this paper. The effective usage of TRUST-IT requires an adequate tool support. We present a platform of software services, called NOR-STA, available in the Internet, supporting key activities...
-
Approach to security assessment of critical infrastructures' information systems
PublicationThis study presents an approach to the security assessment of the information systems of critical infrastructures. The approach is based on the faithful reconstruction of the evaluated information system in a computer security laboratory followed by simulations of possible threats against the system. The evidence collected during the experiments, stored and organised using a proprietary system InSAW, may later be used for the creation...
-
Choosing the Right Cybersecurity Solution: A Review of Selection and Evaluation Criteria
PublicationInformation technologies evolve continuously reaching pioneering areas that bring in new cybersecurity challenges. Security engineering needs to keep pace with the advancing cyberthreats by providing innovative solutions. At the same time, the foundations that include security and risk assessment methodologies should remain stable. Experts are offered with an extensive portfolio of solutions and an informed choice of a particular...
-
Standards Conformity Framework in comparison with contemporary methods supporting standards application
PublicationAchieving and assessing conformity with standards and compliance with various sets of requirements generates significant costs for contemporary economies. Great deal of this is spent on fulfilment of safety and security requirements. However, standards application is not supported sufficiently by the tools available on the market. Therefore, Standards Conformity Framework (SCF) containing methods and tools which provide support...
-
Meeting Requirements Imposed by Secure Software Development Standards and Still Remaining Agile
PublicationThe paper introduces the AgileSafe method of selecting agile practices for software development projects that are constrained by assurance requirements resulting from safety and/or security related standards. Such requirements are represented by argumentation templates which explain how the evidence collected during agile practices implementation will support the conformity with the requirements. Application of the method is demonstrated...
-
An approach to evaluation of arguments in trust cases
PublicationTrustworthiness of IT systems can be justified using the concept of a trust case. A trust case is an argument structure which encompasses justification and evidence supporting claimed properties of a system. It represents explicitly an expert's way of assessing that a certain object has certain properties. Trust cases can be developed collaboratively on the basis of evidence and justification of varying quality. They can be complex...
-
Expert assessment of arguments: a method and its experimental evaluation
PublicationArgument structures are commonly used to develop and present cases for safety, security and other properties. Such argument structures tend to grow excessively. To deal with this problem, appropriate methods of their assessment are required. Two objectives are of particular interest: (1) systematic and explicit assessment of the compelling power of an argument, and (2) communication of the result of such an assessment to relevant...
-
Assurance Case Patterns On-line Catalogue
PublicationAssurance case is an evidence-based argument demonstrating that a given property of a system (e.g. safety, security) is assured. Assurance cases are developed for high integrity systems, as in many industry domains such argu-ment is explicitly required by regulations. Despite the fact that each assurance case is unique, several reusable argument patterns have been identified and pub-lished. This paper reports work on development...
-
Supporting Compliance with Security Standards by Trust Case Templates
PublicationTrust Cases are used to justify that a given object (a system, an infrastructure, an organization) exhibits certain properties. One of possible applications of trust cases is related to the processes of achieving and demonstrating the compliance with standards. A Trust Case Template derived from a given standard constitutes a skeleton of justification (encompassing evidence and argumentation) of the compliance with the standard....
-
Analysis of an Attenuator Artifact in an Experimental Attack by Gunn–Allison–Abbott Against the Kirchhoff-Law–Johnson-Noise (KLJN) Secure Key Exchange System
PublicationA recent paper by Gunn–Allison–Abbott (GAA) [L. J. Gunn et al., Scientific Reports 4 (2014) 6461] argued that the Kirchhoff-law–Johnson-noise (KLJN) secure key exchange system could experience a severe information leak. Here we refute their results and demonstrate that GAA’s arguments ensue from a serious design flaw in their system. Specifically, an attenuator broke the single Kirchhoff-loop into two coupled loops, which is an...
-
Development of the System Assurance Reference Model for Generating Modular Assurance Cases
PublicationAssurance cases are structured arguments used to demonstrate specific system properties such as safety or security. They are used in many industrial sectors including automotive, aviation and medical devices. Larger assurance cases are usually divided into modules to manage the complexity and distribute the work. Each of the modules is developed to address specific goals allocated to the specific objects i.e. components of the...
-
The KLC Cultures, Tacit Knowledge, and Trust Contribution to Organizational Intelligence Activation
PublicationIn this paper, the authors address a new approach to three organizational, functional cultures: knowledge culture, learning culture, and collaboration culture, named together the KLC cultures. Authors claim that the KLC approach in knowledge-driven organizations must be designed and nourished to leverage knowledge and intellectual capital. It is suggested that they are necessary for simultaneous implementation because no one of...
-
Greencoin: a Proenvironmental Action-Reward System
PublicationThe massive destruction of the natural environment is rapidly eroding the world’s capacity to provide food and water, threatening the security of billions of people. In order to facilitate green lifestyles – understood in terms of both pro-environmental behaviors and green self-image on the one hand, and to build sustainable local and global communities, on the other, we put forward an idea of a novel action-reward system based...
-
Anti-theft lab security system based on RFID
PublicationThe aim of the project is to design and create an electronic system, which can be used to protect laboratory equipment against theft. The main task of the system is to warn a person responsible for the facilities about any attempts made to steal equipment from a laboratory. In a case of an alarm situation, the system emits a sound signal. The concept of the anti-theft security system based on RFID was developed on the basis of...
-
CULTURAL DETERMINANTS OF EVIDENCE-BASED HUMAN RESOURCES MANAGEMENT: A CROSS-COUNTRY ANALYSIS
PublicationPurpose: This paper aims at providing comparative analysis of the influence of cultural determinants on the managers’ perceptions of human resources management practices, as a factor conditioning application of evidence-based management. Design/methodology/approach: This article presents the study of 121 managers in Poland, on their perception of HRM practices and analyses the consistency of findings with the Hofstede cultural...
-
Procedure based functional safety and information security management of industrial automation and control systems on example of the oil port installations
PublicationThe approach addresses selected technical and organization aspects of risk mitigation in the oil port installations with regard to functional safety and security requirements specified in standards IEC 61508, IEC 61511 and IEC 62443. The procedure for functional safety management includes the hazard identification, risk analysis and assessment, specification of overall safety requirements and definition of...
-
Quantum key distribution based on private states: Unconditional security over untrusted channels with zero quantum capacity
PublicationIn this paper, we prove unconditional security for a quantum key distribution (QKD) protocol based on distilling pbits (twisted ebits) from an arbitrary untrusted state that is claimed to contain distillable key. Our main result is that we can verify security using only public communication-via parameter estimation of the given untrusted state. The technique applies even to bound-entangled states, thus extending QKD to the regime...
-
Web-based marine gis for littoral security
PublicationW artykule opisano koncepcję oraz przykładowe zastosowania systemu informacji geograficznej umożliwiającego zbieranie, przetwarzanie, integrowanie oraz wizualizację danych pochodzących z pomiarów bezpośrednich, obrazów lotniczych i satelitarnych oraz systemów hydroakustycznych.Przedstawiono przykłady zastosowania systemu w dziedzinie ochrony strefy przybrzeżnej takie, jak: -monitoring rozprzestrzeniania wylewu olejowego, -monitoring...
-
A model-based approach to analysis of security protocols - a case study
PublicationArtykuł przedstawia zintegrowane środowisko analizy protokołów bezpieczeństwa. Środowisko zostało oparte o znaną metodę formalną CSP oraz wspierające ją narzędzia: Casper oraz FDR. Integralną częścią opisywanego środowiska jest pół-formalne zorientowane obiektowo podejście do modelowania protokołów kryptograficznych, ich kontekstu aplikacyjnego oraz wymagań bezpieczeństwa. Modelowanie obiektowe zostało oparte o język UML oraz...
-
Shadow Economy in Poland Recent Evidence Based on Survey Data
PublicationThe book provides an estimate of the size of the shadow economy in Poland. Using analogous data, it traces core determinants of the existence of the shadow economy in Poland. It compares results with neighbouring countries, and if possible, the remaining Central-Eastern economies. The book tells why the problem of the unreported economic activity matters; it presents the problem from different angles―economic, social and institutional....
-
A Set of Experience-Based Smart Synergy Security Mechanism in Internet of Vehicles
PublicationIn this article, we introduce a novel security mechanism, the Smart Synergy Security (3S). The mechanism uses the Set of Experience Knowledge Structure (SOEKS) and the synergy of security methods in different domains to provide the global optimal security strategy. The proposed strategy is taking into account the characteristics of information security (i.e. confidentiality, integrity, availability, controllability, and reviewability)...
-
Towards an evidence-based probabilistic risk model for ship-grounding accidents
Publication -
Innovative Web-Based Geographic Information System for Municipal Areas and Coastal Zone Security and Threat Monitoring Using EO Satellite Data
PublicationThe paper presents a novel design of a Web-based Safe City & Coastal Zone GIS (SCCZ-GIS). The system integrates data acquired from different remote sensing and geospatial data sources for the purpose monitoring the security of the coastal zone, its inhabitants and Critical Infrastructure. The system utilises several innovative technologies and solutions, and is capable of direct co-operation with different remote sensing data sources...
-
Enhancing Economic Development Through ICT-Based Governance: Evidence for Developing Countries
Publicationhis shows novel empirical evidence on how e-government solutions enhance the emergence of inclusive societies, increase institutional quality, and through that channels dynamize economic development in developing countries. With this aim we examine digital development inequalities adopting 2 core ICT indicators: mobile cellular telephony and Internet users; and gross per capita income and Human Development Index to show the level...
-
Dynamics of productivity in higher education: cross-european evidence based on bootstrapped Malmquist indices
PublicationAbstract This study examines patterns of productivitychange in a large set of 266 public higher educationinstitutions (HEIs) in 7 European countries across the timeperiod 2001-2005. We adopt consistent bootstrap estimationprocedures to obtain confidence intervals for Malmquistindices of HEI productivity and their components.Consequently, we are able to assess the statistical significanceof changes in HEI productivity, efficiency...
-
Taxonomic Position and Phylogeny of the Genus Vargasiella (Orchidaceae, Vandoideae) Based on Molecular and Morphological Evidence
Publication -
Dynamics of productivity in higher education. Cross-European evidence based on bootstrapped Malmquist indices
PublicationThis study presents patterns of productivity change in a large set of 266 public higher education institutions (HEIs) from 7 European countries across the time period 2001-2005. We adopt consistent bootstrap estimation procedures to obtain confidence intervals for Malmquist indices of HEI productivity and their components. Consequently, we are able to assess statistical significance of the changes in HEIs' productivity, efficiency...
-
Evidence-Based Risk Management for Civil Engineering Projects Using Bayesian Belief Networks (BBN)
PublicationThe authors are seeking new methods for improving the efficiency of the investments associated with the maintenance and operation of existing civil engineering structures. It is demonstrated how the knowledge about the elements of construction and operation phases and their relationships, combined with monitoring data can be used for more effective management of the risks associated with civil engineering projects. The methodology...
-
Knowledge-based functional safety and security management in hazardous industrial plants with emphasis on human factors
PublicationExisting and emerging new hazards have significant potential to impact destructively operation of technical systems, hazardous plants, and systems / networks of critical infrastructure. The programmable control and protection systems play nowadays an important role in reducing and controlling risk in the process of hazardous plant operation. It is outlined how to deal with security related hazards concerning such systems to be...
-
Assessing business process complexity based on textual data: Evidence from ITIL IT ticket processing
PublicationPurpose This study aims to draw the attention of business process management (BPM) research and practice to the textual data generated in the processes and the potential of meaningful insights extraction. The authors apply standard natural language processing (NLP) approaches to gain valuable knowledge in the form of business process (BP) complexity concept suggested in the study. It is built on the objective, subjective and meta-knowledge...
-
coMpliAnce with evideNce-based cliniCal guidelines in the managemenT of acute biliaRy pancreAtitis): The MANCTRA-1 international audit
Publication -
Determinants of inward FDI into Visegrad countries: empirical evidence based on panel data for the years 2000–2012
Publication -
Usability of accident and incident reports for evidence-based risk modeling – A case study on ship grounding reports
Publication -
A comparative analysis of the effectiveness of corporate bankruptcy prediction models based on financial ratios: Evidence from Colombia, 2008 to 2015
PublicationLogit and discriminant analyses have been used for corporate bankruptcy prediction in several studies since the last century. In recent years there have been dozens of studies comparing the several models available, including the ones mentioned above and also probit, artificial neural networks, support vector machines, among others. For the first time for Colombia, this paper presents a comparative analysis of the effectiveness...
-
Reduced attention toward faces, intentionality and blame ascription in violent offenders and community‐based adults: Evidence from an eye‐tracking study
Publication -
Warstwowa ocena epidemiologiczna architektury zakładów opiekuńczo-leczniczych i zakładów gieriatycznych = Layer based epidemiological quality assessment of architecture of care security and geriatric wards
PublicationW artykule opisano możliwość wykorzystania autorskiej metody warstwowej oceny epidemiologicznej (WOE) do oceny potencjalnego ryzyka zakażeń w obiektach przeznaczonych dla osób starszych. Materiał i metody: W celu weryfikacji możliwości użycia metody WOE do oceny zagrożeń w zakresie bezpieczeństwa epidemiologicznego środowiska zbudowanego poddano analizie dostępne źródła literatury związane z obowiązującymi w Polsce wymaganiami...
-
Clinical Application of Bioextracts in Supporting the Reproductive System of Animals and Humans: Potential and Limitations
Publication -
Renoprotective and Cardioprotective Potential of Moricandia sinaica (Boiss.) against Carbon Tetrachloride-Induced Toxicity in Rats
Publication -
Evaluation of the Effect of Four Bioactive Compounds in Combination with Chemical Product against Two Spider Mites Tetranychus urticae and Eutetranychus orientalis(Acari: Tetranychidae)
Publication -
In Vivo Efficacy, Toxicity Assessment, and Elemental Analysis of Traditionally Used Polyherbal Recipe for Diarrhea
Publication -
In Vitro Antiproliferative and Antioxidant Effects of Extracts from Rubus caesius Leaves and Their Quality Evaluation
Publication -
On neutral differential equations and the monotone iterative method
PublicationThe application of the monotone iterative method to neutral differential equations with deviating arguments is considered in this paper. We formulate existence results giving sufficient conditions which guarantee that such problems have solutions. This approach is new and to the Authors' knowledge, this is the first paper when the monotone iterative method is applied to neutral first-order differential equations with deviating...
-
Security-oriented agile approach with AgileSafe and OWASP ASVS
PublicationIn this paper we demonstrate a security enhancing approach based on a method called AgileSafe that can be adapted to support the introduction of OWASP ASVS compliant practices focused on improving security level to the agile software development process. We also present results of the survey evaluating selected agile inspired security practices that can be incorporated into an agile process. Based on the survey’s results, these...
-
Approaching Secure Industrial Control Systems
PublicationThis study presents a systematic approach to secure industrial control systems based on establishing a business case followed by the development of a security programme. To support these two fundamental activities the authors propose a new method for security cost estimation and a security assessment scheme. In this study they explain the cost evaluation technique and illustrate with a case study concerning the assessment of the...