532 Hits in 5.6 sec

Effect of Using Automated Auditing Tools on Detecting Compliance Failures in Unmanaged Processes [chapter]

Yurdaer Doganata, Francisco Curbera
2009 Lecture Notes in Computer Science  
The effect of using automated auditing tools to detect compliance failures in unmanaged business processes is investigated.  ...  In the absence of a process execution engine, compliance of an unmanaged business process is tracked by using an auditing tool developed based on business provenance technology or employing auditors.  ...  We measure the effectiveness of the tool by its capacity to detect compliance failures during the execution of an unmanaged business process.  ... 
doi:10.1007/978-3-642-03848-8_21 fatcat:3oehjreqfjd23imeopz5vt3ywe

A method of calculating the cost of reducing the risk exposure of non-compliant process instances

Yurdaer N. Doganata, Francisco Curbera
2009 Proceedings of the first ACM workshop on Information security governance - WISG '09  
The risk exposure can be reduced by detecting the non-compliant process instances in advanced with the help of manual audits and automated auditing tools.  ...  A method is introduced to measure the risk of being non-compliant and the cost of reducing the risk by performing internal audits with the help of automated audit tools.  ...  Business Rules and Regulations Sample e-mail based unmanaged business process In order to measure the effectiveness an automated auditing tool in detecting compliance failures over an unmanaged business  ... 
doi:10.1145/1655168.1655172 fatcat:dtgptgddhrgwbfnwhtahnnebie

Designing internal control points in partially managed processes by using business vocabulary

Yurdaer N. Doganata
2011 2011 IEEE 27th International Conference on Data Engineering Workshops  
The challenges of automatically detecting compliance failures in partially managed processes are addressed and a solution is proposed.  ...  In case of unmanaged or partially managed processes, lack of full process visibility and the dependence on in depth knowledge of IT system and business application code are the main challenges of generating  ...  This paper focuses on the challenges of creating internal control points to detect compliance failures automatically where the processes are either unmanaged or partially managed and proposes solutions  ... 
doi:10.1109/icdew.2011.5767636 dblp:conf/icde/Doganata11 fatcat:ba6wvthk5fgwjozpchi2g4u5ga

Risk-based assessment applied to QA GLP audits. How to fulfill regulatory requirements while making the best use of our common sense, knowledge, talents, and resources?

Alain Piton
2008 Annali dell'Istituto Superiore di Sanità  
specific risk assessment tools; x) required level of accuracy; xi) use of risk assessment results for the elaboration of audit plans; xi) nature of information obtained; xii) prioritization; xiii) intrinsic  ...  In this context, the following items are discussed: i) nature of risks associated with the GLP principles and GLP studies; ii) risk in a GLP environment and criteria used to characterize a risk in laboratory  ...  When there is also an element of detectability more sophisticated tools such as failure mode and effects analysis (FMEA), hazard analysis and control of critical points (HACCP), or fault tree analysis  ... 
pmid:19352000 fatcat:yhvhtgauofbdnasix4kkyetbfe

On Development of Platform for Organization Security Threat Analytics and Management (POSTAM) Using Rule-Based Approach

Joseph E. Mbowe, Simon S. Msanjila, George S. Oreku, Khamisi Kalegele
2016 Journal of Software Engineering and Applications  
MySQL database management system was used as back-end for data storage during threat analytic processes.  ...  The integration of organisation's information security policy into threat modeling enhances effectiveness of security strategies for information security management.  ...  Acknowledgements This research is supported by the Nelson Mandela Institution of Science and Technology under the research grant from the Commission for Science and Technology (COSTECH), Tanzania.  ... 
doi:10.4236/jsea.2016.912041 fatcat:zxmt6llf7vgura4el3yhwxlzqq

Italy: Technical Assistance Report-Enhancing Governance and Effectiveness of the Fiscal Agencies

International Monetary Fund
2016 IMF Staff Country Reports  
The industry sector benchmarks developed by AdeE were originally used as both self-help tools for taxpayers and for issue of automated assessments.  ...  As a result of adverse court rulings, the AdeE now uses the tool as a risk indicator for audit case selection.  ...  Periodicity of Value-Added Tax Return Filing in EU Member States Periodicity of VAT Return EU Member State Monthly Bi-Monthly Quarterly Yearly Summarizing Yearly Return Appendix 4.  ... 
doi:10.5089/9781498374446.002 fatcat:5ti67gnievcgljib2k4xn2wfza

Understanding the Security Implications of Kubernetes Networking

Francesco Minna, Agathe Blaise, Filippo Rebecchi, Balakrishnan Chandrasekaran, Fabio Massacci
2021 IEEE Security and Privacy  
Container-orchestration software such as Kubernetes make it easy to deploy and manage modern cloud applications based on microservices.  ...  Yet, its network abstractions pave the way for "unexpected attacks" if we approach cloud network security with the same mental model of traditional network security.  ...  Acknowledgments We thank the reviewers and IEEE Security & Privacy's Editor in Chief Sean Peisert for their comments that greatly helped to improve this article. Any remaining error is our fault.  ... 
doi:10.1109/msec.2021.3094726 fatcat:jjvgufawjvh6rgaaqsvdss3bkm

Cloud Computing: Security Issues

2018 Zenodo  
Many industries are moving towards the cloud due to the efficiency of services provided by the pay-per-use pattern based on the resources such as processing power used, transactions carried out, bandwidth  ...  Cloud computing is an architecture which provides computing service through the internet on demand and pays per use access to a pool of shared resources namely networks, storage, servers, services and  ...  A malicious sniffing detection platform based on ARP (address resolution protocol) and RTT (round trip time) can be used to detect a sniffing system running on a network [11] .  ... 
doi:10.5281/zenodo.1411009 fatcat:blecykrxb5ao5a5dpwy7cxjgwy

The regulatory state in the information age

Julie E. Cohen
2016 Theoretical Inquiries in Law  
The ongoing shift from an industrial mode of development to an informational one has created existential challenges for regulatory models and constructs developed in the context of the industrial economy  ...  Additionally, it must develop institutions capable of exercising effective oversight of informationera activities.  ...  compliance reporting, audit, and automated monitoring and risk management.  ... 
doi:10.1515/til-2016-0015 fatcat:zmfeamk5rvekvo7o24f6fsqpaq

The report of Task Group 100 of the AAPM: Application of risk analysis methods to radiation therapy quality management

M. Saiful Huq, Benedick A. Fraass, Peter B. Dunscombe, John P. Gibbons, Geoffrey S. Ibbott, Arno J. Mundt, Sasa Mutic, Jatinder R. Palta, Frank Rath, Bruce R. Thomadsen, Jeffrey F. Williamson, Ellen D. Yorke
2016 Medical Physics (Lancaster)  
Many errors that occur in radiation oncology are not due to failures in devices and software; rather they are failures in workflow and process.  ...  This report describes the methodology and nomenclature developed, presents the process maps, FMEAs, fault trees, and QM programs developed, and makes suggestions on how this information could be used in  ...  The TG urges vendors to provide automated tools to avoid this daily problem (e.g., use of checksums or other automated checks, automated comparison of EPID dose or dose back-calculated from MLC log-files  ... 
doi:10.1118/1.4947547 pmid:27370140 pmcid:PMC4985013 fatcat:xyc5xz5g2fd67f7zlnrjvog6lu

Preservation Risk Management for Web Resources

Anne R. Kenney, Nancy Y. McGovern, Peter Botticelli, Richard Entlich, Carl Lagoze, Sandra Payette
2002 D-Lib Magazine  
One of our goals is to show how the integrity of unmanaged resources can be raised at minimal cost, using automated routines for monitoring and validating files according to policies established by organizations  ...  The approach will demonstrate how Web crawlers and other automated tools and utilities can be used to identify and quantify risks; to implement appropriate and effective measures to prevent, mitigate,  ... 
doi:10.1045/january2002-kenney fatcat:kotmiekke5fu5mmtazi6zonsdu

What International Experience Can Tell Us about the Potential Challenges of Administering a U.S. VAT

Katherine O. Baer
2013 National tax journal  
General Accountability Offi ce (2008) reviews country experiences, focusing on the effects of VAT design on compliance risks, federal-state coordination issues, and transition issues. 4 The Australian  ...  The recent literature on VAT compliance in the advanced countries is discussed in Organisation for Economic Co-operation and Development (2005).  ...  providing valuable information on and insights into the administration of their VATs/ GSTs.  ... 
doi:10.17310/ntj.2013.2.07 fatcat:ijkpm6n6fjaxjetmm5r234qj7m

D2.2 The COLLABS Level-3 Security Package for Secure Digital Supply Networks: 1st complete version

Panagiotis Rizomiliotis, Konstantinos Tserpes, Aikaterini Triakosia
2021 Zenodo  
(Statistical Analytics and Machine- / Deep-Learning on shared data), T2.5 (Distributed anomaly detection for Industrial IoT) and T2.6 (Workflow-driven security for supply chain and compliance in manufacturing  ...  This the second deliverable of Work Package 2 tasks T2.1 (Tools and methods for secure data sharing), T2.2 (Trustworthiness of data flows), T2.3 (Machine learning-based cognitive security framework), T2.4  ...  FORTH's methodology builds on these feasibility results, but focuses on establishing a procedure to effectively generate intrusion detection signatures in an automated manner.  ... 
doi:10.5281/zenodo.5667012 fatcat:xgzhqfeq6nbwte4h256pntlkau

The Regulatory State in the Information Age [chapter]

Julie E. Cohen
2019 Between Truth and Power  
This chapter explores changes in institutions and processes for economic regulation.  ...  They rely heavily on privatized self-regulation, compliance certification by professional auditors, and financialized review to minimize regulatory burdens and costs, and they have tended to be both opaque  ...  Agencies too suffer the effects of infoglut; notices of proposed rulemaking on controversial issues can elicit many thousands of submissions-including, most recently, automated comments submitted using  ... 
doi:10.1093/oso/9780190246693.003.0007 fatcat:pgjbqabxsndfloxeehjlu5roze

Evaluating Medical IoT (MIoT) Device Security using NISTIR-8228 Expectations [article]

Thomas P. Dover
2021 arXiv   pre-print
How do healthcare organizations (from small Practices to large HDOs) evaluate adherence to the cybersecurity and privacy protection of Medical Internet of Things (MIoT) used in clinical settings?  ...  In so doing it will demonstrate general compliance with both NIST guidance and HIPAA/HITECH requirements.  ...  COMPLIANCE Values are: Compliance Value PROOF-OF-COMPLIANCE (VALIDATION POINT/TOOL) A process, procedure or tool (manual or automated) which is used as auditable proof or evidence that the Expectation  ... 
arXiv:2104.03283v2 fatcat:7tiuso3oqrdkhkr2hhmmijriii
« Previous Showing results 1 — 15 out of 532 results