The article analyzes the regulatory and legal framework of Ukraine in the field of information protection, in order to develop proposals on the improvement of organizational and legal measures aimed at the protection of information resources in specialized information systems of the state authorities of Ukraine. It was imposed the necessity to clearly identify at organizational and legal level the problems of safe operation of specialized information systems, to determine the key threats in the field of information protection and to provide in time new modern legal tools to counteract the threats. The need for reorganization and improvement of organizational and legal measures aimed at information protection was considered. Dialectical, hermeneutic, inductive and deductive methods of analysis and synthesis were used in the research. It was concluded that changing the legal framework in the field of information protection is a time challenge, and only the most rapid modernization of organizational and legal measures aimed at protecting information in specialized information systems will ensure the task of sustainable operation of specialized information systems.
This paper introduces specialized elections. A specialized election randomly assigns each voter to one election, freeing her of voting responsibilities in other elections. By reducing voters' responsibilities, specialized elections encourage more information acquisition. Specialized elections also make campaigning less costly. A shortcoming of specialized elections is the increase in outcome variance resulting from the sampling effect. Whether or not specialized elections improve democratic outcomes hinges upon the tradeoff between more informed voters and greater outcome variance. Sufficient conditions are derived for the increase in information to generate an outcome nearer to that which would be chosen by a fully informed electorate.
The sources of pressure on an organization to improve the management of its environmental performance are many and increasing. They all demand increasing amounts and types of information from the organization. Information technology (IT) provides the means to address both these demands and the data needs which are internal to the organization. A methodical approach is required to determine how IT can best be used. By examining the business processes used to manage environmental performance, the types of data to be handled and the outputs and reports required, the organization can prioritize IT investments. These may be in specialized information systems, but are just as likely to be in general data manipulation tools and communication network enhancements.
In: Trivellato , D 2012 , ' Protecting information in systems of systems ' , Doctor of Philosophy , Mathematics and Computer Science , Eindhoven . https://doi.org/10.6100/IR737558
Systems of systems are coalitions of autonomous and heterogeneous systems that collaborate to achieve a common goal. The component systems of a system of systems often belong to different security domains, which are governed by different authorities (hereafter called parties). Furthermore, systems of systems are mostly dynamic, with systems joining and leaving a coalition at runtime. An example of system of systems is the anti-piracy operation headed by the European Union (EU) that is currently taking place in the Horn of Africa, which involves ships from different EU countries. The security challenges in systems of systems are different from those affecting centralized systems. In a dynamic, inter-organizational coalition of systems, parties might not "know" each other beforehand, might employ different data and organizational models and speak different languages. Nevertheless, they must be able to collaborate for the success of the coalition. We identify four main requirements that an access control framework for systems of systems should satisfy: (1) regulate the access to sensitive information exchanged within a coalition and protect the confidentiality of the collaborating parties' security policies, (2) preserve the autonomy of parties in the choice of organizational models and vocabulary, and (3) guarantee interoperability among parties. In addition, (4) the framework must be easy to use and to deploy into existing systems of systems. Several security frameworks for systems of systems have been proposed in the literature. These frameworks can be divided into two categories: semantic frameworks and trust management (TM) frameworks. Semantic frameworks rely on ontologies for the specification of access control policies and the definition of domain knowledge and context information. This enables interoperability among parties at the cost of limiting the expressive power of the policy language, which does not allow the specification of several types of security constraints (e.g., separation of duty). On the other hand, TM frameworks rely on an attribute-based approach to access control where access decisions are based on digital certificates, called credentials. TM frameworks employ expressive policy languages to regulate the access to sensitive information. However, they either assume all parties in a system of systems to use the same vocabulary, or do not provide a mechanism to align different vocabularies. Furthermore, most TM frameworks compromise the confidentiality of the parties' security policies in the process of deriving the credentials required for an access decision. Thus, none of the existing frameworks satisfies all the security requirements of systems of systems. In this thesis we present an access control framework for systems of systems satisfying all the aforementioned requirements. The framework regulates the access to sensitive information by combining context-aware access control models with TM. Autonomy and interoperability are enabled by the use of ontology-based services. More precisely, parties may refer to different ontologies in the specification of their policies and to describe domain knowledge and context information; this allows each party to employ the organizational model and terminology that they consider more appropriate within their system. A semantic alignment technique is then employed to align their vocabularies, allowing for mutual understanding. A novel distributed algorithm enables parties to derive the credentials required for an access decision without compromising the confidentiality of their policies. The applicability of the proposed framework is demonstrated by a prototype implementation for a scenario in the maritime safety and security domain. In the prototype, all components and services have been implemented following the serviceoriented architecture paradigm to facilitate their integration and deployment into existing systems of systems. The modularity of the framework allows for the integration of additional services to support the evaluation of policies and provide additional functionalities (e.g., a key performance indicator service). Even though our solution has been mainly tested in the maritime safety and security domain, its characteristics make it suitable for many other domains. For example, we have deployed a prototype implementation of the framework also in systems of systems in the e-health and the employability domains. Furthermore, the integration of the framework with ontology-based services makes it a valid candidate for the protection of information on the semantic web.
AbstractAlthough many information systems (IS) design methods and techniques are available to IS professionals, none of them completely supports the design process. One of the problems is that there is a mismatch between IS design method; and the system to be built. Actually, in designing an IS, the methods or techniques employed should match the types and characteristics of the system to be built. Thus paper will explore the relationship between IS types/characteristics and systems design methods, and provide IS designers with a systems framework to develop methods or techniques that match the types and characteristics of IS.
Information is an element of knowledge that can be stored, processed or transmitted. It is linked to concepts of communication, data, knowledge or representation. In a context of steady increase in the mass of information it is difficult to know what information to look for and where to find them. Computer techniques exist to facilitate this research and allow relevant information extraction. Recommendation systems introduced the notions inherent to the recommendation, based, inter alia, information search, filtering, machine learning, collaborative approaches. It also deals with the assessment of such systems and has various applications.
