Ontology-Based Generation of IT-Security Metrics
Legal regulations and industry standards require organizations to measure and maintain a specified IT-security level. Although several IT-security metrics approaches have been developed, a methodology for automatically generating ISO 27001-based IT-security metrics based on concrete organization-specific control implementation knowledge is missing. Based on the security…
Pseudonymisierung für die datenschutzkonforme Speicherung medizinischer Daten
[:en] E-Health erlaubt eine effiziente Kommunikation zwischen Gesundheitsdiensteanbietern (GDA) und somit die bessere Verfügbarkeit medizinischer Daten, wodurch nicht nur die Kosten im Gesundheitswesen reduziert, sondern auch die Qualität der Patientenbehandlung verbessert werden kann. Der wesentliche Nachteil der resultierenden Vernetzung besteht in der zunehmenden Wahrscheinlichkeit unautorisierter…
Workshop-Based Security Safeguard Selection with AURUM
[:en] Organizations are increasingly exposed to manifold threats concerning the security of their valuable business processes. Due to the increasing damage potential, decision makers are permanently forced to pay attention to security issues and are raising their security investments, but often (i) without considering the…
From the Resource to the Business Process Risk Level
Although a variety of information security risk management (ISRM) approaches have been proposed, well-founded methods that provide an answer to the following question are still missing: How can the risk level of a business process be determined by taking the risk levels of the involved…
Ontology-Based Generation of Bayesian Networks
[:en] Bayesian networks are indispensable for determining the probability of events which are influenced by various components. Bayesian probabilities encode degrees of belief about certain events and a dynamic knowledge body is used to strengthen, update, or weaken these assumptions. The creation of Bayesian networks…
AURUM: A Framework for Information Security Risk Management
ieeexplore.ieee.org/xpl/articleDetails.jsp As companies are increasingly exposed to a variety of information security threats, they are permanently forced to pay attention to security issues. Risk management provides an effective approach for measuring the security through risk assessment, risk mitigation and evaluation. Existing risk management approaches are…
Technologies for the Pseudonymization of Medical Data: A Legal Evaluation
[:en] Privacy is one of the fundamental issues in health care today. Although, it is a fundamental right of every individual to demand privacy and a variety of laws were enacted that demand the protection of patients’ privacy, approaches for protecting privacy often do not…
An Evaluation of Technologies for the Pseudonymization of Medical Data
link.springer.com/chapter/10.1007%2F978-3-642-01209-9_5 Privacy is one of the fundamental issues in health care today. Although, it is a fundamental right of every individual to demand privacy and a variety of laws were enacted that demand the protection of patients’ privacy, approaches for protecting privacy often do not…
Business Process-Based Resource Importance Determination
Our Web site redesign was an extremely broad and complicated project, and Harlo handled it beautifully. They walked us through each step of the process and the rank that happy to Answer Questions. But now, well, here’s one that’s a life. Until life’s laughter as…
A Comparison of Security Safeguard Selection Methods
[:en]IT security incidents pose a major threat to the efficient execution of corporate strategies and business processes. Although companies generally spend a lot of money on security companies are often not aware of their spending on security and even more important if these investments into…