Role Mining in Business


Book Description

With continuous growth in the number of information objects and the users that can access these objects, ensuring that access is compliant with company policies has become a big challenge. Role-based Access Control (RBAC) a policy-neutral access control model that serves as a bridge between academia and industry is probably the most suitable security model for commercial applications. Interestingly, role design determines RBAC's cost. When there are hundreds or thousands of users within an organization, with individual functions and responsibilities to be accurately reflected in terms of access permissions, only a well-defined role engineering process allows for significant savings of time and money while protecting data and systems. Among role engineering approaches, searching through access control systems to find de facto roles embedded in existing permissions is attracting increasing interest. The focus falls on role mining, which is applied data mining techniques to automate to the extent possible the role design task. This book explores existing role mining algorithms and offers insights into the automated role design approaches proposed in the literature. Alongside theory, this book acts as a practical guide for using role mining tools when implementing RBAC. Beside a comprehensive survey of role mining techniques deeply rooted in academic research, this book also provides a summary of the role-based approach, access control concepts and describes a typical role engineering process. Among the pioneering works on role mining, this book blends business elements with data mining theory, and thus further extends the applications of role mining into business practice. This makes it a useful guide for all academics, IT and business professionals.




Role Mining In Business: Taming Role-based Access Control Administration


Book Description

With continuous growth in the number of information objects and the users that can access these objects, ensuring that access is compliant with company policies has become a big challenge. Role-based Access Control (RBAC) — a policy-neutral access control model that serves as a bridge between academia and industry — is probably the most suitable security model for commercial applications.Interestingly, role design determines RBAC's cost. When there are hundreds or thousands of users within an organization, with individual functions and responsibilities to be accurately reflected in terms of access permissions, only a well-defined role engineering process allows for significant savings of time and money while protecting data and systems.Among role engineering approaches, searching through access control systems to find de facto roles embedded in existing permissions is attracting increasing interest. The focus falls on role mining, which is applied data mining techniques to automate — to the extent possible — the role design task.This book explores existing role mining algorithms and offers insights into the automated role design approaches proposed in the literature. Alongside theory, this book acts as a practical guide for using role mining tools when implementing RBAC. Besides a comprehensive survey of role mining techniques deeply rooted in academic research, this book also provides a summary of the role-based approach, access control concepts and describes a typical role engineering process.Among the pioneering works on role mining, this book blends business elements with data mining theory, and thus further extends the applications of role mining into business practice. This makes it a useful guide for all academics, IT and business professionals.




Architectural Alignment of Access Control Requirements Extracted from Business Processes


Book Description

Business processes and information systems evolve constantly and affect each other in non-trivial ways. Aligning security requirements between both is a challenging task. This work presents an automated approach to extract access control requirements from business processes with the purpose of transforming them into a) access permissions for role-based access control and b) architectural data flow constraints to identify violations of access control in enterprise application architectures.




Web Data Mining and Applications in Business Intelligence and Counter-Terrorism


Book Description

The explosion of Web-based data has created a demand among executives and technologists for methods to identify, gather, analyze, and utilize data that may be of value to corporations and organizations. The emergence of data mining, and the larger field of Web mining, has businesses lost within a confusing maze of mechanisms and strategies for obta




Security and Privacy - Silver Linings in the Cloud


Book Description

These proceedings contain the papers of IFIP/SEC 2010. It was a special honour and privilege to chair the Program Committee and prepare the proceedings for this conf- ence, which is the 25th in a series of well-established international conferences on security and privacy organized annually by Technical Committee 11 (TC-11) of IFIP. Moreover, in 2010 it is part of the IFIP World Computer Congress 2010 celebrating both the Golden Jubilee of IFIP (founded in 1960) and the Silver Jubilee of the SEC conference in the exciting city of Brisbane, Australia, during September 20–23. The call for papers went out with the challenging motto of “Security & Privacy Silver Linings in the Cloud” building a bridge between the long standing issues of security and privacy and the most recent developments in information and commu- cation technology. It attracted 102 submissions. All of them were evaluated on the basis of their significance, novelty, and technical quality by at least five member of the Program Committee. The Program Committee meeting was held electronically over a period of a week. Of the papers submitted, 25 were selected for presentation at the conference; the acceptance rate was therefore as low as 24. 5% making SEC 2010 a highly competitive forum. One of those 25 submissions could unfortunately not be included in the proceedings, as none of its authors registered in time to present the paper at the conference.




From Database to Cyber Security


Book Description

This Festschrift is in honor of Sushil Jajodia, Professor in the George Mason University, USA, on the occasion of his 70th birthday. This book contains papers written in honor of Sushil Jajodia, of his vision and his achievements. Sushil has sustained a highly active research agenda spanning several important areas in computer security and privacy, and established himself as a leader in the security research community through unique scholarship and service. He has extraordinarily impacted the scientific and academic community, opening and pioneering new directions of research, and significantly influencing the research and development of security solutions worldwide. Also, his excellent record of research funding shows his commitment to sponsored research and the practical impact of his work. The research areas presented in this Festschrift include membrane computing, spiking neural networks, phylogenetic networks, ant colonies optimization, work bench for bio-computing, reaction systems, entropy of computation, rewriting systems, and insertion-deletion systems.




Methodology for Hybrid Role Development


Book Description

"Cybercrime costs firms USD 1 trillion globally" - Headlines like this released by Reuters news agency on 29th January 2009 tend to regularly dominate international press lately. Surveys indicate that insiders like employees are one of the biggest threats to data security within organisations. As a result of improper account management users accumulate a number of excessive rights over time, resulting in the so called identity chaos. In the course of constantly growing IT infrastructures on the one hand, as well as the legislative regulations and law on the other hand, role-based Identity Management in particular has become a means of solving the identity chaos and meeting data security requirements. However, the central challenge organisations face in this context is how to construct a role catalogue for their Identity Management infrastructure. Some companies deal with this issue by applying predominantly manual procedures based on organisational and operational structures. These approaches are known as Role Engineering methodologies. Throughout the last few years, so-called Role Mining methodologies which use Data Mining techniques that cluster existing access rights of employees have evolved as alternative approaches. Recent findings show that a combination of Role Engineering and Role Mining is necessary to define a good collection of roles. This book gives insight into a hybrid tool-supported methodology for cleansing identity and account data and developing business roles for employees using Role Engineering and Role Mining techniques. Its main goals are to increase the overall user management data quality and support companies throughout a semi-automated process of defining roles. The methodology considers existing employee information and access privileges without neglecting organisational structures and business experts' knowledge about the organisation.




Identity Attack Vectors


Book Description

Discover how poor identity and privilege management can be leveraged to compromise accounts and credentials within an organization. Learn how role-based identity assignments, entitlements, and auditing strategies can be implemented to mitigate the threats leveraging accounts and identities and how to manage compliance for regulatory initiatives. As a solution, Identity Access Management (IAM) has emerged as the cornerstone of enterprise security. Managing accounts, credentials, roles, certification, and attestation reporting for all resources is now a security and compliance mandate. When identity theft and poor identity management is leveraged as an attack vector, risk and vulnerabilities increase exponentially. As cyber attacks continue to increase in volume and sophistication, it is not a matter of if, but when, your organization will have an incident. Threat actors target accounts, users, and their associated identities, to conduct their malicious activities through privileged attacks and asset vulnerabilities. Identity Attack Vectors details the risks associated with poor identity management practices, the techniques that threat actors and insiders leverage, and the operational best practices that organizations should adopt to protect against identity theft and account compromises, and to develop an effective identity governance program. What You Will Learn Understand the concepts behind an identity and how their associated credentials and accounts can be leveraged as an attack vector Implement an effective Identity Access Management (IAM) program to manage identities and roles, and provide certification for regulatory compliance See where identity management controls play a part of the cyber kill chain and how privileges should be managed as a potential weak link Build upon industry standards to integrate key identity management technologies into a corporate ecosystem Plan for a successful deployment, implementation scope, measurable risk reduction, auditing and discovery, regulatory reporting, and oversight based on real-world strategies to prevent identity attack vectors Who This Book Is For Management and implementers in IT operations, security, and auditing looking to understand and implement an identity access management program and manage privileges in these environments




Evolutionary Computation in Combinatorial Optimization


Book Description

This book constitutes the refereed proceedings of the 22nd European Conference on Evolutionary Computation in Combinatorial Optimization, EvoCOP 2022, held as part of Evo*2022, in Madrid, Spain, during April 20-21, 2022, co-located with the Evo*2022 events: EvoMUSART, EvoApplications, and EuroGP. The 13 revised full papers presented in this book were carefully reviewed and selected from 28 submissions. They present recent theoretical and experimental advances in combinatorial optimization, evolutionary algorithms, and related research fields.




Information Security Theory and Practice


Book Description

This volume constitutes the refereed proceedings of the 9th IFIP WG 11.2 International Conference(formerly Workshop) on Information Security Theory and Practices, WISTP 2015, held in Heraklion, Crete, Greece, in August 2015. The 14 revised full papers and 4 short papers presented together were carefully reviewed and selected from 52 submissions. WISTP 2015 sought original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of elded systems, the application of security technology, the implementation of systems, and lessons learned. We encouraged submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues.