Global ETD Search

1	A model for monitoring end-user security policy compliance Alotaibi, Mutlaq January 2017 (has links) Organisations increasingly perceive their employees as a great asset that needs to be cared for; however, at the same time, they view employees as one of the biggest potential threats to their cyber security. Organizations repeatedly suffer harm from employees who are not obeying or complying with their information security policies. Non-compliance behaviour of an employee, either unintentionally or intentionally, pose a real threat to an organization’s information security. As such, more thought is needed on how to encourage employees to be security compliant and more in line with a security policy of their organizations. Based on the above, this study has proposed a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy. The proposed approach is based on two main concepts: a taxonomy of the response strategy to non-compliance behaviour, and a compliance points system. The response taxonomy is comprised of two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour, and penalise noncompliant behaviour. A prototype system has been developed to simulates the proposed model in order to provide a clear image of its functionalities and how it is meant to work. Therefore, it was developed to work as a system that responds to the behaviour of users (whether violation or compliance behaviour) in relation to the information security policies of their organisations. After designing the proposed model and simulating it using the prototype system, it was significant to evaluate the model by interviewing different experts with different backgrounds from academic and industry sectors. Thus, the interviewed experts agreed that the identified research problem is a real problem that needs to be researched and solutions need to be devised. It also can be stated that the overall feedback of the interviewed experts about the proposed model was very encouraging and positive. The expert participants thought that the proposed model addresses the research gap, and offers a novel approach for managing the information security policies.
2	Internal control bei mittelständischen Dienstleistungsgesellschaften eine empirische Studie zur Ausgestaltung der COSO-Zielkategorien Reichert, Felix January 2009 (has links) Zugl.: Zürich, Univ., Diss., 2009
3	Rethinking compliance: essential cornerstones for more effectiveness in compliance management Grüninger, Stephan, Schöttl, Lisa 04 September 2017 (has links) In the past Compliance Management has often failed, the Volkswagen emissions scandal just being one prominent example. Not everything has to be reinvented, and not everything that companies have done in the past regarding Compliance is wrong. But it is about time to think Compliance in new ways. What does “Compliance Management 2.0” really depend on? The following article aims at laying out the cornerstones for enduring effective Compliance which amongst others comprises sincerity and credibility and a moral foundation. Furthermore, the commitment and role model behavior of top managers and the training of line managers are crucial for the effectiveness of any Compliance Management System (CMS). Ultimately, for Compliance to function efficiently the efforts must be adequate for the respective company and realistic regarding the achievable goals. Compliance compliance, compliance management info:eu-repo/classification/ddc/343 ddc:343
4	How to implement an effective Criminal Compliance Management system Schönborn, Elias, Keimelmayr, Robert 18 June 2023 (has links) As the number of government investigations in the corporate and public sectors increases worldwide, the interest in implementing effective internal rules to avoid non-compliance with the law and its many negative consequences is growing. In this context, one may think primarily of the general concept of Compliance, without considering its various forms in different areas of law. In particular, Compliance with regard to criminal law - also referred to as 'Criminal Compliance' – has received greater attention in recent years. What applies in general to Compliance is particularly true for Criminal Compliance: Only a Compliance Management System tailored to the individual company can effectively prevent criminal offences. info:eu-repo/classification/ddc/343 ddc:343
5	Trends in regulatory expectations and their impact on compliance management in companies Trossbach, Stephanie 03 November 2022 (has links) Compliance requirements for companies are growing, especially in the fields of ESG (Environmental, Social, and Corporate Governance) and data privacy. The phenomenon can be observed not only within the EU, but also many other areas of the world. Within the regulatory environment, fostering ESG practices has long since developed from a voluntary commitment to a “real” compliance issue which lawmakers are driving forward with serious sanctions and which courts are also shaping within the framework of the evolving laws. These laws are very complex, often unclear, and intrude deeply into the areas of risk analysis and risk management, which traditionally represent a core responsibility of companies. Many regulations emphasize development and implementation of internal processes within companies. This greatly reduces companies’ discretionary powers, since responsible use of leeway is a core area of entrepreneurial decision-making governed by the business judgment rule. Structurally, we are seeing increased legalization of risks, through which the legislator de facto takes away companies' leeway to make entrepreneurial decisions. Also, the threat of severe fines and uncertainty about the interpretation of legal terms makes it difficult for companies to decide what needs to be done to meet the laws’ requirements and to avoid risk. Looking at the char acter of the regulations, we see value-driven and symbolically-charged laws. However, these laws are anything but “dead letters” - they intervene deeply in companies’ risk management, aim at changing behavior, and have sharp “teeth” in the form of sanctions. The EU may be a particularly fertile source of symbolic legislation, which can serve to create political identity. Companies can, however, choose different ways to deal with these challenges, and they are free to find the right path. Even if lawmakers are increasingly intervening in the way companies carry out risk analyses and the priorities they set in that context, companies should defend their leeway and use it wisely. It is of utmost importance to know the real risks well and to use leeway responsibly. A diligent risk analysis, carefully aligned to a company’s circumstances and needs, is always a good starting point. Perfect knowledge of applicable laws and the company’s operations is a prerequisite for a professional risk assessment and building an effective Compliance Management System (CMS). There is always room for balanced decision-making regarding risk assessment and prioritization in accordance with the business judgment rule and entrepreneurial responsibility. info:eu-repo/classification/ddc/343 ddc:343
6	Compliance Risk Analysis: The article is an updated version of a presentation by Dr. Christian Rosinus at the Liechtensteiner Gespräche Zündorf-Girard, Julian 28 November 2023 (has links) The text discusses the importance of risk analysis in the context of Compliance Management Systems for companies in German criminal law. It emphasizes that, despite personal criminal liability for individuals, companies can face consequences through special rules for fines or confiscation orders if their representatives commit offenses on behalf of the company. A common offense leading to such consequences is the breach of supervisory duties under Section 130 of the German Act for Administrative Offences (OWiG). The text highlights the necessity of a Compliance Risk Analysis as the foundation for any Compliance Management System. This analysis involves three key steps: identifying structural compliance risks, evaluating the existing compliance management system, and analyzing risks based on consequences and probability. The structural analysis examines existing compliance structures such as guidelines, training, and process descriptions. Key points include the significance of corporate culture in compliance, focusing on the 'tone from the top,' the 'zero-tolerance principle,' and the error culture. The text concludes with the definition and implementation of measures to avoid risks, encouraging regular risk analyses for continuous improvement of compliance management systems. In summary, the text addresses how companies can identify, assess, and manage risks related to legal compliance to establish and maintain effective Compliance Management Systems. info:eu-repo/classification/ddc/343 ddc:343
7	Compliance Elliance Journal DeStefano, Michele, Papathanasiou, Konstantina, Schneider, Hendrik 14 May 2024 (has links) No description available. info:eu-repo/classification/ddc/343 ddc:343
8	Ontology mapping: a logic-based approach with applications in selected domains Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW January 2008 (has links) In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability. semantic interoperability ontology ontology mapping compliance management network management network security intrusion detection network configuration management integrated network management Mappings (Mathematics)
9	Ontology mapping: a logic-based approach with applications in selected domains Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW January 2008 (has links) In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability. semantic interoperability ontology ontology mapping compliance management network management network security intrusion detection network configuration management integrated network management Mappings (Mathematics)
10	AVALIAÇÃO DA GESTÃO DO SISTEMA DE ESGOTO SANITÁRIO DE SANTANA DO LIVRAMENTO - RS / MANAGEMENT EVALUATION OF THE SEWAGE SYSTEM IN SANTANA DO LIVRAMENTO - RS Pedroso, Claudio Ribeiro 17 August 2015 (has links) The sustainability of quality of life in cities is related especially with the operating conditions of urban Sanitation Services. Environmental quality is a fundamental aspect for urban quality of life and public policies are increasingly attentive to the correct equation of collection and treatment of sewage services, the main component of urban sanitation. This paper analyzes the current state of the collection and treatment systems of Sewage of the city of Santana do Livramento-RS, which is located on the aquifer recharge zone of Guarani, reviews its current weaknesses in terms of operation and coverage of services sewage and also conformities management services in relation to the Municipal Legislation, State and Federal governing this area. The survey included the performance of the main system of collection and treatment current city, its central region, led to the Sewage Treatment Station - ETE's "Imhoff Park", designed in the 1920s and its suitability over the more than eighty years of operation. Were reviewed also detail the non-operational compliance and management of the services that are the responsibility of the Department of Water and Sewerage - DAE, Municipal Municipality created (reformatted) in 1969. We also assessed the prospects of the systems as a whole, identifying some factors that need more care in the evolution of these services. Existing data were used in a Municipal Sanitation Plan developed in 2009/2010. There was a lack of updated records, operating manuals, records and reliable statistical information. The management of the DAE Sanitary sewerage presented several nonconformities in relation to specific legislations in force and the Operating License of the ETE Imhoff Park. Affluent analysis, effluents and receiving body showed, in general, lower average percentages pollutant removal. / A sustentabilidade da qualidade de vida nas cidades está relacionada especialmente com as condições de funcionamento dos serviços de Saneamento Urbano. A qualidade ambiental é um dos aspectos fundamentais para a qualidade de vida urbana e as políticas públicas estão cada vez mais atentas ao correto equacionamento dos serviços de coleta e tratamento dos esgotos sanitários - principal componente do saneamento urbano. O presente trabalho analisa a situação atual dos sistemas de coleta e tratamento dos esgotos sanitários da cidade de Santana do Livramento-RS, que se situa sobre a zona de recarga do aquífero Guarani revisa suas fragilidades atuais, em termos de operação e cobertura dos serviços de esgotos e também de conformidades da gestão dos serviços em relação às legislações municipais, estaduais e federais que disciplinam essa área. A pesquisa incluiu o desempenho do sistema principal de coleta e tratamento da cidade, em sua região central, conduzida para a Estação de Tratamento de Esgotos - ETE do ―Parque do Imhoff‖, projetada na década de 1920 e sua adequação ao longo dos mais de oitenta anos de funcionamento. Revisaram-se também, detalhadamente as não conformidades operacionais e de gestão dos serviços que são de responsabilidade do Departamento de Água e Esgotos DAE, Autarquia Municipal criada (reformatada) em 1969. Foram também avaliadas as perspectivas dos sistemas como um todo, identificando-se alguns fatores que necessitam de maior cuidado na evolução desses serviços. Foram utilizados dados existentes no Plano Municipal de Saneamento Básico elaborado em 2009/2010. Observou-se a inexistência atualizada de cadastros, manuais de operação, registros e informações estatísticas confiáveis. A gestão dos serviços de esgotos sanitários do DAE apresentou diversas não conformidades em relação a legislações específicas em vigência e com a Licença de Operação da ETE do Parque do Imhoff. As análises de afluentes, efluentes e corpo receptor demonstraram, de modo geral, baixas porcentagens médias de remoção de poluentes. Esgotos Sanitários Desempenho de ETEs Conformidades Gestão Poluição de Recursos Hídricos Sewage Performance of Treatment Plants Compliance management Water Resources Pollution CNPQ::ENGENHARIAS::ENGENHARIA CIVIL

Search results