• Refine Query
  • Source
  • Publication year
  • to
  • Language
  • 11
  • 1
  • 1
  • 1
  • Tagged with
  • 15
  • 15
  • 9
  • 9
  • 9
  • 9
  • 9
  • 8
  • 4
  • 3
  • 3
  • 3
  • 2
  • 2
  • 2
  • About
  • The Global ETD Search service is a free service for researchers to find electronic theses and dissertations. This service is provided by the Networked Digital Library of Theses and Dissertations.
    Our metadata is collected from universities around the world. If you manage a university/consortium/country archive and want to be added, details can be found on the NDLTD website.
1

A model for monitoring end-user security policy compliance

Alotaibi, Mutlaq January 2017 (has links)
Organisations increasingly perceive their employees as a great asset that needs to be cared for; however, at the same time, they view employees as one of the biggest potential threats to their cyber security. Organizations repeatedly suffer harm from employees who are not obeying or complying with their information security policies. Non-compliance behaviour of an employee, either unintentionally or intentionally, pose a real threat to an organization’s information security. As such, more thought is needed on how to encourage employees to be security compliant and more in line with a security policy of their organizations. Based on the above, this study has proposed a model that is intended to provide a comprehensive framework for raising the level of compliance amongst end-users, with the aim of monitoring, measuring and responding to users’ behaviour with an information security policy. The proposed approach is based on two main concepts: a taxonomy of the response strategy to non-compliance behaviour, and a compliance points system. The response taxonomy is comprised of two categories: awareness raising and enforcement of the security policy. The compliance points system is used to reward compliant behaviour, and penalise noncompliant behaviour. A prototype system has been developed to simulates the proposed model in order to provide a clear image of its functionalities and how it is meant to work. Therefore, it was developed to work as a system that responds to the behaviour of users (whether violation or compliance behaviour) in relation to the information security policies of their organisations. After designing the proposed model and simulating it using the prototype system, it was significant to evaluate the model by interviewing different experts with different backgrounds from academic and industry sectors. Thus, the interviewed experts agreed that the identified research problem is a real problem that needs to be researched and solutions need to be devised. It also can be stated that the overall feedback of the interviewed experts about the proposed model was very encouraging and positive. The expert participants thought that the proposed model addresses the research gap, and offers a novel approach for managing the information security policies.
2

Internal control bei mittelständischen Dienstleistungsgesellschaften eine empirische Studie zur Ausgestaltung der COSO-Zielkategorien

Reichert, Felix January 2009 (has links)
Zugl.: Zürich, Univ., Diss., 2009
3

Rethinking compliance: essential cornerstones for more effectiveness in compliance management

Grüninger, Stephan, Schöttl, Lisa 04 September 2017 (has links)
In the past Compliance Management has often failed, the Volkswagen emissions scandal just being one prominent example. Not everything has to be reinvented, and not everything that companies have done in the past regarding Compliance is wrong. But it is about time to think Compliance in new ways. What does “Compliance Management 2.0” really depend on? The following article aims at laying out the cornerstones for enduring effective Compliance which amongst others comprises sincerity and credibility and a moral foundation. Furthermore, the commitment and role model behavior of top managers and the training of line managers are crucial for the effectiveness of any Compliance Management System (CMS). Ultimately, for Compliance to function efficiently the efforts must be adequate for the respective company and realistic regarding the achievable goals.
4

How to implement an effective Criminal Compliance Management system

Schönborn, Elias, Keimelmayr, Robert 18 June 2023 (has links)
As the number of government investigations in the corporate and public sectors increases worldwide, the interest in implementing effective internal rules to avoid non-compliance with the law and its many negative consequences is growing. In this context, one may think primarily of the general concept of Compliance, without considering its various forms in different areas of law. In particular, Compliance with regard to criminal law - also referred to as 'Criminal Compliance' – has received greater attention in recent years. What applies in general to Compliance is particularly true for Criminal Compliance: Only a Compliance Management System tailored to the individual company can effectively prevent criminal offences.
5

Trends in regulatory expectations and their impact on compliance management in companies

Trossbach, Stephanie 03 November 2022 (has links)
Compliance requirements for companies are growing, especially in the fields of ESG (Environmental, Social, and Corporate Governance) and data privacy. The phenomenon can be observed not only within the EU, but also many other areas of the world. Within the regulatory environment, fostering ESG practices has long since developed from a voluntary commitment to a “real” compliance issue which lawmakers are driving forward with serious sanctions and which courts are also shaping within the framework of the evolving laws. These laws are very complex, often unclear, and intrude deeply into the areas of risk analysis and risk management, which traditionally represent a core responsibility of companies. Many regulations emphasize development and implementation of internal processes within companies. This greatly reduces companies’ discretionary powers, since responsible use of leeway is a core area of entrepreneurial decision-making governed by the business judgment rule. Structurally, we are seeing increased legalization of risks, through which the legislator de facto takes away companies' leeway to make entrepreneurial decisions. Also, the threat of severe fines and uncertainty about the interpretation of legal terms makes it difficult for companies to decide what needs to be done to meet the laws’ requirements and to avoid risk. Looking at the char acter of the regulations, we see value-driven and symbolically-charged laws. However, these laws are anything but “dead letters” - they intervene deeply in companies’ risk management, aim at changing behavior, and have sharp “teeth” in the form of sanctions. The EU may be a particularly fertile source of symbolic legislation, which can serve to create political identity. Companies can, however, choose different ways to deal with these challenges, and they are free to find the right path. Even if lawmakers are increasingly intervening in the way companies carry out risk analyses and the priorities they set in that context, companies should defend their leeway and use it wisely. It is of utmost importance to know the real risks well and to use leeway responsibly. A diligent risk analysis, carefully aligned to a company’s circumstances and needs, is always a good starting point. Perfect knowledge of applicable laws and the company’s operations is a prerequisite for a professional risk assessment and building an effective Compliance Management System (CMS). There is always room for balanced decision-making regarding risk assessment and prioritization in accordance with the business judgment rule and entrepreneurial responsibility.
6

Compliance Risk Analysis: The article is an updated version of a presentation by Dr. Christian Rosinus at the Liechtensteiner Gespräche

Zündorf-Girard, Julian 28 November 2023 (has links)
The text discusses the importance of risk analysis in the context of Compliance Management Systems for companies in German criminal law. It emphasizes that, despite personal criminal liability for individuals, companies can face consequences through special rules for fines or confiscation orders if their representatives commit offenses on behalf of the company. A common offense leading to such consequences is the breach of supervisory duties under Section 130 of the German Act for Administrative Offences (OWiG). The text highlights the necessity of a Compliance Risk Analysis as the foundation for any Compliance Management System. This analysis involves three key steps: identifying structural compliance risks, evaluating the existing compliance management system, and analyzing risks based on consequences and probability. The structural analysis examines existing compliance structures such as guidelines, training, and process descriptions. Key points include the significance of corporate culture in compliance, focusing on the 'tone from the top,' the 'zero-tolerance principle,' and the error culture. The text concludes with the definition and implementation of measures to avoid risks, encouraging regular risk analyses for continuous improvement of compliance management systems. In summary, the text addresses how companies can identify, assess, and manage risks related to legal compliance to establish and maintain effective Compliance Management Systems.
7

Compliance Elliance Journal

DeStefano, Michele, Papathanasiou, Konstantina, Schneider, Hendrik 14 May 2024 (has links)
No description available.
8

Editorial - Compliance in Trade and Information Technology

DeStefano, Michele, Papathanasiou, Konstantina, Schneider, Hendrik 01 November 2024 (has links)
No description available.
9

Compliance Elliance Journal

DeStefano, Michele, Papathanasiou, Konstantina, Schneider, Hendrik 01 November 2024 (has links)
No description available.
10

Ontology mapping: a logic-based approach with applications in selected domains

Wong, Alfred Ka Yiu, Computer Science & Engineering, Faculty of Engineering, UNSW January 2008 (has links)
In advent of the Semantic Web and recent standardization efforts, Ontology has quickly become a popular and core semantic technology. Ontology is seen as a solution provider to knowledge based systems. It facilitates tasks such as knowledge sharing, reuse and intelligent processing by computer agents. A key problem addressed by Ontology is the semantic interoperability problem. Interoperability in general is a common problem in different domain applications and semantic interoperability is the hardest and an ongoing research problem. It is required for systems to exchange knowledge and having the meaning of the knowledge accurately and automatically interpreted by the receiving systems. The innovation is to allow knowledge to be consumed and used accurately in a way that is not foreseen by the original creator. While Ontology promotes semantic interoperability across systems by unifying their knowledge bases through consensual understanding, common engineering and processing practices, it does not solve the semantic interoperability problem at the global level. As individuals are increasingly empowered with tools, ontologies will eventually be created more easily and rapidly at a near individual scale. Global semantic interoperability between heterogeneous ontologies created by small groups of individuals will then be required. Ontology mapping is a mechanism for providing semantic bridges between ontologies. While ontology mapping promotes semantic interoperability across ontologies, it is seen as the solution provider to the global semantic interoperability problem. However, there is no single ontology mapping solution that caters for all problem scenarios. Different applications would require different mapping techniques. In this thesis, we analyze the relations between ontology, semantic interoperability and ontology mapping, and promote an ontology-based semantic interoperability solution. We propose a novel ontology mapping approach namely, OntoMogic. It is based on first order logic and model theory. OntoMogic supports approximate mapping and produces structures (approximate entity correspondence) that represent alignment results between concepts. OntoMogic has been implemented as a coherent system and is applied in different application scenarios. We present case studies in the network configuration, security intrusion detection and IT governance & compliance management domain. The full process of ontology engineering to mapping has been demonstrated to promote ontology-based semantic interoperability.

Page generated in 0.1077 seconds