Loading…
#ISSS2017 Vienna has ended

Log in to bookmark your favorites and sync them to your phone or calendar.

Paper-Presentation [clear filter]
Tuesday, July 11
 

14:00

3112 Towards the Definition of a Dynamic/Systemic Assessment for Cyber Security Risks through a Systems Thinking Approach

Armenia, Stefano; Ferreira Franco, Eduardo; Nonino, Fabio; Spagnol,i Emanuele

Stefano Armenia, Università degli Studi di Roma “La Sapienza”
armenia@dis.uniroma1.it

Eduardo Ferreira Franco, Escola Politécnica of University of São Paulo
eduardo.franco@usp.br


Fabio Nonino, Università degli Studi di Roma “La Sapienza”
fabio.nonino@uniroma1.it

Emanuele Spagnoli, PricewaterhouseCoopers
ema.spagno@gmail.com

Nowadays our society is increasingly becoming economic and social dependent on the cyberspace, which includes physical network assets and software based systems. However, the cyberspace is exposed to numerous risks, and there is a constant threat of exploitable vulnerabilities, which could cause significant reputational and economic damages to the companies. For addressing these increasing threats, the Italian National Cyber Security Framework was developed to offer a uniform approach to assessing cyber risks into organizations, as well as to help improve the related security through focused investments. Still, this evaluation is not a straightforward endeavor. Using the principles of the Systems Thinking paradigm, this work presents a way to put into causal relationship the self-assessment risk-categories of the framework by associating them to the various aspects of reference inside a theoretical organizational structure (composed of business areas, process, functions, and roles), hence deriving a systemic causal-effect relationship map capable of evidencing, at least qualitatively for this study, how a change in one or more categories is driving changes also into other ones.

Keywords: National Cyber Security Framework; Cyber-security Risks; System thinking.


Presenters/Facilitators
SA

Stefano Armenia

Università degli Studi di Roma “La Sapienza”
avatar for Emanuele Spagnoli

Emanuele Spagnoli

Associate - Cybersecurity, PricewaterhouseCoopers


Tuesday July 11, 2017 14:00 - 14:30
2nd Floor, Room SR 125, Institut für Computertechnik,TU Wien Gußhausstraße 27-29, 1040 Wien, Austria

14:30

3178 Context Adaptive Modeling Tool in Service Design
Nowadays, analysts and business researchers are modeling a huge number of services. To develop a service accomplishing a simple requirement is quite easy to fulfill and any currently used modeling tool seems to be fully sufficient for the purpose. But is it really true? Are we sure that we can cover (with some level of abstraction) all processes and relationships hidden in the service provision by current modeling tool? We want to elaborate on these questions further.

The situations and services we are currently trying to model become more and more complex. Complexity itself is just one part of the issue. The other one is that the services should work in different contexts. A high number of analysts create simply as many models how many contexts they are able to recognize. Thence, the question is: Are we able to mention the role of the particular service in different contexts using current modeling tools?

Let's take a simple example of a street lighting. There is a try of cities to save money by upgrading street lamps into adjustable LED equipped lamps. The idea is to dim a light when there is no pedestrian nor a driving car on the street. For this purpose, LED lamps need to be equipped with a camera that signals the LED to increase luminosity when a pedestrian or a car is identified. Moreover, once the camera is equipped, it can be used to identify free parking slots on the street, or even to help ensure public safety (passively - by identifying moving people, lighting the street more when needed/actively - by informing a police about suspicious situations).

As it can be seen, there is at first a context of an adjustable lighting to save money. Then we used same devices to identify free parking slots and lastly to ensure a public safety. Whence, we used the same devices and similar data in different contexts to create different services.

If there is an error in some service, it can influence the other services. The problem can be a dysfunction of some cameras or the recognition software resolving in bad illumination of the street, not correct recognition of free parking slots, with no active public safety. If there is just one service deployed at the beginning and the other is added later, it can influence a traffic on the network the data are going through and slow down both service or lower a service reliability.

Therefore, for context modeling, we need to use (or develop) a tool that is not only context adaptive but also accepts the context as a part of the model itself. This tool should have following features:
Enable to decompose any situation into a set of elements
Build any related model by a specific use of those elements in any context
Recognize the differences among the contexts and describe them

Use of such modeling tool for an analysis of a complex service should bring better value for all the service participants. Nevertheless, according to the last service research, services are not only more and more complex, they become more adaptive at the same time. Therefore, we need to develop a modeling tool that will be also adaptive, meaning that it can adapt the model according to the actual context without losing any knowledge, information or relationships from previous contexts. In this paper, we propose such a tool for adaptive context service modeling.

Tuesday July 11, 2017 14:30 - 15:00
2nd Floor, Room SR 125, Institut für Computertechnik,TU Wien Gußhausstraße 27-29, 1040 Wien, Austria

15:00

3044 Social Responsibility and Ethical Issues about Smart Technology Usage
The new forms of smart and artificial intelligent technologies present a great risk to the society (political – ethical challenge). For this reason, the ability of the society's decision makers to prepare an appropriate ethical response is needed.

The paper is focused on the outline the main social, economic, and ethical issues, raised by the faster development of the smart and artificial intelligent products or services in everyday life processes. Smart technologies can today explore their environment, communicate with each other or with humans and help their users. The development and implementation of the smart technologies in the human environment is and it will be influenced by social and economic changes and opening new social and ethical problems in the near future, because smart technologies are now: (i) invading into the sensitive human areas and allow others to come easier for sensible private information in real time; (ii) causing job losses; (iii) replacing humans for tasks such as driving and more demanding (e.g. management of the industrial processes).

The paper presents the issues of technology and human sciences. It is going for a complex subject which is quite often misrepresented, some of the fundamental concepts relating ethics in science and technology are recalled and clarified.

At the conclusion of the paper social responsible model for implementation of the smart technology in human environment will be presented. The purpose of the model is to provide ethical and social norms and thus protect human before the socioeconomic changes caused with the high penetration of smart technologies in human everyday life.

Tuesday July 11, 2017 15:00 - 15:30
2nd Floor, Room SR 125, Institut für Computertechnik,TU Wien Gußhausstraße 27-29, 1040 Wien, Austria