Nanta Janpitak scite author profile

Information Security Journal: A Global Perspective

2015

Compliance Management (CM) is the management process that an organization implements to ensure organizational compliance with relevant requirements and expectations. The most complicated, time-consuming, and costly process in CM is compliance checking because it requires a person who has a good knowledge in policy to examine whether the current operations meet the policy requirements. Many researchers have tried to study better ways to automate the compliance checking process, but most of them require the operation logs in to the computer systems. This paper proposes a methodology to enable the automation of compliance checking for those operations that have no log in computer systems by using questions and answers principle to cooperate with the semantic web technologies. Since there are some operations that cannot be understood by computer systems, using questions is one way to gather the answers, such as operation log to evaluate their compliance. The proposed methodology can help noncertified auditors perform the compliance checking so that the time and cost of compliance checking would be greatly reduced.

show abstract

Run-time enforcement model for Dynamic Separation of Duty

2010

Separation of duty (SoD) is a primary internal control in many businesses including information systems intended to prevent frauds and errors due to the conflict of interest. To enforce the separation of duty in the information systems, Role-Based Access Control (RBAC) has been proposed and been the most popular access control model in today's security management. This paper focuses on the Dynamic Separation of Duty (DSD) which is one of the four components of the ANSI RBAC standard. To maximize the utilization of human resources, one user is allowed to have multiple mutually exclusive roles but can activate only one role at a time. The DSD does not only provide more flexibility for business system but also create more vulnerability in the separation of duty compliance because of the complication in checking the conflict of interest. This paper proposes a very simple but effective model to solve the problem of the DSD by integrating the workflow sequence to the concept of mutually exclusive roles (MER) constraint. From the proposed model, the conflict of interest can be verified at run time. The system will not allow the continuity of any process if the activation of conflicting users has been found.

show abstract

Information Security Requirement Extraction from Regulatory Documents using GATE/ANNIC

Pipatthanaudomdee

2019

Coin Recovery from Inaccessible Cryptocurrency Wallet Using Unspent Transaction Output

Rakdej

Warasart³

et al. 2019

The novel secure testament methodology for cryptocurrency wallet using mnemonic seed

Lilakiatsakun

Information Security Journal: A Global Perspective

2020