Developing cyber-resilient systems :

Ross, Ron; Pillitteri, Victoria; Graubart, Richard; Bodeau, Deborah; McQuaid, Rosalie

doi:10.6028/nist.sp.800-160v2r1

Cited by 68 publications

(19 citation statements)

References 8 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…From the Sinergia perspective, computational procedures represented products developed by organizational units using facilities – such as physical computer technology and software – to create or reconfigure a facility in the house of the user, who, in turn, affected both the physical and organizational resources of the provider by making use of it. If we consider products and facilities in the I4.0 context as “cyber resources” (Ross et al , 2021), these resources are not purely physical items nor have very clear physical properties (Håkansson and Waluszewski, 2002): computational procedures represent the procedures or routines inscribed in IT systems that allow them to “mimic” the behavior of a business unit (Baraldi and Waluszewski, 2005) with higher standard of reliability and predictability; concurrently, they require low investments in the light of their open-source nature, being, therefore, more suitable for SMEs.…”

Section: Discussionmentioning

confidence: 99%

From knowledge broker to solution provider in the Industry 4.0 setting: the innovation path of a small consulting firm

Mersico

Carloni

Bocconcelli

et al. 2022

JBIM

View full text Add to dashboard Cite

Purpose This study aims to explore the resource development process implemented by a small consulting firm, active in a traditional industrial context, pursuing the innovation path to develop solutions within the Industry 4.0 (I4.0) domain. Design/methodology/approach This study undertakes a single qualitative case study of Sinergia, an Italian innovative small consulting firm. The case study is analyzed through critical events and adopting the 4 R model, developed within the industrial marketing and purchasing (IMP) approach. Findings The analysis highlights a transition from knowledge broker to solution provider, based on a process of networking, with a relevant strategizing effort, and of assembling internal, external and shared resources. Three patterns in the evolution of the company’s innovation path emerge: resource-oriented networking, hybrid resource development and resource assembly. Originality/value The empirical study provides novel empirical evidence over localized innovation processes in I4.0 by exploring the innovation path pursued by a small consulting firm in connection with the local business. The study represents a theoretical development in terms of the 4 R model as it suggests the need to further conceptualize the category of technical resources – including products and facilities – in the increasingly complex I4.0 domain and provides insights on the changing role of actors in networks underpinned by emerging resource structures.

show abstract

Section: Discussionmentioning

confidence: 99%

From knowledge broker to solution provider in the Industry 4.0 setting: the innovation path of a small consulting firm

Mersico

Carloni

Bocconcelli

et al. 2022

JBIM

View full text Add to dashboard Cite

show abstract

“…Attempts towards a standardized definition and related taxonomy have come out only recently from NIST [34], hence sometimes terms such as robustness, business continuity and antifragility, used in different domains, have been considered as synonyms although actually representing different meanings. For example, in the Institute of Electrical and Electronics Engineers (IEEE) Standard 610.12.1990, "robustness is defined as the degree to which a system operates correctly in the presence of exceptional inputs or stressful environmental conditions".…”

Section: B Cybersecurity and Cyber-resiliencementioning

confidence: 99%

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

Flammini

Alcaraz

Bellini

et al. 2024

IEEE Trans. Emerg. Topics Comput.

View full text Add to dashboard Cite

The class of Trustworthy Autonomous Systems (TAS) includes cyber-physical systems leveraging on self-x technologies that make them capable to learn, adapt to changes, and reason under uncertainties in possibly critical applications and evolving environments. In the last decade, there has been a growing interest in enabling artificial intelligence technologies, such as advanced machine learning, new threats, such as adversarial attacks, and certification challenges, due to the lack of sufficient explainability. However, in order to be trustworthy, those systems also need to be dependable, secure, and resilient according to well-established taxonomies, methodologies, and tools. Therefore, several aspects need to be addressed for TAS, ranging from proper taxonomic classification to the identification of research opportunities and challenges. Given such a context, in this paper address relevant taxonomies and research perspectives in the field of TAS. We start from basic definitions and move towards future perspectives, regulations, and emerging technologies supporting development and operation of TAS.

show abstract

“…Starting with authorization and access control, we see the following common differences. While Kane and Browne (2006), some publications by the National Institute of Standards and Technology (NIST) such as Hu et al (2014) and sources from IBM (IBM-Corporation, 2015) use them as synonyms, Bertino et al (2011), Ferrari (2009), Josang (2017), Kizza (2020) and other NIST publications (Ross et al , 2021) clearly differentiate between them.…”

Section: Related Termsmentioning

confidence: 99%

“…We follow (Bertino et al , 2011; Ferrari, 2009; Josang, 2017; Ross et al , 2021; Kizza, 2020) to clearly distinguish between these two terms and discuss our view including associated concepts in the following. A brief overview is given in Figure 1, which also shows how we assign the terms according to the two dimensions:…”

Section: Related Termsmentioning

confidence: 99%

“…While authorization not only refers to the result (authorizations, authorization policy), but also to the process of specifying access policies (Josang, 2017; Kizza, 2020), most sources including (Bertino et al , 2011; Ferrari, 2009; Kane and Browne, 2006; Ross et al , 2021; Hu et al , 2014; Ahmad and Whitworth, 2011) focus on the result only.…”

Section: Related Termsmentioning

confidence: 99%

See 1 more Smart Citation

A systematic literature review for authorization and access control: definitions, strategies and models

Mohamed

Auer

Hofer

et al. 2022

IJWIS

View full text Add to dashboard Cite

Purpose Authorization and access control have been a topic of research for several decades. However, existing definitions are inconsistent and even contradicting each other. Furthermore, there are numerous access control models and even more have recently evolved to conform with the challenging requirements of resource protection. That makes it hard to classify the models and decide for an appropriate one satisfying security needs. Therefore, this study aims to guide through the plenty of access control models in the current state of the art besides this opaque accumulation of terms meaning and how they are related. Design/methodology/approach This study follows the systematic literature review approach to investigate current research regarding access control models and illustrate the findings of the conducted review. To provide a detailed understanding of the topic, this study identified the need for an additional study on the terms related to the domain of authorization and access control. Findings The authors’ research results in this paper are the distinction between authorization and access control with respect to definition, strategies, and models in addition to the classification schema. This study provides a comprehensive overview of existing models and an analysis according to the proposed five classes of access control models. Originality/value Based on the authors’ definitions of authorization and access control along with their related terms, i.e. authorization strategy, model and policy as well as access control model and mechanism, this study gives an overview of authorization strategies and propose a classification of access control models providing examples for each category. In contrast to other comparative studies, this study discusses more access control models, including the conventional state-of-the-art models and novel ones. This study also summarizes each of the literature works after selecting the relevant ones focusing on the database system domain or providing a survey, a classification or evaluation criteria of access control models. Additionally, the introduced categories of models are analyzed with respect to various criteria that are partly selected from the standard access control system evaluation metrics by the National Institute of Standards and Technology.

show abstract

Developing cyber-resilient systems :

Cited by 68 publications

References 8 publications

From knowledge broker to solution provider in the Industry 4.0 setting: the innovation path of a small consulting firm

From knowledge broker to solution provider in the Industry 4.0 setting: the innovation path of a small consulting firm

Towards Trustworthy Autonomous Systems: Taxonomies and Future Perspectives

A systematic literature review for authorization and access control: definitions, strategies and models

Contact Info

Product

Resources

About