Compliance monitor for early warning risk determination

Wirtschaftsinformatik

Volumn 50, Issue 5, 2008, Pages 375-382

  Accorsi, Rafael ^a   Sato, Yoshinori ^b   Kai, Satoshi ^b  

^a UNIVERSITY OF FREIBURG   (Germany)

^b HITACHI LTD   (Japan)

Author keywords

Business compliance; Early warning system; Privacy; Risk indicator

Indexed keywords

EID: 57849117582     PISSN: 09376429     EISSN: None     Source Type: Journal    
DOI: 10.1007/s11576-008-0079-0     Document Type: Article

References (31)

1. Accorsi, Rafael (2006): On the Relationship of Privacy and Secure Remote Logging in Dynamic Systems. In: Fischer-Huebner, Simone; Rannenberg, Kai; Yngstroem, Louise; Lindskog, Stefan (Eds.): International Federation for Information Processing, Security and Privacy in Dynamic Environments vol. 2001, Springer-Verlag, pp. 329-339.
2. Accorsi, Rafael (2008): Automated Audits to Complement the Notion of Control for Identity Management. In: deLeeuw, Elisabeth; Fischer-Huebner, Simone; Iseng, Jimmy; Barking, John (Eds.): Policies and Research in Identity Management, vol. 261 of IFIP, Springer, pp. 39-48.
3. Ashley, Paul; Hada, Satoshi; Karjoth, Guenter; Powers, Calvin; Schunter, Matthias (2003): Enterprise Privacy Authorization Language. IBM Research Report, IBM, Zurich.
4. Bishop, Matt; Bhumiratana, Bhune; Crawford, Rick; Levitt, Carl (2004): How to Sanitize Data. In: Proceedings of the 13th IEEE International Workshops Infrastructure for Collaborative Enterprises, o.P, pp. 217-222.
5. Breaux, Travis; Antón, Annie (2008): Analyzing Regulatory Rules for Privacy and Security Requirements. In: IEEE Transactions of Software Engineering 34 (1), pp. 5-20.
6. Casassa-Mont, Marco; Pearson, Siani; Bramhall, Pete (2003): Towards Accountable Management of Privacy and Identity Information. In: Snekkenes, Einar; Gollmann, Dieter (Eds.): Proceedings of ESORICS, Lecture Notes in Computer Science vol. 2808, Springer-Verlag, 146-161.
7. Dalenius, Tore (1986): Finding a Needle in a Haystack- or Identifying Anonymous Census Record. In: Journal of Official Statistics 2 (3): pp. 329-336.
8. Gama, Pedro; Ferreira, Paulo (2005): Obligation Policies: An Enforcement Platform. In: Proceedings of the 6th International Workshop on Policies for Distributed Systems and Networks, pp. 203-212.
9. Hamlen, Kevin; Morrisett, Greg; Schneider, Fred (2006): Computability Classes for Enforcement Mechanisms. In: ACM Transactions on Programming Languages and Systems 28 (1), pp. 175-205.
10. Hillson, David; Simon, Peter (2007): Practical Project Risk Management: The Atom Methodology. Management Concepts, Inc., USA.
11. Hilty, Manuel; Basin, David; Pretschner, Alexander (2005): On Obligations. In: di Vimercati, Sabrina; Syverson, Paul; Gollmann, Dieter (Eds.): Proceedings of the 10th ESORICS, Lecture Notes in Computer Science, vol. 3679, Springer-Verlag, pp. 98-117.
12. HIPAA (2008): http://www.hipaa.org, retrieved on 2008-05-07.
13. Irwin, Keith; Yu, Ting; Winsborough, William (2006): On the Modelling and Analysis of Obligations. In: Proceedings of the 13th ACM Conference in Computer and Communication Security, pp. 134-143.
14. Kähmer, Martin; Gilliot, Maike (2008a): Extended Privacy Definition Tool. To appear in: Proceedings of 4th Multikonferenz Wirtschaftsinformatik, Lecture Notes in Informatics, Munich.
15. Kähmer, Martin; Gilliot, Maike (2008b): Automating Privacy Compliance with ExPDT. To appear in: IEEE Conference on E-Commerce Technology, Washington.
16. Lampson, Butler; Abadi, Martin; Burrows, Michael; Wobber, Edward (1991): Authentication in Distributed Systems: Theory and Practice. In: ACM Operating Systems Review 25 (5), pp. 165-182.
17. Machanavajjhala, Ashwin; Kifer, Daniel; Gehrke, Johannes; Venkitasubramaniam, Muthuramakrishnan (2007): L-diversity: Privacy beyond k-anonymity. In ACM Transactions of Knowledge Discovery Data 1 (1), pp. 1-52.
18. ABC Usage Control Model. In: ACM Transactions on Information and System Security 7 (1), pp. 128-174.
19. Pretschner, Alexander; Massacci, Fabio; Hilty, Manuel (2007): Usage Control in Service-Oriented Architectures. In: Lambrinoudakis, Costas; Pernul; Günther; Tjoa, A Min (Eds.): Proceedings of the 4th TRUSTBUS, Lecture Notes in Computer Science, vol. 4657, Springer-Verlag, pp. 83-93.
20. Prokein, Oliver (2008): IT-Risikomanagement. Gabler, Wiesbaden.
21. Ribeiro, Carlos; Zúquete, André; Ferreira, Paulo (2001): Enforcing Obligations with Security Monitors. In: Qing, Sihan; Okamoto, Tatusaki; Zhou, Jianying: Proceedings of the the 3rd International Conference on Information and Communications Security, Lecture Notes in Computer Science, vol. 2229, Springer-Verlag, pp. 172-176.
22. Sackmann, Stefan; Strüker, Jens; Accorsi, Rafael (2006): Personalization in Privacy-Aware Highly Dynamic Systems. In: Communications of the ACM 49 (9), pp. 32-38.
23. Sato, Yoshinori; Kawasaki, Akihiko (2007): An Anonymization Technique with Considering Identification Risk. In: Proceedings of Multimedia, Distributed, Cooperative, and Mobile Symposium, Japan, pp.1182-1189.
24. Schneider, Fred (2000): Enforceable Security Policies. In: ACM Transactions on Information System Security 3 (1), pp. 30-50.
25. Sorebo, Gib (2006): A model for Private Section Compliance in Information Security. In: IT Compliance Journal 2, pp. 7-14.
26. Sweeney, Latanya (2000): Uniqueness of Simple Demographics in the U.S. Population. Research Report in the Carnegie Mellon University, Laboratory for International Data Privacy, Pittsburgh.
27. Sweeney, Latanya (2002): k-anonymity: a model for protecting privacy. In: International Journal on Uncertainty, Fuzziness and Knowledgebased Systems 10 (5), pp. 557-570.
28. Takemura, Akimichi (2000): Minimum Unsafe and Maximum Safe Sets of Variables for Disclosure Risk Assessment of Individual Records in a Microdata Set. In: Journal Japan Statistics Society, 32 pp. 107-117.
29. Takemura, Akimichi (2003): Current Trends in Theoretical Research of Statistical Disclosure Control Problem. In: Proceedings of the Institute of Statistical Mathematics 51 (2), pp. 241-260.
30. Waterfield, Phebe; Casey, John (2005): The Governance of Compliance: Putting Policies into Practice. Consulting Report of Yankee Group Research Inc, USA.
31. Willenborg, Leon; de Waal, Ton (2000): Elements of Statistical Disclosure Control. In: Lecture Notes in Statistics 155, Springer-Verlag, New York.