ontology support for ontology support for management
play

Ontology support for Ontology support for Management System Audit - PowerPoint PPT Presentation

Feb 12, 2024 •132 likes •487 views

Ontology support for Ontology support for Management System Audit Management System Audit Programs Programs g Assisted Prot g Assisted Management System Auditing Management System Auditing Prot A. Gehrmann Gehrmann, S. , S.

  1. Ontology support for Ontology support for Management System Audit Management System Audit Programs Programs é g é Assisted Prot é g é Assisted Management System Auditing Management System Auditing Prot A. Gehrmann Gehrmann, S. , S. Ishizu Ishizu A. Aoyama Gakuin Gakuin University, Japan University, Japan Aoyama

  2. Auditing and audit programs Auditing and audit programs • Caution • Caution: The term audit is used in many domains: : The term audit is used in many domains: Management, Computer security, Finance etc., Management, Computer security, Finance etc., • We refer to Management System Audits • We refer to Management System Audits as defined as defined in ISO 19011:2002 ISO 19011:2002: : in – systematic systematic, independent and , independent and documented process documented process for for – obtaining audit evidence and and evaluating evaluating it objectively to it objectively to obtaining audit evidence determine the extent to which to which audit criteria audit criteria are fulfilled; are fulfilled; determine the extent ISO 19011:2002 clause 3.1 audit ISO 19011:2002 clause 3.1 audit • A set of audits for a defined purpose constitutes an • A set of audits for a defined purpose constitutes an audit program; e.g. evaluation of effectiveness of ; e.g. evaluation of effectiveness of audit program management system management system

  3. Problem and approach Problem and approach rd Party Management System Auditing is • 3 • 3 rd Party Management System Auditing is criticized for not delivering values; we see criticized for not delivering values; we see the difficulty to deal with organizational the difficulty to deal with organizational complexity as one main obstacle to value- - complexity as one main obstacle to value adding auditing adding auditing • We understand the management of • We understand the management of complexity of organizations as a main complexity of organizations as a main factor for improvement and propose the factor for improvement and propose the é g é for use of an audit ontology and prot é g é for use of an audit ontology and prot enhancing the value of auditing enhancing the value of auditing

  4. Origins of complexity in 3 rd party auditing Origins of complexity in 3 rd party auditing 1. Third party auditors have to 1. Third party auditors have to deal with hundred of less deal with hundred of less familiar domain concepts in a very short time, but as in a very short time, but as familiar domain concepts human beings can cope only with 7 (+ / - - 2) concepts at 2) concepts at human beings can cope only with 7 (+ / a time a time 2. Management standards are 2. Management standards are generic in nature and give generic in nature and give raise to many interpretational issues, therefore , therefore raise to many interpretational issues fundamental concepts such as Quality, Contract, Design, fundamental concepts such as Quality, Contract, Design, I ntegrity and Availability of I nformation assets lacking I ntegrity and Availability of I nformation assets lacking often on clarity in the context of an organization and often on clarity in the context of an organization and are not shared consistently between the auditee and are not shared consistently between the auditee and the auditors; leads to conceptual inconsistencies / the auditors; leads to conceptual inconsistencies / clashes clashes 3. Many requirements 3. Many requirements might be applicable : Quality and might be applicable : Quality and I nformation Security, I T risk management based, I nformation Security, I T risk management based, ’ s client ’ s Quality Manuals, I nternal Procedures, Auditee ’ Quality Manuals, I nternal Procedures, Auditee s client ’ s ’ s client ’ s quality procedures specification, Auditee ’ s client ’ s quality procedures specification, Auditee 4. Demand on 4. Demand on documentation documentation is high is high 5. Organizational 5. Organizational complexity is high complexity is high (horizontal, vertical) (horizontal, vertical) 6. Auditing needs 6. Auditing needs team communication team communication

  5. Conceptual clashes: Availability Conceptual clashes: Availability SP800- -30 (Appendix A): 30 (Appendix A): • SP800 I SO/ I EC 17799:2000 : I SO/ I EC 17799:2000 : • • • ensuring that authorized that authorized The security goal security goal that generates the that generates the ensuring The requirement for protection against requirement for protection against users have access have access to to users Intentional or accidental attempts to Intentional or accidental attempts to information and associated information and associated – Perform unauthorized deletion of Perform unauthorized deletion of – assets when required assets when required data or data or – Otherwise cause a denial of service Otherwise cause a denial of service – or data or data – Unauthorized use of system Unauthorized use of system – resources resources

  6. é g é Auditing as on- -going knowledge acquisition with Prot going knowledge acquisition with Prot é g é Auditing as on Phase 4 Phase 1 Phase 3 Phase 2

  7. é g é going knowledge acquisition with prot é g é Auditing as on- -going knowledge acquisition with prot Auditing as on Phase 1

  8. é g é going knowledge acquisition with prot é g é Auditing as on- -going knowledge acquisition with prot Auditing as on Phase 2

  9. é g é going knowledge acquisition with prot é g é Auditing as on- -going knowledge acquisition with prot Auditing as on Phase 3

  10. Auditing as on- -going knowledge acquisition with prot going knowledge acquisition with prot é é g g é é Auditing as on Phase 4

  11. A case: The auditee A case: The auditee -Total Business Information Systems Ltd. Total Business Information Systems Ltd.- - - CEO Procurement Finance Technical service IT Hardware Software IT Security Installation Medical Network Testing General Windows Novell Development 5 Levels, 50 Engineers, 10 technical assistants, 10 clerical staff Service: Total network solutions including information security solution

  12. The task ahead The task ahead • 12 Interviews at 5 levels covering variety of • 12 Interviews at 5 levels covering variety of engineering fields engineering fields • Time available is limited to 3 working days • Time available is limited to 3 working days • 2 auditors • 2 auditors • CEO is non • CEO is non- -technician, lawyer technician, lawyer • Managers: Former Hacker, MBA • Managers: Former Hacker, MBA • Students, Part • Students, Part- -timer, non timer, non- -technical clerics technical clerics • 300 pages internal procedures and Management • 300 pages internal procedures and Management standard standard

  13. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  14. TBIS structure -organizational units-

  15. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Conduct interview, Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  16. Selecting stored requirements

  17. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context of a process Select Right Level in organization Select Right interviewee Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  18. Selecting required processes and activities

  19. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Conduct interview, Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  20. Recording an interview

  21. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Gather facts Refer to controlled concepts Move in Organization Link information Confirm findings Make conclusions

  22. C o n c e p t v e r i f i c a t i o n R e q u i r e m e n t s e l e c t i o n e q u i r e m e n t v e r i f i c a t i o n Access to controlled concepts

  23. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  25. Understand Organizational Structure Identify Applicable Requirement Interpret Requirement In context Select Right Level in organization Select Right interviewee Gather facts Verify Common Understanding Move in Organization Link information Confirm findings Make conclusions

  26. The audit console in Protege Organizational Units

Recommend

Ontology-based Diagnostic Decision Support for Radiology Charles E. Kahn, Jr., MD, MS Medical

Ontology-based Diagnostic Decision Support for Radiology Charles E. Kahn, Jr., MD, MS Medical

MIE 2014 Ontology-based Diagnostic Decision Support for Radiology Charles E. Kahn, Jr., MD, MS Medical College of Wisconsin Milwaukee, Wisconsin, USA Goals Apply an ontology of disorders and associated imaging findings for differential

347 views • 23 slides
Ontology Maintenance Ontology Maintenance Support Support Text, Tools, and Theories Text,

Ontology Maintenance Ontology Maintenance Support Support Text, Tools, and Theories Text,

Ontology Maintenance Ontology Maintenance Support Support Text, Tools, and Theories Text, Tools, and Theories Chris Welty Chris Welty IBM Research IBM Research Outline Outline Opening joke Opening joke Motivation

772 views • 29 slides
Ontology Engineering Lecture 7: Top-down (and middle-out) Ontology Development II Maria Keet

Ontology Engineering Lecture 7: Top-down (and middle-out) Ontology Development II Maria Keet

Parts Types of part-whole relations Extending the foundations Ontology Design Patterns Ontology Engineering Lecture 7: Top-down (and middle-out) Ontology Development II Maria Keet email: mkeet@cs.uct.ac.za home: http://www.meteck.org

1.03k views • 81 slides
Towards an Ontology Driven Enhanced Oil Recovery Decision Support System Emilio J. Nunez The

Towards an Ontology Driven Enhanced Oil Recovery Decision Support System Emilio J. Nunez The

Towards an Ontology Driven Enhanced Oil Recovery Decision Support System Emilio J. Nunez The University of Texas W3C Workshop on Semantic Web in Oil & Gas Industry, Houston, December 9,10, 2008 Outline Background Our Focus

1.2k views • 91 slides
In practical terms, developing an ontology includes: defining classes in the ontology,

In practical terms, developing an ontology includes: defining classes in the ontology,

Security & Knowledge Management a.a. 2019/20 In practical terms, developing an ontology includes: defining classes in the ontology, arranging the classes in a taxonomic (subclass superclass) hierarchy, defining

623 views • 33 slides
Some (more) Burning Issues for Ontology Initiatives Background: Current Ontology Work in Bremen

Some (more) Burning Issues for Ontology Initiatives Background: Current Ontology Work in Bremen

John Bateman University of Bremen Some (more) Burning Issues for Ontology Initiatives Background: Current Ontology Work in Bremen Ontology of linguistic semantics (Generalized Upper Model) and its use for natural language processing

676 views • 6 slides
Combining XML querying Combining XML querying with ontology reasoning: with ontology reasoning:

Combining XML querying Combining XML querying with ontology reasoning: with ontology reasoning:

Combining XML querying Combining XML querying with ontology reasoning: with ontology reasoning: Xcerpt and DIG Xcerpt and DIG Wlodek Drabent Artur Wilk Ontology and Rule Integration Workshop Athens, GA November 2006 The problem

492 views • 20 slides
Ontology Engineering Lecture 6: Top-down Ontology Development I Maria Keet email:

Ontology Engineering Lecture 6: Top-down Ontology Development I Maria Keet email:

DOLCE BFO More foundational ontologies Summary Ontology Engineering Lecture 6: Top-down Ontology Development I Maria Keet email: mkeet@cs.uct.ac.za home: http://www.meteck.org Department of Computer Science University of Cape Town, South

1.1k views • 87 slides
Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L.

Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L.

Ontology Development 101: A Guide to Creating Your First Ontology Natalya F. Noy and Deborah L. McGuinness Stanford University, Stanford, CA, 94305 noy@smi.stanford.edu and dlm@ksl.stanford.edu 1 Why develop an ontology? In recent years

281 views • 25 slides
Ontology Engineering Lecture 4: The Web Ontology Language OWL 2 Maria Keet email:

Ontology Engineering Lecture 4: The Web Ontology Language OWL 2 Maria Keet email:

Introduction OWL OWL 2 OWL 2 profiles Beyond OWL 2 Reasoning Ontology Engineering Lecture 4: The Web Ontology Language OWL 2 Maria Keet email: mkeet@cs.uct.ac.za home: http://www.meteck.org Department of Computer Science University of Cape

1.03k views • 85 slides
Ontology Engineering Lecture 8: Bottom-up Ontology Development Maria Keet email:

Ontology Engineering Lecture 8: Bottom-up Ontology Development Maria Keet email:

RDBMSs Thesauri Natural language Ontology Engineering Lecture 8: Bottom-up Ontology Development Maria Keet email: mkeet@cs.uct.ac.za home: http://www.meteck.org Department of Computer Science University of Cape Town, South Africa Semester 2,

1.1k views • 45 slides
OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F.

OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F.

OTAGen: A tunable ontology generator for benchmarking ontology-based agent collaboration F. Ongenae, S. Verstichel, F. De Turck, T. Dhaene, B. Dhoedt, P. Demeester, July 28, 2008 Department of Information Technology - Broadband Communication

924 views • 22 slides
ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju

ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju

ODPReco - A Tool to Recommend Ontology Design Patterns Maleeha Arif Yasvi, Raghava Mutharaju CONTENTS Ontology Vs ODP Why use ODPs in Ontology Approach Our Dataset Ontology Analysis Machine Learning on existing

548 views • 24 slides
Systematic Annotation Mark Voorhies 4/5/2011 The Gene Ontology Three directed acyclic graphs

Systematic Annotation Mark Voorhies 4/5/2011 The Gene Ontology Three directed acyclic graphs

Systematic Annotation Mark Voorhies 4/5/2011 The Gene Ontology Three directed acyclic graphs (aspects): Biological Process Molecular Function Subcellular Component The Gene Ontology The Gene Ontology The AmiGO browser The Gene Ontology

702 views • 24 slides
Ontology matching tutorial J er ome Euzenat Provide an introduction to ontology

Ontology matching tutorial J er ome Euzenat Provide an introduction to ontology

Problem Applications Methods OM & FCA Conclusions Goals of the tutorial Ontology matching tutorial J er ome Euzenat Provide an introduction to ontology matching; . . . and eventually the semantic web; & Start the

381 views • 10 slides
Ontology Engineering Lecture 8: Bottom-up Ontology Development SKOS Maria Keet email:

Ontology Engineering Lecture 8: Bottom-up Ontology Development SKOS Maria Keet email:

Ontology Engineering Lecture 8: Bottom-up Ontology Development SKOS Maria Keet email: mkeet@cs.uct.ac.za home: http://www.meteck.org Department of Computer Science University of Cape Town, South Africa Semester 2, Block I, 2019 Slides by

965 views • 38 slides
Ontology for Indian Music: An Approach for ontology learning from online music forums

Ontology for Indian Music: An Approach for ontology learning from online music forums

3 rd CompMusic Workshop, IIT Madras, Chennai Ontology for Indian Music: An Approach for ontology learning from online music forums Supervisors Joe Cheri Ross Prof. Pushpak Bhattacharyya Prof. Preeti Rao IIT Bombay 1 Objective Augment

891 views • 30 slides
Ontology Jan Pettersen Nytun Knowledge Representation Part I, JPN, UiA 1 Outline S O P

Ontology Jan Pettersen Nytun Knowledge Representation Part I, JPN, UiA 1 Outline S O P

Knowledge Representation Part I Ontology Jan Pettersen Nytun Knowledge Representation Part I, JPN, UiA 1 Outline S O P Knowledge Reasoning / logical Consequence Ontology Ontology in philosophy Ontology in computer

451 views • 33 slides
Auditing Redundant Import in Reuse of a Top Level Ontology for the Drug Discovery Investigations

Auditing Redundant Import in Reuse of a Top Level Ontology for the Drug Discovery Investigations

ICBO 2013 Workshop on Vaccine and Drug Ontology Studies Auditing Redundant Import in Reuse of a Top Level Ontology for the Drug Discovery Investigations Ontology (DDI) Zhe He 1 Christopher Ochs 1 Larisa Soldatova 2 Yehoshua Perl 1 Sivaram

462 views • 20 slides
Ontology Based Information Exchange Management Ontology Based Information Exchange Management

Ontology Based Information Exchange Management Ontology Based Information Exchange Management

Ontology Based Information Exchange Management Ontology Based Information Exchange Management System for Secure Coalition Interoperability System for Secure Coalition Interoperability 21 May 2008 21 May 2008 AFCEA-GMU Critical Issues in

549 views • 32 slides
Music Portal for Last.fm and Myspace ontology (Sharanya Chinnusamy ) B636 Final Project - What

Music Portal for Last.fm and Myspace ontology (Sharanya Chinnusamy ) B636 Final Project - What

Music Portal for Last.fm and Myspace ontology (Sharanya Chinnusamy ) B636 Final Project - What is Ontology ? - Languages used DBTune Myspace ontology Classes: Agent, AudioFile, Country, Genre, MusicArtist, Page Properties: age,

601 views • 7 slides
2014 Ontology Summit & Symposium Big Data and Semantic Web Meet Applied Ontology Summary

2014 Ontology Summit & Symposium Big Data and Semantic Web Meet Applied Ontology Summary

2014 Ontology Summit & Symposium Big Data and Semantic Web Meet Applied Ontology Summary Presented by Presented by Ram D. Sriram Chief, Software and Systems Division Information Technology Laboratory National Institute of Standards and

792 views • 57 slides
Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business

Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business

Gedistribueerde Systemen 2 mei 2000 Ontology-Based Operators Ontology-Based Operators for e-Business Model De- and for e-Business Model De- and Reconstruction Reconstruction Jaap Gordijn Hans Akkermans Free University Amsterdam/Faculty of

328 views • 6 slides
Joint Joint Doctrine Doctrine Ontology as Ontology as Benchmark fo Benchmark for Military r

Joint Joint Doctrine Doctrine Ontology as Ontology as Benchmark fo Benchmark for Military r

Joint Joint Doctrine Doctrine Ontology as Ontology as Benchmark fo Benchmark for Military r Military Informat Information ion Systems Interoper Systems Interoperability ability Barry Smith National Center for Ontological Research

448 views • 44 slides

More recommend