Essay aus dem Jahr 2015 im Fachbereich Informatik - Allgemeines, , Sprache: Deutsch, Abstract: Cloud computing is a new computing technology which has attracted much attention. Unfortunately, it is a risk prone technology since users are sharing remote computing resources, data is held remotely, and clients lack of control over data. Therefore, assessing security risk of cloud is important to establish trust and to increase the level of confidence of cloud service consumers and provide cost effective and reliable service and infrastructure of cloud providers. This paper provides a survey on the state of the art research on risk assessment in the cloud environment.
With the opening of the Indian economy, many multinational corporations are shifting their manufacturing base to India. This includes setting up green field projects or acquiring established business firms of India. The region of this business unit is expanding globally. The variety and size of the customer base is expanding and the business risk related to bad debts is increasing. Close monitoring and analysis of payment trends helps to predict customer behavior and predict the chances of customer financial strength. The present manufacturing companies generate and store tremendous amount of data. The amount of data is so huge that manual analysis of the data is difficult. This creates a great demand for data mining to extract useful information buried within these data sets. One of the major concerns that affect companies investments and profitability is bad debts; this can be reduced by identifying past customer behavior and reaching the suitable payment terms. The Clustering and Prediction module was implemented in WEKA - a free open source software written in Java. This study model can be extended to the development of a general purpose software package to predict payment trends of customers in any organisation. Prof. Jeeva Jose was awarded PhD in Computer Science from Mahatma Gandhi University, Kerala, India and is a faculty member at BPC College, Kerala. Her passion is teaching and areas of interests include World Wide Web, Data Mining and Cyber laws. She has been in higher education for the last 16 years and has completed three research projects funded by UGC and KSCSTE. She has authored and published three books. She has published more than twenty research papers in various refereed journals and conference proceedings. She has edited three books and has given many invited talks in various conferences. She is a recipient of ACM-W Scholarship provided by Association for Computing Machinery, New York.
This project presents the performance analysis of Particle swarm optimization (PSO), hybrid PSO and Bayesian classifier to calculate the epileptic risk level from electroencephalogram (EEG) inputs. PSO is an optimization technique which is initialized with a population of random solutions and searches for optima by updating generations. PSO is initialized with a group of random particles (solutions) and then searches for optima by updating generations. Hybrid PSO differs from ordinary PSO by calculating inertia weight to avoid the local minima problem. Bayesian classifier works on the principle of Bayes rule in which it is the probability based theorem. The results of PSO, hybrid PSO and Bayesian classifier are calculated and their performance is analyzed using performance index, quality value, cost function and classification rate in calculating the epileptic risk level from EEG.
Das Buch bietet einen praxisbezogenen Leitfaden für das Informationssicherheits-, IT- und Cyber-Risikomanagement im Unternehmen - es ist branchenneutral und nimmt Bezug auf relevante Konzepte und Standards des Risikomanagements und der Governance (z.B. COBIT, NIST SP 800-30 R1, ISO 31000, ISO 22301 und ISO/IEC 270xx-Reihe). Der Autor stellt integrierte Lösungsansätze in einem Gesamt-Risikomanagement vor. Dabei behandelt er systematisch, ausgehend von der Unternehmens-Governance, die fachspezifischen Risiken in einem beispielhaften Risikomanagement-Prozess. Der Leser erhält alles, was zur Beurteilung, Behandlung und Kontrolle dieser Risiken in der Praxis methodisch erforderlich ist. Diese 5. Auflage ist auf den aktuellen Stand der Compliance-Anforderungen und der Standardisierung angepasst und geht in einem zusätzlichen, neuen Kapitel speziell auf die Cyber-Risiken und deren Besonderheiten ein. Anhand von Beispielen wird ein Ansatz für das Assessment der Cyber-Risiken sowie in der Massnahmen zur adäquaten Behandlung gezeigt. Hans-Peter Königs, Dipl. El. Ing. und MBA, ist Geschäftsführer der IT Risk KM Consulting GmbH sowie Dozent an der Hochschule Luzern - Informatik, in den Zertifikats- und Master-Studiengängen (CAS und MAS) für Information Security. Nach langjähriger Tätigkeit als Corporate Security Officer liegen die Schwerpunkte seiner heutigen Beratertätigkeit in den Bereichen Risikomanagement, IT-Risikomanagement, Geschäftskontinuitäts- und IT-Notfall-Management sowie in der Informationssicherheit.
Bachelorarbeit aus dem Jahr 2012 im Fachbereich Informatik - Wirtschaftsinformatik, Note: keine, Marmara Üniversitesi, Sprache: Deutsch, Abstract: ABSTRACT Cloud computing has been a frequently discussed approach in recent years. This approach is based on applications and services being kept on the remote servers and usage of these application and services via devices with internet connection. In Cloud Computing all the resources and services are provided with Pay as you use model. Therefore, the businesses are able to choose and use an appropriate model for themselves without having to make new investments. In addition to lowering the operating costs it brings other benefits such as simplicity, flexibility, developing new business models. On the other hand, the most important question mark of the Cloud Computing is security issues. However these concerns are prevented with a variety of security measures. In this study, content, benefits, risks and in an architectural way the technical structure of the Cloud Computing are explained. In the last part of my study, a companys computing processes are analyzed and according to the outcomes, a cloud computing model has been developed.
Masterarbeit aus dem Jahr 2011 im Fachbereich Informatik - Wirtschaftsinformatik, Note: 1,3, Hochschule München, Sprache: Deutsch, Abstract: Scrum gehört zu den agilen Projektmanagementmethoden und es bedarf eines Umdenkens seitens von Kunden und Management. Anders als bei klassischen Methoden, wird in Scrum auf selbstorganisierte Teams und flache Hierarchien großen Wert gelegt. Die Masterarbeit konzentriert sich auf die Einführung von Scrum in ein thailändisches IT-Unternehmen. Hierbei wurden kulturelle, organisatorische und technische Aspekte mit Hilfe des Problemlösungszyklus analysiert und Ziele definiert. Anschließend sind Lösungen nach Scrum und alternative Ansätze evaluiert worden. Für eine Bewertung wurden die drei Faktoren Kosten, Zeit und Risiko mit Punkten gewichtet um die Lösungen später im Maßnahmenkatalog vergleichen zu können. Als Ergebnis kam heraus, dass die zuvor definierten Ziele mit minimalen Anforderungen aus dem Scrum Framework umgesetzt werden können. Zusätzlich ist ein maximaler Lösungsansatz in Betracht gezogen worden. Hierbei tragen alternative Lösungsansätze dazu bei, Scrum als Ganzes zu adaptieren und unterstützen die Umsetzung. ABSTRACT [ENGLISH ] Scrum is one of the agile project management methods and requires a rethinking of customers and management. Unlike classical methods, Scrum set great values on self-organized teams and flat hierarchies. This master thesis focuses on implementing the Scrum Framework for an IT company in Thailand. On this occasion, cultural, organizational and technical aspects were analyzed using the problem solving cycle and objectives defined. Afterwards solutions to Scrum and alternative approaches have been evaluated. For an assessment, weighted points were categorized in three factors of cost, time and risk to compare the solutions later in the action plan. As a result, it was revealed that the previously defined goals can be implemented with the minimum requirements of the Scrum framework. In addition, a maximum approach has been considered. Regarding to this, alternative approaches help to adapt Scrum as a whole and support the implementation.
Further Developments in Operational Research is a collection of articles on fields such as behavioral science, corporate planning, and artificial intelligence. Subjects in forecasting, risk analysis, and network analysis are likewise reviewed. The book discusses statistical forecasting in detail. Graphs, networks, and uses of such networks are provided. A chapter of the book covers the creation and implementation of expert systems. Risk engineering is an integrated approach to all aspects of risk analysis. It identifies and quantifies uncertainty and advances methods in order to modify associated risks through effective and efficient decisions. A review of the models used in forecasting is then provided. This section includes concepts such as hypergraphs, network flows, and tools of graph theory. The historical background and developments in artificial intelligence are also featured in the book. Statistical forecasting is presented completely. The book can serve as a useful tool for programmers, forecasters, statisticians, psychologists, students, and researchers.
The O-ISM3 standard focuses on the common processes of information security. It is technology-neutral, very practical and considers the business aspect in depth. This means that practitioners can use O-ISM3 with a wide variety of protection techniques used in the marketplace. In addition it supports common frameworks such as ISO 9000, ISO 27000, COBIT and ITIL. Covers: risk management, security controls, security management and how to translate business drivers into security objectives and targets
Information security issues impact all organizations; however measures used to implement effective measures are often viewed as a businesses barrier costing a great deal of money. This practical title clearly explains the approaches that most organizations can consider and implement which helps turn Information Security management into an approachable, effective and well-understood tool. It covers: The quality requirements an organization may have for information; The risks associated with these quality requirements; The countermeasures that are necessary to mitigate these risks; Ensuring business continuity in the event of a disaster; When and whether to report incidents outside the organization. All information security concepts in this book are based on the ISO/IEC 27001 and ISO/IEC 27002 standards. But the text also refers to the other relevant international standards for information security. The text is structures as follows: Fundamental Principles of Security and Information security and Risk management. Architecture, processes and information, needed for basic understanding of what information security is about. Business Assets are discussed. Measures that can be taken to protect information assets. (Physical measures, technical measures and finally the organizational measures. ) The book also contains many Case Studies which usefully demonstrate how theory translates into an operating environment This book is primarily developed as a study book for anyone who wants to pass the ISFS (Information Security Foundation) exam of EXIN. In an appendix an ISFS model exam is given, with feedback to all multiple choice options, so that it can be used as a training for the ‘real’ ISFS exam.
This book provides a first introduction into the field of Information security. Information security is about preserving your data, keeping private data private, making sure only the people who are authorized have access to the data, making sure your data is always there, always the way you left it, keeping your secrets secret, making sure you trust your sources, and comply with government and industry regulations and standards. It is about managing your risks and keeping the business going when it all goes south. Every new security practitioner should start with this book, which covers the most relevant topics like cloud security, mobile device security and network security and provides a comprehensive overview of what is important in information security. Processes, training strategy, policies, contingency plans, risk management and effectiveness of tools are all extensively discussed.