"Cybercrime costs firms USD 1 trillion globally" - Headlines like this released by Reuters news agency on 29th January 2009 tend to regularly dominate international press lately. Surveys indicate that insiders like employees are one of the biggest threats to data security within organisations. As a result of improper account management users accumulate a number of excessive rights over time, resulting in the so called identity chaos. In the course of constantly growing IT infrastructures on the one hand, as well as the legislative regulations and law on the other hand, role-based Identity Management in particular has become a means of solving the identity chaos and meeting data security requirements. However, the central challenge organisations face in this context is how to construct a role catalogue for their Identity Management infrastructure. Some companies deal with this issue by applying predominantly manual procedures based on organisational and operational structures. These approaches are known as Role Engineering methodologies. Throughout the last few years, so-called Role Mining methodologies which use Data Mining techniques that cluster existing access rights of employees have evolved as alternative approaches. Recent findings show that a combination of Role Engineering and Role Mining is necessary to define a good collection of roles. This book gives insight into a hybrid tool-supported methodology for cleansing identity and account data and developing business roles for employees using Role Engineering and Role Mining techniques. Its main goals are to increase the overall user management data quality and support companies throughout a semi-automated process of defining roles. The methodology considers existing employee information and access privileges without neglecting organisational structures and business experts' knowledge about the organisation.

This book constitutes the refereed proceedings of the 4th International Conference on Information Systems Security, ICISS 2008, held in Hyderabad, India, in December 2008. The 15 revised full papers, 4 short papers, and 2 research reports presented together with 4 keynote talks were carefully reviewed and selected from 81 submissions. The papers span a wide range of topics including access control, cryptography, forensics, formal methods and language-based security, intrusion detection, malware defense, network and Web security, operating system security, and privacy, and are organized in topical sections on languages and formal methods, protocols, ongoing research, intrusion detection, biometrics, forensics and steganography, and practical applications.

For organizations to maintain their competitive advantage, their people need to be performing to the best of their abilities. But in a world of increasing stress and pressure, rapid technological change and digital overload, supporting and developing employees has never been more difficult. Employee Experience is a practical guide to achieving this. To develop top-performing employees, HR professionals need to move beyond ad hoc engagement initiatives and instead to design and embed employee experience throughout an organization's processes and culture - from the moment an employee sees a job advert to the moment they leave the company. Employee Experience is full of tools, tips and advice to help HR professionals and business leaders motivate, support and develop their staff to achieve exceptional individual and organizational performance. It includes guidance on how to build experience capabilities in an HR team and on communicating, sustaining and evolving the employee experience, as well as on using networks, nudges and technology. Containing a foreword by Global Industry Analyst Josh Bersin and case studies from companies including Airbnb, Starbucks and Sky, the book shows how focusing on the employee experience improves performance, productivity and profits and how organizations of any size can achieve this success.

As the transformation to hybrid multicloud accelerates, businesses require a structured approach to securing their workloads. Adopting zero trust principles demands a systematic set of practices to deliver secure solutions. Regulated businesses, in particular, demand rigor in the architectural process to ensure the effectiveness of security controls and continued protection. This book provides the first comprehensive method for hybrid multicloud security, integrating proven architectural techniques to deliver a comprehensive end-to-end security method with compliance, threat modeling, and zero trust practices. This method ensures repeatability and consistency in the development of secure solution architectures. Architects will learn how to effectively identify threats and implement countermeasures through a combination of techniques, work products, and a demonstrative case study to reinforce learning. You'll examine: The importance of developing a solution architecture that integrates security for clear communication Roles that security architects perform and how the techniques relate to nonsecurity subject matter experts How security solution architecture is related to design thinking, enterprise security architecture, and engineering How architects can integrate security into a solution architecture for applications and infrastructure using a consistent end-to-end set of practices How to apply architectural thinking to the development of new security solutions About the authors Mark Buckwell is a cloud security architect at IBM with 30 years of information security experience. Carsten Horst with more than 20 years of experience in Cybersecurity is a certified security architect and Associate Partner at IBM. Stefaan Van daele has 25 years experience in Cybersecurity and is a Level 3 certified security architect at IBM.

This volume constitutes the refereed proceedings of the 21st EuroSPI conference, held in Luxembourg, in June 2014. The 18 revised papers presented together with 11 invited papers in this volume were carefully reviewed and selected. They are organized in topical sections on SPI and very small entities; process improvement frameworks; testing and improvement issues; SPI and people issues; SPI and quality issues; software processes in various contexts. The volume also contains selected keynote papers from EuroSPI workshops and invited papers covering the topic of creating environments supporting innovation and improvement.

This volume constitutes the refereed proceedings of the 9th IFIP WG 11.2 International Conference(formerly Workshop) on Information Security Theory and Practices, WISTP 2015, held in Heraklion, Crete, Greece, in August 2015. The 14 revised full papers and 4 short papers presented together were carefully reviewed and selected from 52 submissions. WISTP 2015 sought original submissions from academia and industry presenting novel research on all theoretical and practical aspects of security and privacy, as well as experimental studies of elded systems, the application of security technology, the implementation of systems, and lessons learned. We encouraged submissions from other communities such as law, business, and policy that present these communities' perspectives on technological issues.

This book traces the evolution and trends in research and development (R