DOCSLIB.ORG

S Secure Knowledge Management

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
S Secure Knowledge Management 1 Secure Knowledge Management S S. Upadhyaya University at Buffalo, USA H. Raghav Rao University at Buffalo, USA G. Padmanabhan GE Transportation Systems, USA INTRODUCTION from malicious insiders), infrastructure protection (secur- ing against subversion attacks), and establishing correct As the world is getting more and more technology savvy, policies, refinement, and enforcement. KMS content is the collection and distribution of information and knowl- much more sensitive than raw data stored in databases, edge need special attention. Progress has been made on and issues of privacy also become important the languages and tools needed for effective knowledge (Thuraisingham, Chadwick, Olivier, Samarati, & Sharpston, management1 and on the legal issues concerning the 2002). consumption and dissemination of critical knowledge. Asllani et al. (2003) surveyed over 300 knowledge From a business perspective, a knowledge-management managers about their job roles and found little or no system (KMS) within a firm generally strives to maximize evidence of security issues being considered in their the human-capital utilization and profitability of the firm. jobs; their primary role was focused on communication However, security is becoming a major issue revolving within the organization. This article about secure knowl- around KMS; for instance, the KMS must incorporate edge management raises a number of issues in this critical adequate security features to prevent any unauthorized area of research that need to be tackled by knowledge- access or unauthorized dissemination of information. management practitioners. The following sections focus Acquiring the information that one needs to remain com- on three important aspects of secure knowledge manage- petitive while safeguarding the information one already ment: secure languages, digital-rights management (DRM), has is a complicated task. Firms must balance the advan- and secure content management (SCM). tages of openness against its inevitable risks, and maxi- mize the efficiency of electronic communication without making it a magnet for intruders. One must integrate BACKGROUND offense and defense into a comprehensive strategy, and scholars have suggested that it is time to integrate intel- A firm exists as a repository of knowledge over time ligence and security imperatives with other knowledge- (Zander & Kogut, 1995). Knowledge management is the management strategies and processes (Barth, 2001). methodology for systematically gathering, organizing, Since the widely reported attacks on knowledge re- and disseminating information (Morey, Maybury, & positories in 2001 (e.g., Amazon was hit by denial-of- Thuraisingham, 2003) in a firm. It essentially consists of service attacks and the NIMDA virus hit financial mar- processes and tools to effectively capture and share data, kets), many organizations, especially the U.S. govern- as well as use the knowledge of individuals within a firm. ment, have increased their concern about KMSs. With the Knowledge management is about sharing information advent of intranets and Web access, it is even more crucial more freely such that firms derive benefit from such to protect critical corporate knowledge as numerous indi- openness. viduals now have access to the assets of a corporation. Secure knowledge-management (SKM) systems can Therefore, we need effective mechanisms for securing be described in terms of the three Cs: communication, data, information, and knowledge as well as the applica- collaboration, and content. SKM systems act as a gate- tions (Thuraisingham, 2003, 2004). way to the repository of intellectual content that resides Security methods for knowledge-management sys- within an organization. SKM systems need to source and/ tems may include authentication or passwords, cryptog- or provide access to knowledge that resides in multiple raphy programs, intrusion-detection systems, or access- machines across an organization or multiple organiza- control systems. Issues include insider threat (protecting tions for collaborative efforts. Secure languages are uti- Copyright © 2006, Idea Group Inc., distributing in print or electronic forms without written permission of IGI is prohibited. Secure Knowledge Management Figure 1. A framework for secure knowledge-management systems Security Content Secure Content Management Communication Digital-Rights Management Secure Languages Knowledge Management Collaboration lized to transfer information safely. At the same time, ticates the identity; it is up to the receiving application to digital-rights management becomes critical in cross-orga- accept if it trusts the assertion. The security-assertion nizational transfers of knowledge, while access control markup domain model is depicted in Figure 2. and identity management play an important role in secur- SAML shows how to represent users, identifies what ing the knowledge-management system. A framework for data need to be transferred, and defines the process for secure knowledge management is shown in Figure 1 as sending and receiving authorization data (Cohen, 2000). two interlinked, triangular chains: The larger chain fo- SAML also has extensive applications in automated busi- cuses on security, knowledge, and management, while the ness-to-business (B2B) transactions that require secure smaller triangular chain (with dotted links) focuses on transactions between the two parties. The increased col- content, communication, and collaboration. Different laboration among the various businesses has necessi- aspects within the smaller chain include secure content tated the need for such a technology (Patrizio, 2003). A management, digital-rights management, and secure lan- case in point is that of Southwest Airlines (Wagner & guages. This article focuses on the interarticulation of the Witty, 2003)—one of the first to use SAML-enabled different concepts in the triangles. identity management on a large scale to perform cross- domain trust. This implementation also marks an early step in the movement toward federated identity manage- SECURE LANGUAGES ment. SAML does not provide a complete security solution, In order to communicate securely and collaborate with but it does provide the identity-management functional- one another, organizations need to use secure languages. ity. In addition, it provides password management and These languages can be implemented to enhance the access control, and a framework for implementing the security of knowledge-management systems. Some of “single sign-on” mechanism where authentication needs these are detailed in the following sections. to be shared across multiple systems. Single sign-on becomes an absolute necessity when implementing com- Security-Assertion Markup Language plex KMSs that need to source or access data from multiple machines. The security-assertion markup language (SAML) can A number of commercial and open-source products secure the KMS from insider or outsider threat by manag- provide SAML, including the following: ing access control and identity. SAML is an extensible- markup-language- (XML) based framework (Cohen, 2000) • Entegrity Solutions AssureAccess (http:// for exchanging security information. In SAML, the ex- www.entegrity.com/products/aa/aa.shtml) pression of security is in the form of assertions about • Internet2 OpenSAML (http://www.opensaml.org/) subjects. Most other security approaches use a central • Netegrity SiteMinder (http://h71028.www7.hp.com/ authority to authenticate the identity or the data. How- enterprise/cache/8258-0-0-225-121.aspx) ever, SAML does not use a central authority that authen- 2 Secure Knowledge Management Figure 2. Security-assertion markup model S Policy Servers Authentication Attribute Policy Decision Credential Authority Authority Point Collector Authentication Attribute Authorization Assertion Assertion Decision Assertion Security-Assertion Markup Language System Application Policy Enforcement Entity Request Point (Adapted from http://www.fawcette.com/xmlmag/2002_03/magazine/departments/marketscan/SAML/) • RSA Security ClearTrust (http://www. An extension of KQML is secure KQML, which is rsasecurity.com/node.asp?id=1186) being developed to take into account security and pri- • VeriSign Trust Integration Toolkit (http:// vacy concerns that agents could encounter whenever www.xmltrustcenter.org/developer/verisign/tsik/ they cross multiple administrative domains. Since tradi- download.htm) tional agent communication-language standards lack the necessary constructs that enable secure cooperation Secure Knowledge-Query and among software agents, SKQML enables KQML-speak- Manipulation Language ing agents to authenticate one another, implement spe- cific security policies based on authorization schemes, KQML or the knowledge-query and -manipulation lan- and, whenever needed, ensure the privacy of the mes- guage is a language for exchanging information and knowl- sages exchanged. SKQML employs public-key crypto- edge. KQML focuses on an extensible set of performatives graphic standards and it provides security mechanisms that defines the permissible operations that agents may as an integral part of the communication language. In attempt on each other’s knowledge and goal stores. The summary, SKQML incorporates a synthesis of public- performatives comprise a layer on which to develop higher key certificate standards and agent communication lan- level models of interagent interaction such as contract guages to achieve an infrastructure that meets the secu- nets and negotiation.
Load more

Recommended publications
  • View Annual Report
    VERISIGN.COM worldwide UNITED STATES: AUSTRALIA: Corporate Headquarters Level 5, 6-10 O’Connell Street 487 East Middlefield Road Sydney, New South Wales, 2000 Mountain View, CA 94043 Australia USA Phone: +612-9236-0509 Phone: +1-650-961-7500 Fax: +612-9236-0532 Fax: +1-650-961-7300 www.VeriSign.com.au www.VeriSign.com INDIA: 21345 Ridgetop Circle VeriSign Services India Pvt Ltd., Dulles, VA 20166 80 Feet Road Koramangala Phone: +1-703-948-3200 Koramangala, Bangalore - 560 034 Karnataka, 2008 EUROPE: India 8 Chemin de Blandonnet Phone: +91-80-42565656 annual CH-1214 Vernier, Geneva www.VeriSign.in Switzerland SOUTH AFRICA: Phone: +41-22-545-0200 report Tygerberg Hills Office Park Fax: +41-22-545-0300 163 Hendrik Verwoerd Drive annual report www.VeriSign.ch Plattekloof 7500 Waterfront, Chancellors Road South Africa Hammersmith, W6 9XR London Phone: +27-21-937-8900 United Kingdom Fax: +27-21-937-8965 Phone: +44-(0)-1784-89-5014 www.thawte.com Fax: +44-(0)-1784-89-5114 www.VeriSign.co.uk JAPAN: Nittobo Bldg. 13F 8-1 Yaesu, 2-chome, Chuo-ku Tokyo 104-0028 Japan Phone: +81-3-3271-7011 Fax: +81-3-3271-7027 www.VeriSign.co.jp VERISIGN.COM ® 08 Cert no. SCS-COC-00648 board of directors executive officers investor info ® D. James Bidzos D. James Bidzos Quarterly earnings releases, corporate Executive Chairman of the Board Executive Chairman of the Board news releases, and Securities and Exchange and Chief Executive Officer and Chief Executive Officer Commission filings are available by on an interim basis, on an interim basis contacting VeriSign Investor Relations or VeriSign, Inc.
    [Show full text]
  • Content Governance
    GUIDE FOR CONTENT GOVERNANCE Improve your content quality, your operational efficiency and protect the value of your brand 3 Content Introduction 5 Crucial challenges and opportunities 9 The purpose of content governance 15 The scale of content governance 17 Developing a content governance framework 19 Step 1 Choose your governance model 21 Step 2 Assess your current situation 23 Step 3 Define the work processes and roles 27 Step 4 Determine the policies and standards 37 Step 5 Set the Key Performance Indicators 41 Step 6 Automate 45 Content governance checklist 47 INTRODUCTION 5 Discover why content governance is essential to your organisation Content is important. As a company or organisation, you create and publish content to add character to your brand, to train your employees, to attract applicants or investors and to inform journalists or the general public. You use content in different ways, involving many people inside and outside the organisation. It is becoming increasingly clear that content is no longer a question of top-down publishing, but involves conversation and commitment. Today, marketers and communication managers even use content channels to build a community. They have apps, websites, Facebook, blogs, e-books, webinars, serious games, mash-ups, podcasts, virtual learning, content curation, crowdsourcing, online video and a wide range of traditional print channels. In order to maintain a certain level of control in the ever more complex world of content, publishing, conversation, channels and technology, you need content governance. Content governance has become an indispensable tool to protect and strengthen the value of your brand and improve the operational efficiency and quality of your content.
    [Show full text]
  • Detailed Technical Specifications
    Annex No.1 Technical Specifications Conceptual, functional and technical requirements for elaboration of the new eu4ungheni.md & eu4cahul.md websites 1. Background The EU4Moldova: focal regions Programme (further Programme) is based on the European Commission Implementing Decision on the Annual Action Programme 2018 in favor of the Republic of Moldova and is funded by the European Union and implemented by the United Nations Development Programme. The overall objective of the five-year Programme is to strengthen the economic, territorial and social cohesion in the Republic of Moldova through smart, green, inclusive, sustainable and integrated local socio-economic growth as well as by improving the standards of living of the citizens in the focal regions: Cahul and Ungheni. The current document is defining the technical specifications for developing of the new versions of the existing www.eu4ungheni.md and www.eu4cahul.md websites. Both websites were developed at the launch Programme phase and need to be upgraded in order to be more interactive, mobile and user-friendly as well as re- engineering of the websites management systems. The future websites should serve as: • Main communication, visibility, and source of information on Programme activity; • Interactive platforms for promotion of the interaction and collaboration among citizens, public sector, private sector and civil society organizations. 2. Already developed websites current state Considering the necessity of content migration requirements below are described the important
    [Show full text]
  • ONLINE MARKETING SERVICES the Following Additional Terms and Conditions Shall Apply to Any and All Purchases of Online Marketin
    ONLINE MARKETING SERVICES The following additional terms and conditions shall apply to any and all purchases of Online Marketing Services, SEO Optimizer, Local Business Listings or nsMarketing™ Services (as defined below). 1. Description of Service. A. Web.com may make available for purchase, from time to time, a variety of online marketing services in the form of our nsMarketing™ solution, Local Business Listings, and/or SEO Optimizer product, including online banner advertisement creation and publication, pay per click search engine advertising, email communication tools, registration with several World Wide Web search engines and Internet Yellow Pages Directories (as described on our Website), search engine optimization, link building, search submissions, keyword optimization, local, regional and national directory listing and submission, Website and site map analysis, call-tracking, search engine optimized press release service, search engine visibility and/or premium listings services (collectively, "Online Marketing Services", "nsMarketing" or "Services"), as published on the Web.com Website. Subject to the terms and conditions of this Agreement (which includes this and all other applicable Schedules) and during the term of this Agreement, Web.com agrees to provide to you the Online Marketing Services you purchase during the sign-up process. Web.com reserves the right to amend its Online Marketing Services offerings and to add, delete, suspend or modify the terms and conditions of such Online Marketing Services, at any time and from time to time, and to determine whether and when any such changes apply to both existing and future customers. B. In order to use the Services, you must obtain access to the Internet/World Wide Web, either directly or through devices that access Web-based content, and pay any service fees associated with such access.
    [Show full text]
  • [Inter]Faces of Content Management Systems
    Vol. 10, No. 2 March, 2002 www.gilbane.com Published by: Bluebill Advisors, Inc. 763 Massachusetts Ave. Cambridge, MA 02139 USA ™ (617) 497.9443 Fax (617) 497.5256 www.bluebilladvisors.com Editor: Frank Gilbane [email protected] Content, Computing, and Commerce – Technology & Trends (617) 497.9443 Editors Emeriti: Tim Bray [email protected] THE MANY [INTER]FACES OF CONTENT (604) 708.9592 David Weinberger [email protected] (617) 738.8323 MANAGEMENT SYSTEMS Associate Editors: Bill Trippe [email protected] User interface design has always been a bit of a black art. There was criticism (617) 497.9443 of the browser interface when it first became popular. UI experts had devel- David R. Guenette oped very well thought-out and sophisticated interfaces for viewing elec- [email protected] (617) 868.6093 tronic documents and data, and some were puzzled at the appeal of browsers. They perhaps felt reassured that such a primitive approach could Contributors: Sebastian Holst not ultimately succeed. In hindsight it is easy to see it was the simplicity of [email protected] Web browsers that allowed it to monopolize content presentation on the (301) 548-4020 Girish Altekar Internet — everybody can use a Web browser, and everybody was the audi- [email protected] ence the browser was (not entirely intentionally) designed for. (512) 478.3112 Mary Laplante [email protected] In the case of content management systems there are many audiences, and (412) 264.8432 each of these may have specialized needs that go well beyond those of the Mike Maziarka [email protected] content consumer. The success of a content management implementation (781) 871.9000 depends on its acceptance by authors, developers of different types, manag- Production Assistant: ers, and administrators.
    [Show full text]
  • Licensing Guide
    Licensing Guide Plesk licenses, editions and standard features ............................................................... 2 Plesk Onyx – Special Editions (2018) .................................................................................. 4 Plesk Onyx Licensing on Hyperscalers ............................................................................... 4 Extra Features, Feature Packs and Extensions ................................................................ 5 Available Plesk Feature Packs ............................................................................................ 6 Plesk-developed extensions ............................................................................................... 8 Third-party premium extensions.................................................................................... 14 Plesk licenses, editions and standard features Plesk uses a simple, flexible license model with loads of options: 1) Server-based licenses – example: Plesk licenses a. Installation on dedicated servers (also known as physical servers) b. Installation on virtual servers (also known as virtual private servers or VPS) 2) You can buy all our licenses on a monthly/annual basis - or in discounted bundles. You can end this license at any time and it renews automatically through our licensing servers. 3) All three editions of our server-based licenses present a number of core features: a. Plesk Web Admin Edition For Web & IT Admins who manage sites for an employer, business, or themselves. If you need simple
    [Show full text]
  • Handleiding Wordpress
    WordPress in het Kort Een website maken met Wordpress. In minder dan één uur online! Inclusief installatie van een thema en plugins Alle rechten © 2013, Rudy Brinkman, BrinkhostDotCom, http://www.brinkhost.nl WordPress in het Kort – Pagina 1 Wat is WordPress? WordPress is een 'content management systeem' – een programma, geïnstalleerd op een webserver, waarmee u de inhoud van uw website kunt beheren. Voordelen – GPL-licentie, dus gratis te gebruiken; – zoekmachine vriendelijk (dus een betere ranking mogelijk in bijvoorbeeld Google, maar zeker niet gegarandeerd!); – goede en snelle 'scripting' (de onderliggende programmatuur) waardoor uw website ook snel functioneert (laden van een website moet snel zijn!) – de software wordt door de gebruikers erg veilig gehouden. Dit in tegenstelling tot bijvoorbeeld Joomla wat bekend staat als één van de meest onveilige CMS systemen maar desondanks nog steeds erg populair is; – eenvoudig en snel uw website opzetten; – eenvoudig te onderhouden; – uitbreidbaar, door de vele additionele scripts/programma's (plugins); – veel (gratis) website ontwerpen (“templates”) beschikbaar; – zeer stabiel; – groot aantal gebruikers, wereldwijd – dus veel mensen die u kunnen helpen op forums en dergelijke op het internet. Nadelen – er worden bepaalde eisen aan de hosting gesteld, waar niet elk hosting bedrijf aan kan- of wil voldoen (voor een redelijke prijs); – wilt u volledig profiteren van alle mogelijkheden dan is toch soms enige diepgaandere kennis nodig van website ontwerp en databases; – aanpasbaarheid van templates is niet altijd even goed ingeregeld en vraagt eveneens diepgaandere kennis van ontwerpen van websites. Deze handleiding In deze handleiding gaan wij geen complete instructie geven over hoe u een WordPress website maakt. De handleiding gaat uit van een installatie op onze eigen webservers, middels Installatron.
    [Show full text]
  • Using Wordpress As a Content Management System Jonathan P
    View metadata, citation and similar papers at core.ac.uk brought to you by CORE provided by University of San Francisco The University of San Francisco USF Scholarship: a digital repository @ Gleeson Library | Geschke Center Entrepreneurship, Innovation, and Strategy School of Management 2008 Instant Websites: Using WordPress as a Content Management System Jonathan P. Allen University of San Francisco, [email protected] Follow this and additional works at: http://repository.usfca.edu/esib Part of the Technology and Innovation Commons Recommended Citation Allen, Jonathan P., "Instant Websites: Using WordPress as a Content Management System" (2008). Entrepreneurship, Innovation, and Strategy. Paper 15. http://repository.usfca.edu/esib/15 This Conference Proceeding is brought to you for free and open access by the School of Management at USF Scholarship: a digital repository @ Gleeson Library | Geschke Center. It has been accepted for inclusion in Entrepreneurship, Innovation, and Strategy by an authorized administrator of USF Scholarship: a digital repository @ Gleeson Library | Geschke Center. For more information, please contact [email protected]. WITS- 2008 • Edited by Ram D. Gopal, University of Connecticut R. Ramesh, SUNY at Buffalo • Local Arrangements Chair Nicolas Prat, ESSEC Business School • Prototype and Technology Instruction Chair Kumar Mehta, George Mason University • Submission System Coordinator Sanjukta Das Smith, SUNY at Buffalo Instant Websites: Using WordPress as a Content Management System J.P. Allen University of San Francisco, [email protected] Executive Summary Abstract ln thi s teaching module, you will create a website to promote a business, product, or service using a simple Content Management System (CMS). With the nextbusnews.com site a a model, you will launch a promotional website usLng the open source blogging platform WordPress as a simple CMS.
    [Show full text]
  • Wiki Software for Knowledge Management in Organisations
    Spoilt for Choice - Wiki Software for Knowledge Management in Organisations Katarzyna Grzeganek, Ingo Frost, Daphne Gross Pumacy Technologies AG EMAIL: [email protected] Abstract The article presents the most popular wiki solutions and provides an analysis of features and functionalities based on organisational needs for the management of knowledge. All wiki solutions are compared to usability, search function, structuring and validation of knowledge. Keywords Wiki, Organisation, Knowledge Management, Analysis, Assessment, Feature, Platform, Documentation, Usability, Research, Structuring, Security, Integration, Quality, Validation URL http://www.pumacy.de/en/publications/wikis_fuer_wissensmanagement.html Spoilt for choice - Wiki Software in Organisations ................................................................... 1 1. Preface................................................................................................................................ 2 2. Wiki software for organisations ......................................................................................... 2 3. Presentation of wiki solutions ............................................................................................ 5 4. Wikis & Knowledge Management: Criteria and Analysis................................................. 8 4.1. Knowledge management across the organisation—ease of use.................................. 8 4.2. Structured Knowledge Base........................................................................................ 9 4.3.
    [Show full text]
  • WHY USE a WIKI? an Introduction to the Latest Online Publishing Format
    WHY USE A WIKI? An Introduction to the Latest Online Publishing Format A WebWorks.com White Paper Author: Alan J. Porter VP-Operations WebWorks.com a brand of Quadralay Corporation [email protected] WW_WP0309_WIKIpub © 2009 – Quadralay Corporation. All rights reserved. NOTE: Please feel free to redistribute this white paper to anyone you feel may benefit. If you would like an electronic copy for distribution, just send an e-mail to [email protected] CONTENTS Overview................................................................................................................................ 2 What is a Wiki? ...................................................................................................................... 2 Open Editing = Collaborative Authoring .................................................................................. 3 Wikis in More Detail................................................................................................................ 3 Wikis Are Everywhere ............................................................................................................ 4 Why Use a Wiki...................................................................................................................... 5 Getting People to Use Wikis ................................................................................................... 8 Populating the Wiki................................................................................................................. 9 WebWorks ePublisher and Wikis
    [Show full text]
  • CWU Content Management System (CMS) User Guide
    CWU Content Management System (CMS) User Guide Last Revision: January, 2018 Version: 1.8 CWU Content management System (CMS) User Guide 2 Table of Contents NOTE: Copyright Guidelines .......................................................................................................................... 4 What is a content management system? ..................................................................................................... 5 How do I post to Campus Notices (Central Today)? ..................................................................................... 5 When will my Notice be displayed on the Campus News page? .......................................................... 5 When will my Notice be displayed in the Central Today email? .......................................................... 5 When will my Notice be displayed as 'New?' ....................................................................................... 5 How do I post my Notice to the Intranet? ............................................................................................ 6 How do I add attachments? .................................................................................................................. 6 How do I edit my Notice? ...................................................................................................................... 6 Special Change Requests .............................................................................................................................. 7 Enabling the rotating
    [Show full text]
  • A Comparative Study of Web Content Management Systems
    information Review A Comparative Study of Web Content Management Systems Jose-Manuel Martinez-Caro 1,*, Antonio-Jose Aledo-Hernandez 1, Antonio Guillen-Perez 1, Ramon Sanchez-Iborra 2 ID and Maria-Dolores Cano 1 ID 1 Department of Information Technologies and Communications, Universidad Politécnica de Cartagena (UPCT), Edif. Cuartel de Antigones, Plaza del Hospital 1, 30202 Cartagena, Spain; [email protected] (A.-J.A.-H.); [email protected] (A.G.-P.); [email protected] (M.-D.C.) 2 Department of Information and Communications Engineering, Universidad de Murcia (UM), Avda. Teniente Flomesta, 5, 30003 Murcia, Spain; [email protected] * Correspondence: [email protected]; Tel.: +34-968-328-871 Received: 15 December 2017; Accepted: 25 January 2018; Published: 27 January 2018 Abstract: Web Content Management Systems (WCMS) play an increasingly important role in the Internet’s evolution. They are software platforms that facilitate the implementation of a web site or an e-commerce and are gaining popularity due to its flexibility and ease of use. In this work, we explain from a tutorial perspective how to manage WCMS and what can be achieved by using them. With this aim, we select the most popular open-source WCMS; namely, Joomla!, WordPress, and Drupal. Then, we implement three websites that are equal in terms of requirements, visual aspect, and functionality, one for each WCMS. Through a qualitative comparative analysis, we show the advantages and drawbacks of each solution, and the complexity associated. On the other hand, security concerns can arise if WCMS are not appropriately used. Due to the key position that they occupy in today’s Internet, we perform a basic security analysis of the three implement websites in the second part of this work.
    [Show full text]