Thesis - Open Universiteit

Download Report

Transcript Thesis - Open Universiteit 

Achieving Traceable Compliance
using the Ampersand Method
Open University of the Netherlands
TouW gathering March 6th 2010
Henriëtte Sangers
Different aspects research
IT systems
development
Compliance
Business
Ontologies
Ampersand
Method
GAP
Mind the Gap
Follow rules
Obedience
Compliance
Do the right thing
Respect others
The limits of our language mean the limits of our world
Wittgenstein (1922)
Two Gaps in IT Systems
Development
1. Different use of concepts – misunderstandings about
desired functionality
2. Wrong implementation of correctly understood
desired functionality
 Contribute to the bad track record of IT projects
The importance of being…
an OU student
 Usually you are older…what’s so great about that?
 Let’s try: more mature? More experienced?
=> If you work in IT: you saw the gap
 If you really want to know the gap cross it!
=> Use the opportunities to experience the other side
 Chance to get better understanding of mutual dependency
Business - IT
Compliance
Organisations operating according to rules and regulations
set for this type of organisation.
Barings
ING
Financial World ABN AMRO
IceSave
Lehman Brothers
New regulations to restore public trust in the financial system:
- Basel II
- SOx
- MIFID
- CDD
=> Focus now on ‘getting it right’
People, procedures and IT-systems all need to be compliant!
Compliance Challenge
 Adapt to rapidly changing ruling in a competitive market
• stay flexible
• change at low costs
 Specific difficulties compliance:
• translating compliance ruling into measures for organisation
• many rules and regulations from different sources
• traceability - ‘proving’ compliance
Compliance Challenge - surveys
Mercury
US and European businesses expect a large part of IT budgets
will go to compliance projects in the coming years
Deloitte and Touche
Complexity of IT environments is seen as a major impediment
in compliance projects
Gartner
Organisations can experience a competitive advantage by
handling compliance issues more efficiently than others
The Ampersand Method I
Stef Joosten
 Rule based Business Process Management
 Formal approach to IT systems development
 Succeeds / incorporates:
• Calculating with Concepts: finding and verifying business rules
• ADL (A Description Language): capturing business rules
 building blocks:
• Concepts: entities which are important to users
• Relations: associations between concepts
• Rules: invariants, represent business logic
The Ampersand Method II
 Based on relation algebra, can be used to:
• Get clarity about specifications (cycle chasing)
• Specifying and even generating IT systems which can be proven
to implement business logic (as in business rules) correctly.
 Business processes are derived from business rules,
not built with them.
Bridging the Gap: Ontologies
 How to represent the real world: ontologies, the silver bullet?
 Everybody his own ontology: solving problems or raising
misunderstandings to a higher level?
 Long history in IT Systems Analysis and Design (ISAD),
a.o. Bunge-Wand-Weber representation model
 Why use ontologies in IT:
• Enabling common understanding: sofa/couch, property/attribute
• Reuse domain knowledge
• Make domain knowledge explicit, support analysis
Use of Ontologies in IT
 Applications: information integration, P2P information sharing,
web service composition, ambient intelligence, web navigating
and querying (Marktplaats)
 Recent developments in the area of automated concept matching
and ontology integration
Ampersand, Business Ontologies
and Compliance
• Business (compliance) rules can be used directly, no need to
program business processes
• All business (compliance) logic in one place, easy to check by
users and auditors
• Mathematical prove that functionality matches business
(compliance) rules can be provided
• Business ontologies easy to use with Ampersand, help bridge
the gap between compliance ruling and business concepts
Research at Purdue University
 CERIAS program: Center for Education and Research in
Information Assurance and Security
 Computer Science Research group dedicated to: Digital
Identity Management and Protection
 Articles on:
• traceable and flexible compliance with privacy ruling
• use of ontologies to support common understanding of concepts
Articles Purdue University
Examples:
• Achieving Privacy in Trust Negotiations with an Ontology-Based Approach.
IEEE Transactions on Dependable and Secure Computing, January-March 2006
• Traceable and Automatic Compliance of Privacy Policies in Federated Digital
Identity Management. 6th Workshop on Privacy Enhancing Technologies.
Cambridge University UK, 2006.
The Case
 Federated environment of medical service providers and patients
 Automated exchange of patients’ information among service providers
 Compliance with patients’ privacy preferences
 Breaches of trust need to be traceable
 Other requirements:
• common understanding of concepts (medical, privacy preferences)
• automated matching of concepts
• flexibility and traceability
Purdue Solution I
1. Check isMoreStrict
2. A. Privacy preference templates
PPx stricter than Ppy if x < y
Purdue Solution II
2. B. Customized privacy preferences
More complex checks / ordening.
3. Check logging - trace back
Ampersand Solution
Concepts, Relations and Rules
• Concepts: entities which are important to users
CONCEPT "Participant" "party in federated service network, person or service provider."
CONCEPT "PrivacyPreference" "a policy statement about how to deal with information"
CONCEPT "Data" "the type of data that can be stored of a person."
• Relations: associations between concepts
belongsTo :: PrivacyPreference => Participant
subsumes :: PrivacyPreference * PrivacyPreference [TRN,ASY]
PRAGMA "" " subsumes, is less strict than “
requestsInformationFrom :: Participant * Participant
• Rules: invariants, represent business logic
requestsInformationFrom -: (hasPrivacyPreference; hasPrivacyPreference~)
\/ (hasPrivacyPreference; subsumes~; hasPrivacyPreference~)
EXPLANATION "Information can only be requested from a party with an equally
or less strict privacy policy."
Ampersand Solution - base
xx
xxxxxx
xxxxx xxxxx xxxxxx x
xxx x xxxxxxxxxx xxxx
xxxxx xxxxxx xxxxxxxx x
x x x x x x x x x x x x x x x x x x x x xx
x x x x x x x x x x x x x x x xx x x x
x x x x x x x x x x x x x x x x x xxx
xxxx xxxxxxx
xxxxx
xxxxxxxxxxxxxxxxxxxxx
xxxxxx xxxxxxxx
possible occurrences
allowed occurrences
actual occurrences
requestsInformationFrom -: (hasPrivacyPreference; hasPrivacyPreference~)
\/ (hasPrivacyPreference; subsumes~; hasPrivacyPreference~)
Ampersand Solution - flexibility
xx
xxxxxx
xxxxx xxxxx xxxxxx x
xxx x xxxxxxxxxx xxxx
xxxxx xxxxxx xxxxxxxx x
x x x x x x x x x x x x x x x x x x x x xx
x x x x x x x x x x x x x x x xx x x x
x x x x x x x x x x x x x x x x x xxx
xxxx xxxxxxx
xxxxx
xxxxxxxxxxxxxxxxxxxxx
xxxxxx xxxxxxxx
possible occurrences
allowed occurrences
special permission
actual occurrences
requestsInformation -: ((belongsTo~; hasPurpose; subsPurpose~; hasPurpose~)
/\ (belongsTo~; refersToData; subsData~; refersToData~))
\/ (permissionTo~; permissionConcerns)
Ampersand - ontologies
subsPurpose :: Purpose * Purpose [TRN,ASY]
PRAGMA "" " subsumes, is less strict than"
= [ ("General-purpose", "Treatment")
; ("General-purpose", "Insurance")
; ("General-purpose", "Research")
; ("Research", "Teaching")
; ("Research", "Development")
; ("Research", "Marketing")
].
Ampersand - ontology integration
xx
xxxxxx
xxxxx xxxxx xxxxxx x
xxx x xxxxxxxxxx xxxx
xxxxx xxxxxx xxxxxxxx x
x x x x x x x x x x x x x x x x x x x x xx
x x x x x x x x x x x x x x x xx x x x
x x x x x x x x x x x x x x x x x xxx
xxxx xxxxxxx
xxxxx
xxxxxxxxxxxxxxxxxxxxx
xxxxxx xxxxxxxx
possible occurrences
allowed occurrences
out of bound occurrences
requestsInformationFrom -: hasPrivacyPreference; hasPurpose; subsPurpose~;
hasPurpose~; hasPrivacyPreference~
EXPLANATION "Information can only be requested from a party with an equally
or less strict purpose policy."
Ampersand - screen
Solutions Compared
Purdue
Ampersand
•programming business processes •deriving business processes from rules
•business logic in systems coding •business logic in rule base
•mathematical prove not provided •mathematical prove provided
•more familiar to most IT staff
•less well known
Conclusions I
 Ampersand method offers advantages in achieving compliance in IT
• business rules used directly to generate IT system
• all business logic in one place, easy to check
• correct implementation can be proven
 Business ontologies enhance usability Ampersand
• easy to integrate with Ampersand / ADL
• help bridge gap between compliance- and business concepts
• allow combination of rule patterns / compliance patterns
Conclusions II
 Advantages Ampersand method combined with business ontologies
reach beyond compliance
• help get clarity about desired functionality
• less discussion about implementation issues
• increase IT developers productivity
• enhance flexibility
Further Research
 Automated matching of business logic and (compliance) ruling,
supported by business ontologies
 Integrating Ampersand compliance- and business rule patterns
to offer extended functionality in IT systems development
 Generating a ‘compliance certificate’ based on correct matching
of compliance ruling and business concepts
Master Thesis
 Choose a subject you like, after all you are stuck with it!
 Choose a subject which is doable in the time you want to spend
 Watch out for dependencies
 Combine with job or join existing research, take into account:
• Level of freedom
• Academic level
• Time efficiency
 Say good bye to your friends and go for IT!
QUESTIONS?