Visible to the public Biblio

Filters: Keyword is audit  [Clear All Filters]
2019-02-18
Wang, Yuxin, Hulstijn, Joris, Tan, Yao-hua.  2018.  Regulatory Supervision with Computational Audit in International Supply Chains. Proceedings of the 19th Annual International Conference on Digital Government Research: Governance in the Data Age. :1:1–1:10.
Nowadays, as international trade with cross-border logistics increases, the administrative burden of regulatory authorities has been dramatically raised. In order to reduce repetitive and redundant supervisory controls and promote automatic administration procedures, electronic data interchange (EDI)1 and other forms of information sharing are introduced and implemented. Compliance monitoring ensures data quality for information exchange and audit purpose. However, failure to be compliant with various regulations is still a general phenomenon globally among stakeholders in supply chains, leading to more problems such as delay of goods delivery, missing inventory, and security issues. To address these problems, traditional physical auditing methods are widely used but turned out to be time-consuming and costly, especially when multiple stakeholders are involved. Since there is limited empirical research on compliance monitoring for regulatory supervision in international supply chains, we propose a compliance monitoring framework that can be applied with data sharing and analytics. The framework implementation is validated by an extensive case study on customs supervision in the Netherlands using process mining techniques. Practically, both public and private sectors will benefit from our descriptive and prescriptive analytics for audit purposes. Theoretically, our control strategies developed at the operational level facilitates mitigation of risks at root causes.
2014-09-17
King, Jason, Williams, Laurie.  2014.  Log Your CRUD: Design Principles for Software Logging Mechanisms. Proceedings of the 2014 Symposium and Bootcamp on the Science of Security. :5:1–5:10.

According to a 2011 survey in healthcare, the most commonly reported breaches of protected health information involved employees snooping into medical records of friends and relatives. Logging mechanisms can provide a means for forensic analysis of user activity in software systems by proving that a user performed certain actions in the system. However, logging mechanisms often inconsistently capture user interactions with sensitive data, creating gaps in traces of user activity. Explicit design principles and systematic testing of logging mechanisms within the software development lifecycle may help strengthen the overall security of software. The objective of this research is to observe the current state of logging mechanisms by performing an exploratory case study in which we systematically evaluate logging mechanisms by supplementing the expected results of existing functional black-box test cases to include log output. We perform an exploratory case study of four open-source electronic health record (EHR) logging mechanisms: OpenEMR, OSCAR, Tolven eCHR, and WorldVistA. We supplement the expected results of 30 United States government-sanctioned test cases to include log output to track access of sensitive data. We then execute the test cases on each EHR system. Six of the 30 (20%) test cases failed on all four EHR systems because user interactions with sensitive data are not logged. We find that viewing protected data is often not logged by default, allowing unauthorized views of data to go undetected. Based on our results, we propose a set of principles that developers should consider when developing logging mechanisms to ensure the ability to capture adequate traces of user activity.