|
|
 |
Governance & compliance
|
Governance has become a huge topic in the business world. Key drivers
are increasing regulatory pressure, needs for better risk management,
and a purely economic desire of enterprises to monitor and influence
their business performance faster. As governance may touch almost
all parts of an enterprise, it is a complex issue that benefits
from a carefully planned framework. We support IBM in developing
a Unified Governance Framework (UGF) intended to cover the entire space
of enterprise governance, with a focus on the role of IT-related
services and components therein.
The underlying regulatory pressure is an answer to the high-profile
incidents of corporate accounting fraud, security violations, terrorist
acts, and disruptions of major financial markets that we have seen
in recent years. This has led to a proliferation of new regulations
that directly impact businesses. As a result, businesses —
in particular publicly traded companies — face the daunting
task of complying with an increasing number of intricate and constantly
evolving regulations. Together with the growing complexity of today's
enterprises, this requires a holistic compliance management approach
with the goal of continually increasing automation.
The specific research topic we have introduced is called REALM (regulations
expressed as logical models). It is a metamodel and method for modeling
regulations and managing them in a systematic lifecycle in an enterprise.
We formalize regulatory requirements as sets of compliance rules
in a novel real-time temporal object logic over concept models in
UML2.0, together with metadata for traceability. REALM provides
the basis for subsequent model transformations, deployment, and
continuous monitoring and enforcement of compliance in real business
processes and IT systems.
|
|
|
| |
|
|
| |
|
| [1] |
Birgit Pfitzmann, Calvin Powers, Michael Waidner:
IBM’s Unified Governance Framework (UGF) Initiative;
IBM Research Report RZ 3699 (#99709) 10/12/2007, IBM Research
Division, Zurich, Oct. 2007  |
| [2] |
Birgit Pfitzmann: Multi-layer Audit of Access Rights. Accepted
for 4th VLDB Workshop on Secure Data Management (SDM'07), Vienna,
Sept. 2007, proc. to appear in LNCS, Springer-Verlag. |
| [3] |
Carl E. Abrams, Juerg von Känel,
Samuel Müller, Birgit Pfitzmann, and Susanne Ruschka-Taylor:
Optimized
enterprise risk management; IBM Systems Journal 46(2),
pages 219-234, 2007.
Preliminary version: IBM Research Report RZ
3657, IBM Zurich Research Laboratory, August 2006. |
| [4] |
Alice Y. Liu, Samuel Müller, Ke
Xu: A
Static Compliance-Checking Framework for Business Process Models;
IBM Systems Journal 46(2), 2007.
Preliminary version: IBM Research Report RZ
3679, IBM Zurich Research Laboratory, November 2006. |
| [5] |
Samuel Müller and Chonawee Supatgiat:
A
quantitative optimization model for dynamic risk-based compliance
management; IBM Journal of Research and Development 51(3/4),
pages 295-308, 2007. Preliminary version: IBM Research Report
RZ
3656, IBM Zurich Research Laboratory, August 2006. |
| [6 |
Samuel Müller: A
Dependability Perspective on Enterprise Compliance; IBM
Research Report RZ
3667, IBM Zurich Research Laboratory, May 2006. |
| [7] |
Christopher Giblin, Samuel Müller,
Birgit Pfitzmann: From
Regulatory Policies to Event Monitoring Rules: Towards Model-Driven
Compliance Automation ; IBM Research Report RZ
3662, IBM Zurich Research Laboratory, October 2006. |
| [8] |
Samuel Müller, Birgit Pfitzmann:
Compliance Management basierend auf Gesetzesformalisierungen
-- Das REALM-Projekt; Tagungsband des 9. Internationalen
Rechtsinformatik Symposions (IRIS 2006), Richard Boorberg Verlag,
Vienna, 296--302. |
| [9] |
Samuel Müller, Birgit Pfitzmann:
Effektives Compliance Management; DIGMA -- Zeitschrift für
Datenrecht und Informationssicherheit, 6(1):36-39, Schulthess,
Zurich, March 2006. |
| [10] |
Christopher Giblin, Alice Y Liu, Samuel
Müller, Birgit Pfitzmann, Xin Zhou: Regulations
Expressed As Logical Models (REALM); Proceedings of the
18th Annual Conference on Legal Knowledge and Information Systems
(JURIX 2005), IOS Press, Amsterdam, 37-48.
Preliminary longer version: IBM Research Report RZ
3616, IBM Zurich Research Laboratory, July 2005. |
|
|
|
| |
|
 |
| |
|
| [1] |
Birgit Pfitzmann, Samuel Müller, Calvin Powers, Michael
Waidner: Research
on Governance, Risk and Compliance (with IBM Unified Governance
Framework, UGF). |
| [2] |
Christopher Giblin, Alice Y Liu, Samuel
Müller, Birgit Pfitzmann, Xin Zhou: Compliance
Management basierend auf Gesetzesformalisierungen -- Das REALM-Projekt;
presented by Samuel Müller at the Internationales Rechtsinformatik
Symposion (IRIS 2006), Vienna, February 17, 2006. |
| [3] |
Christopher Giblin, Alice Y Liu, Samuel
Müller, Birgit Pfitzmann, Xin Zhou: Regulations
Expressed As Logical Models (REALM); presented by Samuel
Müller at the 18th Annual Conference on Legal Knowledge
and Information Systems (JURIX 2005), Brussels, December 8,
2005. |
| [4] |
Christopher Giblin, Alice Y Liu, Samuel
Müller, Birgit Pfitzmann, Xin Zhou: REALM
-- Regulations Expressed As Logical Models; presented
by David Medina at OMG Regulatory Compliance SIG, Boston, June
22, 2005 (slightly corrected version). |
|
|
|
| |
|
|
| |
|
| [1] |
Qingbo Zhu, Windsor W. Hsu: Fossilized
Index: The Linchpin of Trustworthy Non-Alterable Electronic
Records; ACM SIGMOD’05, ACM Press, 395-406 |
| [2] |
Feng Cheng, David Gamarnik, Nitin Jengte,
Wanli Min, Bala Ramachandran: Modeling
Operational Risks in Business Processes; IBM Research
Report RC
23672, T.J. Watson Research Center, July 2005. |
| [3] |
Chonawee Supatgiat, Chris Kenyon, Lucas
Heusler: Cause-to-Effect Operational Risk Quantification; In
Risk Management: an International Journal, 2005.
Preliminary version: IBM Research Report RZ
3599, IBM Zurich Research Laboratory, April 2005. |
| [4] |
Windsor W. Hsu, Shauchi Ong: Fossilization:
A Process for Establishing Truly Trustworthy Records; IBM
Research Report RJ
10331, IBM Almaden Research Center, 2004. |
|
|
|
| |
|
|
| |
|
|
|
