Stone Rice Big dot Net

“Much real world data about service systems often has a proprietary nature and security concerns associated with it. The confidential feature of the data may require novel methods of archiving and releasing. Unlike many other subjects, service science researchers must focus their efforts on establishing appropriate legal, social, and economic conventions around data sharing for specific purposes.” (IfM and IBM 2008, p. 13)

“The service-dominant logic advocates that service (singular) involves value-cocreation interactions as service systems create, propose and realise value propositions. The interactions may include things, actions, information and other resources. Value propositions are built on the notion of asset sharing, information sharing, work sharing (actions), risk sharing as well as other types of sharing that can create value in customer-provider interactions.” (IfM and IBM 2008, p. 17)

“The need for more business-to-business service research, including global logistics and lean operations is growing. The trend toward self-service technologies that provision service locally, but are often deployed and maintained by globally integrated enterprises, will drive demand for in-the-field maintenance and security service capabilities.” (IfM and IBM 2008, p. 26)

Source: University of Cambridge Institute for Manufacturing (IfM), and International Business Machines Corporation (IBM). 2008. “Succeeding through Service Innovation: A Service Perspective for Education, Research, Business and Government,” University of Cambridge Institute for Manufacturing, Cambridge, UK.

This has been a very interesting comment in one of the key notes at ECIS 2007. However, it is not quite true. It should be:

Gmail users are bloggers (but don’t care about it).

What does that mean? People are trading the content of their emails for a free 2 GB mail account with a nice GUI. And no one is educating them about the potential consequences.

The overall topic of the key note was the future of the internet and how it will affect our life. So let’s think about it. Google has extended the gmail-kind-of-service for photo (picasa), videos (youtube), telephony (talk), social networks (orkut) and so on and so on.

So we are already publishing almost every digitzed content of our life to companies like google. But is it an actual problem? After all the motto of Google is “Do not be evil”. So it is about trust, then. Do we trust our emerging “big brother” in the internet? Do we like the idea that he knows our holiday photos, our social network, the content of our emails, etc. …? Can we do anything about it?

Again, it is a trade-off between losing privacy and getting a comfortable (and free) digital life. But not every aspect of this trade-off is clear to anybody (including myself, I admit):

What does it mean to lose privacy? Is it a problem at all? When will it become a problem?

Hmm… have to think about it.

My proposal

“Modeling risk mitigation solutions for interorganizational information systems”

has been accepted today!

Here is what I want to do to get the PhD:

Modern information systems can be characterized as inter-organizationally distributed networks of subsystems. Subsequently, IT risks are distributed among involved organizations as well. Mitigating risks always requires a trade-off between technological possibilities, organizational suitability, and economic feasibility. Stakeholders from various organizations have to integrate, communicate, and negotiate aspects of risk mitigation solutions. The objective of this thesis is to develop a conceptual modeling method called CORAX that supports the assessment and design of risk mitigation solutions in distributed information systems. First, a graphical modeling language is developed to visualize risk mitigation solutions to make them understandable to all stakeholders. Second, this research develops model-based techniques that enable visualizing and assessing technological, organizational, and economic impacts of risk mitigation designs. Third, a pattern approach is used to enable reusing experiences and accelerating the design of effective risk mitigation solutions. This research builds upon foundations in method-engineering and conceptual modeling. Overall, it contributes to IT risk management by enabling risk managers to systematically visualize and assess the technological, organizational, and economic aspects of risk mitigation solutions in inter-organizationally distributed information systems.

So, now I am really looking forward to attending the ECIS

The Economist writes about a new way of securing data in databases based on philosophy:

In the 1940s a philosopher called Carl Hempel showed that by manipulating the logical statement all ravens are black you could derive the equivalent all non-black objects are non-ravens. Such topsyturvy transformations might seem reason enough to keep philosophers locked up safely on university campuses, where they cannot do too much damage. (The Economist 2006 8493(380) p. 72)

The underlying principle is similar to the immune system, where lymphocytes (e.g. T-cells) do not have information about any potentially harmful intruders, i.e. all their information refer to body cells. By negating their information base, everything they do not know is a potential threat and thus will be attacked. Hence, lymphocytes do not need information about virusses, bacteria, etc.

Transferring this into the world of computers results in negative databases, that store everything but the actual information. Such negative databases are suitable for protecting privacy, e.g. by just storing the negative information of credit card information. For instance it is possible to query the database for the information about one entry (”Give me the credit card information of person X”). However, it is not possible to process Select *-statements (”Give me all credit card information of your German customers”) (Esponda et al. 2004).

Practically, this means that for instance surveys can use the information stored in such negative databases and derive statistical information of it and do not conflict with privacy concerns of the individuals, whose date is stored in the database (Esponda 2005).

Another application could be data exchange through web services. The big security and privacy problem of web services is that I have to hand out date to some probably unknown entity. So basically web services rely on the hope, that my business partner does not publish my information to the world or sell it to competitors (There is an interesting interview with Withfield Diffie on this topic here). Wouldn’t it be possible to design negative statements of information that I want to be processed by somebody else, that allows the external entity to process it and return a meaningful result without actually knowing the exact nature of the result? Obviously it would not work on any data, e.g. you definitely need to present shipping information to UPS to get the package delivered.

The analogy with the human immune system results in adopting its weaknesses. Failures in knowing what self is can do great damages. Allergic reactions then seem to be the result of the wrong negative information.

References

(Esponda et al 2004) F. Esponda, E.S. Ackley, S. Forrest and P. Helman. On-line Negative Databases. Third International Conference on Artificial Immune Systems (ICARIS 2004) Proceedings, pp.175-188, September 2004. 

[Esponda 2005) Esponda, F. Negative representations of information. University of New Mexico Dissertation, 2005.