Research on Security and Identity Management (by Marco Casassa Mont) : Identity Analytics

Good R&D Progress in the Space of Identity (and Security) Analytics

marcocasassamont — Tue, 25 Aug 2009 12:11:00 GMT

Good progress has been made in the R&D space of Identity Analytics at HP Labs (in the broader context of Security Analytics).

Various IAM case studies have been explored, investigating how event-driven probabilistic modelling, coupled with economic studies, can be used to help decision makers to make decision on investments, identify suitable metrics & policies, better understand the impact of choices, trade-offs and risk implications.

We got a few papers accepted in international conferences, in particular at IEEE Policy 2009 Symposium, Trust Economics 2009 Workshop and IEEE MetriSec 2009 - covering various IAM aspects.

A few HP Labs Technical Reports are now publicly available:

HPL-2009-173 Adrian Baldwin, Marco Casassa Mont, David Pym, Simon Shiu - System Modelling for Economic Analysis of Security Investments: A Case Study in Identity and Access Management - HPL-2009-173
HPL-2009-142 Yolanta Beres, Marco Casassa Mont, Jonathan Griffin, Simon Shiu - Using Security Metrics Coupled with Predictive Modelling and Simulation to Assess Security Processes - HPL-2009-142
HPL-2009-138 Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran - Towards an Analytic Approach to Evaluate Enterprises' Risk Exposure to Social Networks - HPL-2009-138
HPL-2009-57 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - Identity Analytics - User provisioning Case Study: Using Modelling and Simulation for Policy Decision Support - HPL-2009-57, 2009
HPL-2009-56 Adrian Baldwin, Marco Casassa Mont, Simon Shiu - Using Modelling and Simulation for Policy Decision Support in Identity Management - HPL-2009-56, 2009
HPL-2008-84 Marco Casassa Mont, Adrian Baldwin, Simon Shiu - On Identity Analytics: Setting the Context- HPL-2008-84, 2008

I am looking for input and feedback, in particular additional case studies where to apply our approach and techniques.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

New HP Labs Technical Report – “Systems Modelling for Economic Analyses of Security Investments: A Case Study in Identity and Access Management”

marcocasassamont — Wed, 22 Jul 2009 10:53:00 GMT

A new HP Labs Technical Report has been released, in the area of Security and Identity Analytics, called "Systems Modelling for Economic Analyses of Security Investments: A Case Study in Identity and Access Management" by Adrian Baldwin, Marco Casassa Mont, David Pym and Simon Shiu:

"Identity and Access Management (IAM) is a key issue for systems security managers such as CISOs. More specifically, it is a difficult problem to understand how different investments in people, process, and technology affect the intended security outcomes. We position this problem within the framework of optimal control models in macroeconomics, and use a process model to understand the dynamics of the utility of possible trade-offs between investment, access, and security incidents (breaches). A utility function is used to express the security manager's IAM preferences, and the functional behaviour of its components is described via a process model. Executing our process model as Monte Carlo simulations, we illustrate the behaviour of the utility function for varying levels of investment and threat, and so provide the beginnings of a decision-support tool for systems security managers."

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

EEMA e-Identity: Presentation on the Future of the Identity in the Cloud

marcocasassamont — Mon, 29 Jun 2009 22:30:00 GMT

I recently attended the EEMA e-Identity Conference, in London, 25-26 June 2009. There have been interesting presentation and good talks.

I also gave a presentation on "The Future of Identity in the Cloud: Requirements, Risks and Opportunities":

"This presentation aims at: setting the context about Identity in the Cloud; discussing related identity management issues along with core requirements (coming from users and organisations); illustrating, from an HP Labs' perspective, future possible models, approaches and IT infrastructures to handle Identity in the Cloud.

The introduction of the presentation sets some background: it gives an overview of Cloud Computing and its implications, in terms of service provisioning, security, privacy and identity management. In particular it discusses the paradigm shift from a close & controlled approach (within enterprises) to potentially, on-the-fly composable and customisable services, in the Cloud.

Use cases are introduced to illustrate "common" usage and management tasks involving Identity in the Cloud - from both user and organisational perspectives, including the implications of having to deal with Identity in composable and dynamic services. New emerging, related threats and risks are briefly discussed, such as the potential growth of bogus service providers, targeted attacks to the weakest points in the service provisioning chain and identity thefts.

This will lead to a discussion of key requirements, determined by new interaction models and service-provisioning paradigms in the Cloud, including: control of identity flows and management of distributed user accounts; trust and reputation about service providers in the Cloud; identity assurance; transparency about security practices; privacy (including consent and revocation).

I will then discuss current (categories of) identity management solutions and approaches that deal with aspects of Identity in the Cloud (such as identity federation, identity brokering, Identity 2.0, etc.), along with their pros and cons and failures to address some of the core requirements (such as assurance, trust and privacy control).

The final part of this presentation challenges current assumptions and approaches and illustrates future directions, by presenting HP Labs' medium and long-term vision about how the underlying Cloud infrastructure is going to evolve along with its implication in terms of Identity and Identity Management. This includes the paradigm shifts introduced by the usage of trusted virtualisation, remote attestation of platform capabilities (Trusted Computing Platforms) and identity-driven computational environment (coming from the cloud) that could run on local systems (e.g. at the user side); new emerging identity management models driven by identity-aware platforms and policy-driven delegation of credentials; the role that Security and Identity Analytics can play, by using modelling and simulation, to help organisations to evaluating and predicting the consequences of using services in the Cloud, based on assumptions made on the underlying identity management model and existing threats."

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

New HP Labs Technical Report: Towards an Analytic Approach to Evaluate Enterprises’ Risk Exposure to Social Networks

marcocasassamont — Mon, 29 Jun 2009 22:22:00 GMT

A new HP Labs Technical Report has been recently released, called "Towards an Analytic Approach to Evaluate Enterprises' Risk Exposure to Social Networks" (authors: Anna Squicciarini, Marco Casassa Mont, Sathya Dev Rajasekaran):

"This paper aims at exploring the impact on enterprises of the adoption of Social Networks by employees. It analyses the risks that enterprises could face and suggests a methodology to answer questions, such as: what are the actual risks for an organization, given a specific context? How to assess these risks? What are the most significant approaches that can be taken to mitigate them? What are the financial and organizational implications for an organization in implementing any of the possible approaches?"

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Twitter and its Privacy and Identity Management Implications

marcocasassamont — Thu, 12 Mar 2009 09:33:00 GMT

I recently started using Twitter (my link: http://twitter.com/MCasassaMont).

Twitter it getting more and more popular within (and across) organisations in particular for geographically distributed teams, to share their activities and whereabouts.

I am interested to better understand this tool, in particular in terms of its identity and privacy implications and long term repercussions for individuals and organisations.

I see some interesting research to be potentially carried out in the context of the Identity Analytics R&D project at HP Labs and UK TSB EnCoRe project.

--- Posted by Marco Casassa Mont (here and here) ---

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Identity Analytics: from a compliance-based to a risk-based approach

marcocasassamont — Thu, 18 Dec 2008 15:45:00 GMT

Here is a recent, interesting article called "Banks Need to Take Risk-Based Approach to Data Management":

"Banks need to approach their data privacy and security from a risk point of view, according to experts with New York-based Deloitte. The firm held a webcast Tuesday that discussed how financial institutions can transform themselves from being compliance-driven organizations to risk-driven organizations, two models that are distinct, Edward Powers, a principal with the firm's security and privacy practice, said.

Over the last six to eight months, Powers said he has seen a continued sensitive to risk among financial institutions. "At the same time, I've seen significant moves to downsize budgets and human resources. This is creating strain. Most organizations are now optimizing around the things that are most urgent.""

Interestingly, this reiterates a trend and approach that I have been describing for a while, especially from a security and identity management perspective. I would extend this not only to Banks (and the FI sector), but also to enterprises and Government Agencies.

I believe that, from an identity and privacy perspective, modeling and simulation (coupled with social science and economics) can provide additional support to help decision makers to better understand the consequences of their risk posture along with explaining and predicting the impact of their choices.

Further information about our vision, based on Identity Analytics, has been provided in a few recent blog posts of mine (here, here and here), where I also discussed our view towards strategic decision support for Identity Management (and privacy ...).

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Identity Analytics: Providing Strategic Decision Support for Identity Management

marcocasassamont — Mon, 15 Dec 2008 13:45:00 GMT

I believe that "Enterprise Identity Management" is quickly maturing and, in some way, commoditizing, at least from a product and solution perspective. In this context, thinking about Identity Management (IdM) purely from a technical perspective is showing its limitations.

Decisions on IdM aspects are increasingly made at the strategic level, as outsourcing, cost saving, balancing security with enterprise agility and usability are becoming the main drivers. Strategic discussions on IdM include understanding the implications of new emerging scenarios and risks, such as the adoption of web 2.0 technologies within enterprises, new identity attacks (phishing, whaling, etc.), increased numbers of M&A and workforce reorganizations, IdM Outsourcing and adopting IdM as a Service.

Key decision makers in this space, i.e. CIOs/CISOs, are driven by business needs and risk management. Some of the questions we have been exposed to include:

What is the trade-off between reducing risk in tightening the access to critical applications vs. the loss in productivity as access rights are more limited and time taken to gain these access rights will increase?
Is it better to spend a limited budget on user education or implementing a given technical control, such as automating user provisioning/deprovisioning or providing two-factor authentication?
Should users and business units be allowed to run their own IT solutions or is it better to have centrally managed services?
What is the impact of emerging collaboration technologies such as blogging, Wikis and second life?
Do changes to working patterns such as greater mobility lead to additional risks?

In a few recent blog posts of mine (here and here) I discussed our view and approach towards strategic decision support for Identity Management, based on Identity Analytics.

Your input is always welcome, in particular in terms of providing additional case studies and IdM areas we could apply our approach to.

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Part II: On Applying Modelling and Simulation Techniques to Identity Management

marcocasassamont — Fri, 14 Nov 2008 09:13:00 GMT

Thanks to the readers that sent comments to me (interestingly, by email ...), about my previous post on "Applying Modeling and Simulation techniques to Identity Management". Feel also free to post your comments directly on the blog.

An interesting question I received was about the overall scope of the R&D work on Identity Analytics, i.e. if it only strictly applies to the Identity Management space.

I would say that the scope is wide. The goal is to include also economics aspects, people's behaviours, privacy and privacy management elements along with any IT and business aspects of relevance for the analysed scenario/case study. Our models and simulations indeed represent the (risk mitigation) effects of identity controls: they do it in the context of the scenario of interest, by including the representation of involved processes, data storage, information flows along with relevant applications and services.

The outcomes of our models can vary, depending on the questions we want to answer, such as ROIs in using specific IdM solutions, trade-offs in investments, impact of controls and security on usability, etc.

Hope this answer the question.

Please have also a look at the Demos2k model attached to our recent HP Labs Technical Report HPL-2008-186, for a few illustrative examples of the above points.

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

On Applying Modelling and Simulation Techniques to Identity Management

marcocasassamont — Fri, 07 Nov 2008 15:15:00 GMT

At HP Labs, within the "Identity Analytics" project, we are researching how to apply modeling and simulation techniques to the domain of Identity Management, to explore and predict:

the consequences of potential decisions made by decision makers (e.g. in terms of strategic policies and adoption of controls) on key aspects such as security risks, costs, impact on reputation, etc.;
the impact of identity management solutions on IT infrastructures, people and business contexts;
the implications of people behaviours on security and privacy aspects.

The aim is to help decision makers to assess the consequences of their decisions and explore investment trade-offs. In particular, assessing the impacts on security risks and costs is very important: given the current global financial situation, the "cost" dimension is going to play more and more a key role.

We published a few HP Labs Technical Reports to provide an overview of our R&D work, including HPL-2008-186 and HPL-2008-84. In particular, the most recent HPL-2008-186 report provides and example of a model (based on the Demos2K simulation framework) we used to carry out our simulations and trade-off analysis in a "data sharing collaborative scenario".

Many case studies can potentially be explored with our approach, including Web 2.0 collaborative services, access and protection of critical business applications and services, user account lifecycle management processes, data flows and lifecycle management, identity theft scenarios, etc.

I would be interested in discussing this topic with this community, in particular about related work and exploring any specific requirement or case study you might have in this space.

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Research Study: Huge Amount of Sensitive Data Still on Redundant Computer Hard Disk

marcocasassamont — Wed, 05 Nov 2008 15:35:00 GMT

This interesting article, called "Identity Theft Risks: Huge Amount of Sensitive Data Still on Redundant Computer Hard Disk" provides an overview of a research study to be published soon - warning about the risk of data left on devices to be decommissioned:

"Ongoing research to be published in the International Journal of Liability and Scientific Enquiry suggests that there is a huge amount of sensitive data still on redundant computer hard disks. These devices are often disposed of or sold into the second-hand market by corporations, organizations, and individuals with the data intact. The report's authors say that this data represents a significant level of risk for commercial sabotage, identity theft, and even political compromise, and suggest that better education is essential to reduce the risk of harm. ...

The 2007 study is being made available in its entirety through the International Journal of Liability and Scientific Enquiry. The team is now completing the 2008 analysis and will announce those results shortly as well. However, the initial results for the 2008 study show that there is still a long way to go regarding the decommissioning of computer hard disk drives. The team expects that the complete 2008 study will be made available for publication by the end of the year."

This is an area where "classic" identity management (based on control points) shows its limits. The explicit management of IdM strategic policies, related processes and risks should be a key part of "identity management".

"Identity Analytics" could also be of some help here, to understand the implications of policies and possible strategic decisions (given specific IT and IdM frameworks), along with exploring investment trade-offs.

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Part II: Risk Management for Unstructured Data in Enterprises

marcocasassamont — Thu, 04 Sep 2008 13:09:00 GMT

In a recent post published on the Netweaver Identity Manager Weblog, the author has made a few comments about my post on "Risk Management for Unstructured Data in Enterprises" (well, actually the published URL to my post is apparently broken ...).

Thanks for this input, in particular about three main points that I (tried to) summarise as it follows:

1) Meaning of unstructured data (or the fact that unstructured data does not exist by definition ...)

2) Narrowness of perception of approaches and incompleteness of my list of required solutions

3) Availability of comprehensive methodology for implementing enterprise wide risk management

About point 1), this looks pretty much a philosophical discussion. No doubt that, at the end, we talk about information that has some sort of structure (well, an email has a header, a body with some texts and attachments; a document is made of paragraphs or lines of text; ...). However, the (maybe over-hyped) "unstructured data" term is currently used to (a) identify specific types of information and (b) contrast it against classic "structured data" (e.g. information stored in RDBMS repositories, etc.). I think I will stick with this terminology ...

Back to the key point, recent reports (including the Ponemon Institute's survey on "Governance of Unstructured Data" and other market and research reports) indeed highlight that the management of unstructured data in enterprises is a raising concern for enterprises, both in terms of governance and risk management. I think this is what really matters - independently from the terminology.

No doubt that classification of data is an important point, especially if you ever manage to "find" where this "unstructured data" is, within a complex enterprise environment ... I would say that, given the particular nature of "unstructured data", a preliminary "data discovery" phase might be required, indeed followed by a classification and assessment of its value (considering though, that the value of some of this information might also come from aggregations and correlations ...).

About point 2), by no means my post was meant to provide a definitive or comprehensive assessment and answer to the problem of information risk management or, more specifically, on "unstructured" information risk management. It was just a statement of some "desirable" properties and capabilities that I would like to see (and I know it would be of some help to customers ...).

I am well aware of the complexity of the overall (security) "enterprise risk assessment and management" problem, its extent and the fact that, when assessing and managing (security) risks, many factors are involved, including business goals, IT, other assets, people, processes, awareness/education, etc.

(Security) risk assessment and management techniques/methodologies/frameworks and standards/etc. are indeed out there (e.g. ISO 27005/2700x, CoBIT, etc.). These "standards" provide guidelines and criteria to be carefully refined, grounded and contextualized in various "operational" realities, along with some good, common sense ...

So, no doubt that there are already "comprehensive methodology for implementing enterprise wide risk management", at least from a consulting perspective, but this was not my main point.

My main point was not so focused on these methodologies but rather on the need to better understand and possibly improve the process of exploring, explaining and predicting the consequences and impacts of strategic (policy) choices and decisions in enterprise contexts and environments, in particular when dealing with security matters.

An approach that we are currently exploring is based on modeling and simulation techniques in the security field, coupled with economic theory and social science. Please have a look at the HPL Technical Report on "Identity Analytics" that I mentioned a few times - to see what I mean, in more details (at least from an "IdM perspective").

Specifically, one of my R&D interests is in "(semi-) automation" tools and solutions in this space that can indeed help and support professional and consulting services in their risk assessment & management activities. This includes providing decision support and "what-if analysis", involving modeling and simulation, providing trade-off analysis, etc.

Given the complexity of this space, I deliberately focused on the aspect of "management of unstructured data" and the IdM perspective, well conscious this is just a part of the overall problem and space.

I hope I clarified this point.

About point 3), no doubt about this, as I mentioned above.

However the statement that "comprehensive methodology for implementing enterprise wide risk management is done" sounds (at least to me) sounds a little bit abstract to me ...

It would be of some interest to the readers of this blog if this statement could be elaborated (specifically in the space of IdM and information management) along with providing some recommendations/input/directions (hopefully beyond having to hire a consulting company ...:-)).

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Risk Management for Unstructured Data in Enterprises

marcocasassamont — Mon, 01 Sep 2008 16:21:00 GMT

In the context of the HP Labs' Security and Identity Analytics project I have been investigating the implications of "unstructured data" (i.e. emails, documents, multimedia files, pages in data sharing sites, messages exchanged with Instant Messaging tools, blog posts, data mash-ups, etc.) within organizations, along with how to explain and predict involved risks and explore the consequences of related security (policy) choices.

Is "unstructured data" really a problem for organizations? If so, where is this problem? Well, the content of unstructured data (and/or an aggregation of it) can be confidential as it might include personal, financial and business-critical information. Because of the nature of unstructured data (and associated, emerging tools to handle and share it), there are many ways this data could leak and/or be misused, ranging from accidental disclosures to aggregations of information posted in public areas.

The threat landscape (including threats to data confidentiality, integrity and availability) is potentially broad as many contextual elements, IT components, processes and behavioral aspects are involved.

Most of the current approaches (I am aware of), that mitigate some of the involved risks, are based on traditional IT security and identity "control points" (such as access control, interception points, complex document lifecycle management tools, etc.), addressing "point problems".

I believe this is not enough. Solutions are required to help organizations (and decision makers) to: (1) fully understand the nature of the problem, based on their specific context and environment; (2) have a picture of their overall risk exposure; (3) make informed decisions on which approaches to follow, explain and predict the consequences and define appropriate policies; (3) explore trade-offs.

So far I have found no comprehensive approach/solution providing these features. Is anybody aware of any?

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

Part III: Identity Analytics and Unstructured Data Analysis

marcocasassamont — Fri, 25 Jul 2008 13:11:00 GMT

In previous posts of mine (here and here) I introduced our vision of Identity Analytics and the focus and purposes of our R&D activities.

I received a few emails and queries asking to clarify the link between Identity Analytics and Unstructured Data, considering that this was mentioned in the "On Identity Analytics: Setting the Context" HPL Technical Report.

We believe that "Unstructured Data" is a possible, fertile and rich "case study"/scenario where to explore the concept of Identity Analytics, the applicability of our approach and potential limitations..

The adoption of new "web 2.0" collaborative tools within organizations (TWiki, Sharepoint, IM, etc.) and social networks (Facebook, LinkedIn, del.icio.us, etc.) provides users with better ways to collaborate, create and share contents. At the same time this poses new threats and security risks, due to the nature of unstructured data, the fact that confidentiality issues could emerge from aggregated, simpler pieces of information and the difficulty to retain control on this data. This is where traditional Identity management solutions can show their limitations and where decision makers need to better understand the implications of their choices and/or the impact of defining new policies.

Our R&D work in Identity Analytics really aims, in this context, to explore how modeling and simulation can help to explain and predict the impact of some of these decisions on the organizations (e.g. in terms of risks, reputation, costs, etc.) and explore options and "trade-offs" by providing "what-if" analysis.

Of course the "unstructured data" scenario is just one of the various scenarios we are exploring. I would be interested in hearing from you about other areas you think the "Identity Analytics" approach could provide help and/or address (decision support) issues you might have.

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

On Identity Analytics - Part II

marcocasassamont — Sat, 12 Jul 2008 17:08:00 GMT

In a previous post of mine I announced the release of a new HPL Technical Report, titled "On Identity Analytics: Setting the Context" (authors: Marco Casassa Mont, Adrian Baldwin, Simon Shiu), providing an overview of an HP Labs R&D project in the space of "Identity Analytics".

I received a few emails asking (among other things) about HP/HPL strategies in Identity Management and how Identity Analytics fits in all this. Some additional details follow, based on what I can publicly discuss.

Identity Analytics is an HP Labs project, in the context of the Security Analytics project (Systems Security Lab). The R&D goal of this project is to innovate in the space of Identity Management (in a broad sense, i.e. including also human, social and economic aspects) by moving from an approach purely based on operational Identity Management solutions to an approach that also takes into accounts the "strategic" needs and requirements of key decision makers (e.g. CIOs/CISOs).

What is the impact on an organisation (e.g. in terms of costs, risks, reputation, trust, etc.) when making strategic decisions and/or defining policies in the space of Identity Management? Are current policies adequate based on current (business, security, etc.) objectives? How technical, educational, human, social and business aspects are going to affect the (economic, security and business) outcomes, based on choices and decisions made? What are the relevant trade-offs that need to be analysed and how to evaluate them? How to provide strategic, forward-looking, "what-if" analysis to decision makers? These are some of the questions to be answered ...

This is a green field, open to innovation. In this context, technical Identity Management solutions are just one aspect of the overall equation (and sometimes not the most important ...), that also includes costs, (security and business) risks, business priorities and economic aspects.

I am confident that there are new business and market opportunities in this space, considering also the current shift (backed by key decision makers) from a pure "compliance-based" approach to a "risk-based" approach ...

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---

On Identity Analytics: New HP Labs Technical Report

marcocasassamont — Wed, 09 Jul 2008 09:35:00 GMT

This community might be interested to a new HPL Technical Report, just released, titled "On Identity Analytics: Setting the Context" (authors: Marco Casassa Mont, Adrian Baldwin, Simon Shiu).

This report reflects R&D work we are doing at HP Labs, Systems Security Lab. I am very keen in getting your views and input. The abstract of this technical report follows:

"This paper aims at setting the context for "Identity Analytics" within enterprises and paving the path towards new R&D opportunities. In our vision, Identity Analytics is about explaining and predicting the impact of identity and identity management (along with other related aspects, such as users' behaviours) on key factors of relevance to decision makers (e.g. CIOs, CISOs), in complex enterprise scenarios - based on their initial assumptions and investment decisions.

Ultimately the goal is to provide rigorous techniques to help decision makers gain a better understanding of the investment trade-offs within the identity space (e.g. investing in technologies vs. changing processes vs. investing in users' education, etc.). This means providing "decision support" and "what-if analysis" capabilities to decision makers enabling them to explore these investment trade-offs, formulate new policies and/or justify existing ones. Our vision of "Identity Analytics" is introduced and discussed, along with the methodology that we intend to adopt.

There are many research opportunities and challenges in this space: we believe that a scientific approach is required, involving the usage of modelling and simulation techniques, coupled with the understanding of involved technologies and processes, human behaviours and economic aspects. To ground some of the concepts discussed in this paper, we provide an illustration of Identity Analytics focusing on emerging "web 2.0 enterprise collaborative data sharing", where unstructured information is created, stored and shared by people in collaborative contexts, within and across organisations. We demonstrate how trade-offs can be explored using the modelling approach hence allowing decision makers to explore the different impacts of policy choices."

--- NOTE: use this mirror blog if you prefer posting on an external blog site ---