HOW TO BUILD EFFECTIVE FORMS

• IF A FIELD REPEATS THEN DESIGN IT AS COLUMNS OTHERWISE ROWS• FORM NO AND FORM NAME MUST BE UNIQUE. • FORM NAME SHOULD DESCRIBE ITSELF• IF POSSIBLE, DATA ENTRY SCREEN AND FORM DESIGN SHOULD BE SIMILAR.• IF THE FORM IS USED IN COMPUTER, USE COMBO BOX STRUCTURE IF

POSSIBLE.• IF POSSIBLE, FORM NAME AND FORM NAME IN COMPUTER MUST BE THE

SAME.

HOW TO BUILD EFFECTIVE REPORTS:• TIME OF REPORT & DATE on every Page• TOTAL-AVERAGE-COUNT ETC.• DISC-MONITOR-PRINT

What is BALANCED SCORECARD?

Don’t forget to read the following paper !

• Cebeci, U. (2009). Fuzzy AHP-based decision support system for selecting ERP systems in textile industry by using balanced scorecard. Expert Systems with Applications, 36(5), 8900-8909.

ARTIFICIAL INTELLIGENCE

• EXPERT SYSTEMS-(Chess Game, DIAGNOSIS• FUZZY LOGIC• PATTERN RECOGNITION• ROBOTICS• MACHINE LEARNING• NATURAL LANGUAGE PROCESSING• SEARCH ENGINES• NEURAL NETWORKS• GENETIC ALGORITHMS

TG4.1 Introduction to Intelligent Systems

Intelligent systems Artificial intelligence (AI)

© Luis Alonso Ocana/Age Fotostock America, Inc.

TG 4.2 Expert Systems

Expertise Expert systems (ESs)

Expertise Transfer from Human to Computer

Knowledge acquisitionKnowledge representationKnowledge inferencingKnowledge transfer

The Components of Expert Systems

Knowledge base Inference engine User interface Blackboard Explanation subsystem

TG4.3 Neural Network

TG 4.5 Genetic Algorithms

Genetic algorithms have three functional characteristics:

• Selection

• Crossover:

• Mutation:

TG 4.6 Intelligent Agents

Information AgentsMonitoring-and-Surveillance AgentsUser Agents

Fuzzy Logic

• By using fuzzy logic, we can convert some linguistic variables to numbers so that we can process the values in computers.

• Define membership function : to be tall for turkish boys

• (Example: To be old)

Information Security Management System (ISMS)

ISO 27001 Standard

What is ISMS?

• That part of the overall management system, based on a business risk approach, to establish, implement, operate, monitor, review, maintain and improve information security.

(ISO/IEC 27001:2005 Clause 3.7)

INFORMATION SECURITY MANAGEMENT

Factors affecting ISMS

Escalating RiskGlobalization

Legislation

Government

NGOs

Competition - cost

Corporate culture

Employee

Union Corporate vision & policy

Shareholder

Customer requirements

Consumer

Competition-business

Neighbor

Societal values

Risk toleranceInsurance

Compatibility with other standards• ISO 9001

Quality Management Systems – requirements

• ISO 14001Environmental Management Systems – specification

with guidance for use

PURPOSE OF ISO 27001

Benefits of ISMS• To protect an organization’s information assets in

order to: ensure business continuity, minimize business damage, and maximize return on investments

• Internationally recognized, structured methodology• Defined process to evaluate, implement, maintain,

and manage information security,• Tailored policies, standards, procedures, and

guidelines

Benefits of ISMS• Efficient and effective security planning and

management• Increased credibility, trust and confidence of partners

and customers• Compliance to all relevant commitment• Compatibility with other standards

Information security concepts

Non-Repudiation

Availability

AccountabilityIntegrity

Reliability

Confidentiality

Accountability

Plan-Do-Check-Act cycle & Continual Improvement

Take actions to continually improve process performance – effectiveness and efficiency

Establish objectives necessary to deliver results in accordance with customer requirements and the organization’s policies

Implement the processesMonitor and measure processes and product against policies, objectives and requirements

PDCA Model applied to ISMS processes

ISO 27001 REQUIREMENTS

ISO 27001 REQUIREMENTS

ISO 27001 Requirements

• 1 Scope– 1.1 General– 1.2 Application

• 2 Normative References• 3 Term and definitions• 4 Information security management system

– 4.1 General requirements– 4.2 Establishing and managing the ISMS– 4.3 Documentation requirements

ISO 27001 Requirements

• 5 Management Responsibility– 5.1 Management commitment– 5.2 Resource management

• 6 Internal ISMS audits• 7 Management review of the ISMS

– 7.1 General – 7.2 Review input– 7.3 Review output

ISO 27001 Requirements

• 8 ISMS Improvement– 8.1 Continual improvement– 8.2 Corrective action– 8.3 Preventive action

Audit / Certification Process

Pre-assessment (Optional)

Stage 1: Desk Study

Stage 2: Certification Audit

Surveillance 1

Surveillance 2

Surveillance 3 Surveillance 3

Surveillance 5

Stage 1: Desk Study•Evaluate the location and site-specific conditions•Collection of information regarding the scope of supply chain SMS, information about risk assessment performed and processes•Relevant ISMS documentation and records•Previous audit reports

Stage 2: Certification Audit•Obtain information and evidence about conformity to all requirements of the applicable normative document•Operational control•Internal auditing and Management review

Surveillance Audits•Maintenance visits•Verify continuous implementation of the system in accordance with the requirements of the standard•Evaluation of the effectiveness of corrective action implementation to previously raised NCs

Failure Mode and Effects Analysis Technique for Information Security

• Fill the second line above (fire risk) for the company