D11.1 - SIAM ASS - Initial App and DB Specification
Contents
1. 67 Figure 19 Advanced Database Options Editing Library Categories 68 Figure 20 Advanced Database Options Editing Tasks eeeeeeeereenrnennene 69 Figure 21 Advanced Database Options Editing Perspectives eeeeeeereeeeee 70 Figure 22 Advanced Database Options Editing Actor Roles eeeeeeerneernee 71 SIAM AST Administration Console User Manual 42 1 Introduction and Question Authoring Concepts This document contains instructions for a web based tool that allows users to design the screens which present those assessment questions control their presentation and assign further relational information for the analysis of any answers collected in the toolkit s as sessment report This administrative tool originally built for project partner contributions to a request for information has been further developed into an Administration Console for the SIAM AST It is an administrator level program and its purpose is to allow the modi fication of the core data which sits at the heart of the system with the pool of assessment questions being one part of this core Whilst the document focuses on the tools available for authoring assessment questions brief details are also given on the tools available for user administration and advanced options These additional tools are largely self explanatory Normal end us2. SIAM SECURITY IMPACT ASSESSMENT MEASURES The SIAM Assessment Support Toolkit A Software System for the Support of Technology Impact Assessments Application and Database Specification Deliverable 11 2 Kingston University DR RONALD R GRAU London PROFESSOR GRAEME A JONES The SIAM AST Application and Database Specification 2 Table of Contents PEE ipsi c Y D tel BACKOFO UIO aren aren ne ee eee 6 esa Goals anda DON ON wiseeiccrecnaencremecneestene E E db ds 7 IPS BIC USEC TI ee en eee e eee eee ee ee ee ee E E 9 Ze SV SCC OV Ci VOW E E EE A 11 2 1 SIAM AST Users Roles and Functions ccccceeccceeeeeeeeeeeseeeeeseeeeeseeeesaeeeesaeeessaeeeees 11 2 2 System Architecture and General Description cccccceeeeeeeeeeeeeeeeeeseeeeeeeceesaeeeaeenans 12 2 3 Generi A DDHCSUDD SEEBIUCELIEB eosrascedroUndxUPdUpLO UN UNI UDIUNnUNIGENDIN DIGU UR MUNDI UNUM 14 5 NEU qb 15 SMT Assessment Support Module icsissccta caine adi ua eeu bt ip saei pt ei tU va eb vds Sa wi if 15 Optional MOGLUIGS csstoroxieozsedtauianrtus eds bdtextiac ku BE saga Rusa icula Eria Fate aia acusa PU w EE EN EI BE Ne YES Fi cu a Oa via rv 18 2 92 AU AON COVO sienne tinus cies siepis pump Mns RM EI EU TI EU Rd cUE 19 Deer AOTPHEIS Reel ONE cc kc et ch cce sieueeietiauiudiemi emeret edianc edi lanea i ne aU 19 Question Pool Administration usse p npn ue Fu
3. and what assessment criteria are relevant for the decision Sustainment Wider Change In the sustainment wider change phase the new technology becomes an existing standard without any open questions while economies of scale and scope of the new technology are explored and actors are engaged in promoting the technology Fur thermore possibilities for expandability are identified and tried to be realized The questions here are who is defining new possible expendabilities and which as sessment criteria are used Source 1 It was decided that the prototype will only support the first phase since the partners were only able to provide assessment questions for this phase The SIAM AST Application and Database Specification 18 II The ASSESSMENT REPORTING unit will create documentation useful for further evaluation and management activities in the overall assessment process The assessment leader can generate a report which details the problem context in dicates the overall level of progression in the assessment process depending on the amount of information still outstanding and summarises all information collected grouped by the different tasks and perspectives involved Further some assessment scores are provided for the guidance of assessment activities Whenever further assessment progress has been made the assessment report can be re created at any time Optional Modules The following modules were envis
4. 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 SIAM WP2 Report Security Technologies Innovation Journeys SIAM WP6 Report Threat Scenarios Minutes of the SIAM Workshop and Meeting 17 18 May 2012 UK SIAM Task Definition UF2 version 18 11 2013 SIAM D11 1 Report The SIAM Assessment Support System Initial Application and Database Specification Request for information 1 System Users 20 09 2011 Request for information 22 Infringement 06 12 2011 Request for information 3 Actors Roles Ass Criteria Questions 07 09 2012 Request for information 4 Confirmation Extension of SIAM core information for the data base Decisions made 06 04 2013 Request for information 5 Data Input Assessment Questions 28 08 2013 SIAM D2 3 SMT and CIT Typologies SIAM D3 6 Updating the SIAM Application Requirements WP 3 SIAM D4 9 Updating the SIAM Application Requirements WP 4 SIAM D5 2 Updating SIAM Data Model Requirements from WP 5 SIAM D6 4 Updating the SIAM Application Specification from WP 6 SIAM D7 3 Updating the SIAM Application Requirements WP 7 SIAM D8 2 DRAFT Updating the SIAM Application Requirements WP 8 SIAM D9 9 DRAFT Updating the SIAM Application Requirements WP 9 SIAM D10 4 Updating the SIAM Application Requirements WP 10 The SIAM AST Application and Database Specification 38 Appendices SIAM AST Administration Console User Manua
5. SMT TypolOQV acsesssisscnctnssinduncseiubsseavansadewnsniunwdetanwsatewetndvnnsedenvsbunsvaboaeosbbesunbvaneeeesl 23 Figure 8 Detailed ER Representation of the SIAM AST Data Model 26 Figure 9 High level ER Diagram of the SIAM AST Tables ccccseccsseeecsseessseeeeeeeeeeseaeeeeaess 30 List of Tables Table 1 User Functions in the SIAM AST cccccccecccccccceccceccecececcceacececcaeacececeneavensceneansnsneneas 12 Table 2 SIAM AST Database Tables ccccccceccccccccecccececcecececcacececuceavecececeaceteneneauensceneansneneneas 29 The SIAM AST Application and Database Specification 5 1 Introduction The SIAM project has aimed to develop methodologies and guidelines for the assessment of security measures and technologies in the context of mass transportation facilities Such assessments need to take into account many things for instance that there are dif ferent actors or stakeholders involved the nature of the travel and security processes in herent to mass transportation facilities and the range of legislative cultural economic technical ethical and societal impacts to consider The language used in the original DoW implies a database focused description of sucha support system However as a result of consultations and discussions within the consorti um it was realised that what WP11 actually envisaged was a software tool to support the assessment process being de
6. deo iuo ge uo queque eee Ses aot eus aUe eos ume os doe Eus aee Su OTt UE EU e UE dUE 34 4 2 Velleius tw 35 4 2 1 Question Pool MANAGEMENT ecacisaveat tinuet cina nara eth eC Ruthee d Eat tatit Sete d aane dedu 35 4 2 2 JserManageltmerit ss duse arctic oie decile in ale din auxit enne inu ces iex i aca ac i ae ed M EEUU 35 42 3 wNdvanced DatabDase ODEORS eios eet om a a teas brsbro bec be aeos 35 ROI GFOIICOS A E acier EOS E CE ucE 0C d 5 OB E IR SUE LU EE HUC URS T ENG LEE EET E RES 37 APPENUICE E E 38 Appendix A SIAM AST Administration Console User Manual 39 Appendix B SIAM AST Installation Instructions ccccecccesecesseeeseeeeueecessaeesaeenenecensaeeeas 72 The SIAM AST Application and Database Specification 4 List of Figures Figure 1 General Steps of the Idealised SIAM SMT Assessment Process eee 6 Figure 2 Elements of the Assessment Process ccceececseeeeseeeceeetseeceeeeeseeeeaeeeegeeeeueessaeeeeaess 10 Figure 3 Envisioned SIAM AST Architecture seesseesseeeeeeenene nennen nnne nnns nsn nnn nnns 13 Figure 4 SIAM AST Example Screenshot of the Configuration Wizard 16 Figure 5 Example Screenshot of the Actual Database Tool for Authoring Assessment OOS 10 0S Ne m 2 Figure 6 A Process based Model Of SMT cceccssseceeseecseeteeeecneeteeeseueeeeseeeeaeeseaeeseaeeseaeeeeaess 22 Figure 7 Th
7. support have been omitted Detailed descriptions of the SIAM AST features illustrated with screen shots will be pro vided in the deliverables of WP12 handbook guidelines 4 1 User Level 4 1 1 General Features SIAM AST Dashboard Create new assessment cases Display all existing assessment cases including op tions to configure enter assessment and reporting Comprehensive Internal Messaging System Create and reply to messages sent from other users Receive invitations to assess ment cases Receive notifications for delegated questions including options to ac cept or reject such delegations Library Listing of all file based and web based resources supplied during the authoring of assessment questions ordered by library categories Profile Editor Input forms for changing user account information Name Surname Organisation Email address Option to change the current password Help Across the various functional parts of the system help icons have been included that give additional assistance to users on how to use particular features The SIAM AST Application and Database Specification 32 4 1 2 Assessment Configuration Unit Dedicated wizard style tool for setting up and editing assessment cases O Step 1 General Information Scenario Name Scenario Narrative Switch for enabling the threat assessment workshop results input screens Steps 2 4 or skipping to Step 5 if no workshop ha
8. the server Once these files are gone the SIAM AST login page will be automatically un locked so that entering the base URL of the SIAM AST which we previously used to start the installation for instance on a local computer http 1ocalhost SIAM will then show the login page Figure 43 SIAM AST Installation Instructions 85 quim AME E LOGIN Security Impact Assessment Measures Understanding decision making in the context of security a 71m rm m m i Administration Console Figure 43 SIAM AST Login page After Securing the Application Technical Note The SIAM AST installation scripts are only to be used once when the system is being set up on a computer for the first time If these routines were executed again after the system was installed and then actively used for assessment this would likely cause loss of as sessment data Deleting the installation scripts after the system has been set up success fully is therefore a safeguard to prevent accidental damage to any data which has been stored in the database whilst the SIAM AST was used for assessment SIAM AST Installation Instructions 86 Configuring Email Support optional If enabled the AST uses email exclusively in the administration console in order to inform registered users when a new account has been created for them or when their password has been reset by the SIAM AST Administrator Email is not
9. Database Options Editing Library Categories Note that renaming of library categories will take instant effect in any existing assessment Cases 5 7 Editing Task Definitions In the SIAM AST distinct tasks are used as semantic attributes for assessment questions In the assessment report they allow an analysis of the information contributed by different assessment participants with respect to the assessment tasks to which they contribute The list of tasks available for the semantic tagging done during question authoring can be edited using this advanced database action Note that as with all Editing type database options the renaming of tasks will take in stant effect in all existing assessment questions and cases Newly created task definitions will be available for new assessment questions which are added after the change Deleting SIAM AST Administration Console User Manual 69 task definitions is only possible if these are not actively linked to the current pool of ques tions The application will perform a relevant check once a deletion is attempted SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Advanced Database Options EDIT TASKS Actions Important Notice Back to Options Here you can edit the Assessment Tasks which are connected to questions as semantic tags Before modifying Tasks you should consider clearing all assessment questions and cases first Tasks that are still linked to assessment questions
10. an Existing Database Similarly after entering an existing user name and password and clicking the Test Con nection button next to the related form fields the opening test script will attempt to es tablish a connection to the database server using the given user name and password as credentials Figure 39 SIAM ASI Database Installation ase on the MySQL server This script will test the connection to an existing data ials provided for an existing user account using the credent Operation Status Testing database server connection with user dO12 lace OK Test completed successfully You can now close this window Figure 39 Checking Connectivity with an Existing User Account Note that when using an existing user account the installation script does not attempt to grant particular permissions to this account in relation to any to be created or pre existing databases You need to make sure the user account has sufficient permissions on the cho sen database container to create database tables and insert update and delete contents Which is usually the case SIAM AST Installation Instructions 82 Once all settings have been made and the Install button clicked the database installation script will be started Remain patient as it may take about half a minute before any proto col feedback is reported on screen especially when installing on servers that reside on a network SIAM SIAM AST Database Inst
11. bottom line will say Process completed with errors and a short statement about what went wrong given below In such case the problem will also be clearly indicated somewhere further up in the protocol It then needs to be resolved and all changes rolled back before another installation attempt can be made In particular and depending on which actions have been performed this means deleting any newly created database container and or database user account as well as replacing any modified configuration files with their original versions If the installing user doesn t know which files to replace once again copying over all application files to the server will do the trick Once this step has been completed with success click the Continue button Figure 41 SIAM AST Installation Instructions 84 The main installation page will open indicating that the first of the two SIAM AST installa tion steps has been completed Figure 42 SIAM STAM AST Installation The SIAM AST installati 1 Installing the SLAM databa Install Database DONE secure the Application and Start the SIAM AST Figure 42 Main Installation Page after Database Setup After the database has been installed the SIAM AST application needs to be secured This step is very simple Just click the button Secure the Application and Start the SIAM AST In practice what happens next is that all installation scripts will be physically deleted from
12. entered you must select the topic and respective aspect that forms the context of that question SIAM AST Administration Console User Manual 49 IA IVI ASSESSMENT SUPPORT TOOLKIT Home Assessment Case Actions Preferences Help Core Data New Question Step 1 of 3 Screen Group CONTEXT Actions Select Topic Group optional Create and Back to Overview All Create and Next Step Content Select Topic Bodily integrity Intrusiveness v Figure 13 Stepl Create a Screen Group This page has 3 drop down menus for selection Topic Group Topic and Aspect Topic Group This is an optional selection its purpose being to allow a user to find partic ular topics easier e g selecting Infringement will limit the selectable topics to those pri marily to do with infringement If unsure about which group your desired topic may be located in leave this at the All setting Topic Select the main topic context for the question to be entered in the next step Select ing a topic will limit the subsequent selection of aspects to those defined for the topic For instance selecting any freedom infringement type will limit the available aspects to the normativity dimensions Scope Intrusiveness Coerciveness and Distribution Selecting what was previously called an Assessment Criterion as a topic will limit the aspects to its attributes SIAM AST Administration Console User Manual 50 Buttons Crea
13. installation using Apache web server there is usually no action required no permissions need to be manually set or modified The above is just for information should any Permission denied errors occur during file upload actions with the SIAM AST e g when attaching documents to answers as a normal user MySQL Server SIAM AST requires a MySQL 5 database server which stores all information required to run the application and also the data generated by any assessment cases created with the toolkit The MySQL server can either be installed separately or as part of a WAMP or LAMP pack age Installing the SIAM AST Database The SIAM AST database structure and the initial core data can be created easily by opening an installation script in the web browser To install the SIAM AST database do the follow Ing After both the Web server and the SQL server have been set up and the application files copied into your SIAM AST web folder open the following URL in your browser http server name gt lt SIAM AST web folder For a local installation the server name is usually localhost The SIAM AST web folder is where you copied the application files into e g SIAM For the above example the URL to call would then be http z loocslhost SrAM Z Upon first start up the SIAM AST application will detect automatically if a database instal lation needs to be performed and prompt the user to do Figure 32 SIAM AST Ins
14. script needs the credentials of an SQL user account for establishing a con nection to the database server Depending on the actions selected further down the form this account needs sufficient permissions to create a database create another SQL user account grant user permissions to this account create database tables and perform data insert operations on these tables When installing the SIAM AST on a local computer the default settings should be used This will create a database container named siam a user account named siam db user with all privileges granted for this database and all required SIAM database tables Fur ther the initial SIAM dataset will be imported The SIAM AST application will work instantly as it has been preconfigured to use these settings SIAM AST Database Create a new database using the preconfigured name siam Default Create a new database but use a different name Connect to an existmg database Test Connection Figure 34 Database Installation Settings page 2 4 By selecting any of the alternative options the database name can be changed before crea tion or no database created but an existing database used Figure 34 Similarly a differ ent user account can be created or an existing account used Figure 35 The information stored in the original SIAM AST configuration files will be updated automatically during installation no manual editing is required SIAM AST Database
15. solution and then posing questions to the AST users about the particular problem scenario which is to be assessed Figure 2 The questions are aimed towards ac quiring information from each perspective targeted at particular actors and relevant for specific SMT classes in order to qualify related assessment criteria though answers given The SIAM AST Application and Database Specification 10 by the participants The answers are stored in the actual SIAM database and associated with the specific assessment case at hand Assessment Configuration Interests EUN Assessment Responsibilities Questions Objectives SIAM Tasks DIRIGHS Database Assessment Report Users Stakeholders Figure 2 Elements of the Assessment Process Eventually users are enabled to generate reports or work sheets from the information col lected that give an overview and further guidelines on the different issues addressed dur ing assessment and also those which are yet to be considered Any configurations made in the early stage of the assessment process such as the actors invited and technology op tions selected impact on the kinds and number of particular questions asked To target questions more effectively and rule out those which are not applicable sophisticated con trol structures have been introduced into the question authoring process that allow strict sequences of questions to be defined and conditions placed on
16. the collection and structured provision of information associated with various stakeholder perspectives that are applied in security technology assessment The functionality provided by the SIAM database has the overall goal of increasing the reflexivity of information that is deemed relevant for a balanced technology evaluation amongst the stakeholders who are involved in the assessment pro cess considering their mutual responsibilities and interests In terms of scope the compu tational system will support the assessment process which was outlined in Section 1 1 by allowing users to specify particular problem scenarios systematically collecting and stor ing information related to the above perspectives from the users and stakeholders and making accessible this information in an assessment report that aids them in their effort to resolve open issues and evaluate the suggested technological solution at hand The range of assessment perspectives to include have been initially summarised by the partners in the so called STEP typology Security Trust Efficiency Privacy which was later changed to STEFi Security Trust Efficiency Freedom Infringement This typology pre sents a loosely structured conceptualisation of the orthogonal interests and responsibili ties that stakeholders might consider when they participate in a security technology as sessment process In their definition the perspectives were described as follows Security S
17. to the cur rent pool of questions The application will perform a relevant check once a deletion is attempted SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Advanced Database Options EDIT PERSPECTIVES Actions Important Notice Back to Options Here you can rename the Assessment Perspectives which are connected to questions as semantic tags Before modifying perspectives you should consider clearing assessment questions and cases first RENAME Select Perspective Choose one Rename Perspective CREATE NEW New Perspective DELETE Select Perspective Choose one Figure 30 Advanced Database Options Editing Perspectives The initial perspective definitions provided with the system are a result of the SIAM project and used in its specific set of questions Note that although it is in principle possible to use more or less than four perspectives for the question pool doing so has not been thoroughly tested and may not be fully supported by all features of the toolkit 5 9 Editing Actor Role Definitions Actor roles play an important part in the information gathering mechanics of the SIAM AST Roles are associated to individual actors who participate in an assessment case With SIAM AST Administration Console User Manual 71 respect to the question pool they determine part of the relevance criteria of screens such that particular questions can be targeted at actors of a certain role Eventually the
18. used at all in the actual AST user application because this employs a dedicated messaging system built into the toolkit software However note that the administration console can be used without email support so that having email enabled is therefore not a strict requirement In fact the use of email is switched off by default This can be changed by editing the console s configuration file To enable set Susemail 1 in coredata includes config php To disable set Susemail 0 in the same file If you choose to enable the use of email for the administration console you also need to tell the application which mail server settings to use Smailhost the IP or domain name of the SMTP server gt e g mail yourdomain net smailport SMTP port gt ly Server port for sending mail usually 25 587 or 465 Smailaddr the email address of the sender gt e g Siamadmin yourdomain net Ssmtpuser user name for authentication at the SMTP server gt Ssmtppass password for the above account gt Technical Note Most public web servers will have sendmail support enabled by default i e switching on email support for the AST application as instructed above will then instantly work If it does not contact your web server administrator for help SIAM AST Installation Instructions 87 To enable email for a local WAMP or LAMP installation install and configure PEAR Downlo
19. will then go into the details of some major functional features and illustrate the assessment support mechanics developed for the system The appendix of this document contains further documentation of the system in particu lar the user manual for the administration level access as well as instructions for installing and setting up the system The SIAM AST Application and Database Specification 6 1 1 Background Originally based on the case studies which were carried out in WP2 the consortium de vised an idealised assessment process which the SIAM AST should support The back ground of SIAM is that such an assessment is made in the context of evaluating technolo gy options for solving new or existing security problems Figure 1 shows the basic activi ties underlying this process Problem or incident Negotiation l Timely involvement Technology options and of all Pon qualification of relevant actors Concept New Option assessment criteria Introduction of the solution Testing Development Adoption Diffusion Sustainment Wider Change Investment Decision Figure 1 General Steps of the Idealised SIAM SMT Assessment Process At the beginning of this process stands a scenario configuration phase in which the prob lem situation is described and a technological solution suggested for resolving the prob lem at hand This situation constitutes the beginning of the Concept New Option phase of the technology
20. 0 User Accounts Overview The page offers two significant actions 1 Create a new user account 2 Edit an existing user account Note that single user accounts cannot be deleted as these might be associated to existing assessment cases or data in the question pool It is possible however to clear all user ac counts once assessment cases and questions have been cleared from the database 4 2 Create a New User Account See the advanced database options chapter 5 SIAM AST Administration Console User Manual 62 A new user account can be created by clicking the action New User Account in the navi gation and control panel on the left Figure 20 A new page will open which provides the necessary input fields for entering the user information Figure 21 Logged on SIAM AST Administrator SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Manage User Accounts Add New User Account AE Surname Save amp and Back to Overview Cancel Forename User ID User Email Organisation User Type Contributor v Account active Send Welcome Email Figure 21 Create a New User Account Upon specifying the user ID and saving the application will check whether this ID has already been assigned to a different user and prompt correction if necessary This is re quired to avoid duplicate login names User accounts need a user type specification The SIAM AST currently offers three types 1 Administrato
21. ICS AND ASPECTS Actions Important Notice Backto Options This action will delere all topics aspects and questions from the database as well as all existing assessment cases and answers given by participants This is usually only necessary when the system is to be fitted with a new set of questions whilst maintaining the existing user accounts Are you sure you want to do this Yes Figure 26 Advanced Database Options Deleting Topics and Aspects SIAM AST Administration Console User Manual 67 This is usually only necessary when the system is to be fitted with a new set of questions based on entirely new topics and aspects whilst maintaining the existing user accounts Afterwards new topics and aspects can be created using the question authoring tool 5 5 Complete Reset This action will delete all assessment cases questions answers topics aspects files web resources and existing users from the database SIAM ASSESSMENT SUPPORT TOOLKIT Advanced Database Options COMPLETE RESET Actions Important Notice Backto Options This action will delete all assessment cases questions answers topics aspects files web resources and existing users from the database Note that the default login after the reset is admin admin user name password Are you sure you wantto do this Yes Figure 27 Advanced Database Options Performing a Complete Reset After the reset only one user account will be
22. ME screen group This is useful for specifying a set of question which de pend on each other in terms of mutual conditions or the sequence of presentation See Figure 17 below for an overview of the wizard navigation logic Overview Table New Question Save and Back to Overview Save and Finish Step 1 Step 2 Step 3 Screen Group Screen Screen Context A Content 3 Relevance Create Screen Next Step Next Step Group Add Screen Configure Screen Save and new Follow up Save and new Independent Question Figure 17 Navigating through the Data Input Wizard SIAM AST Administration Console User Manual 57 3 3 Edit Existing Questions See the video tutorial here http youtu be _HMJvXmhMol The core data tool allows editing all elements of any questions which have been created previously Some special functions like the ordering of screens that reside within a screen group are only available when editing screens see section 3 4 Overall the screens for editing are structured exactly as the data input wizard pages and look more or less the same yet are accessible individually Hence they can be operated in the same way as the data input wizard 3 4 Work with Screen Groups In principle there is no problem in adding only single independent questions into the da tabase Technically these then constitute a series of screen groups with every group carry ing a single screen 2question ea
23. User Create a new user account using the preconfigured name siam_ db user and password Default Create a new database user but with a different name password i Use an existing user account for connecting to the SIAM database Test Connection Figure 35 Database Installation Settings page 3 4 SIAM AST Installation Instructions 79 The last setting on the page concerns the data import options Figure 36 When selecting the default option the standard dataset will be imported from the file SIAM_DATA sal which resides in the install directory SIAM AST Data Import ase tables and import the standard dataset Default Create the SIAM data ase tables but data from a different file hen selecting this option the data file needs to be placed in the Install folder before proceeding with the Do not create any database tables or import anything Install Figure 36 Database Installation Settings page 4 4 A modified dataset can be imported by either overwriting the above file and selecting the default option or copying another data file into the install directory selecting the second option and stating the new file name before proceeding with the installation Selecting the third option will skip the entire installation part that is about creating database tables and importing data Sometimes it may be necessary to use other than the default settings especially when the sys
24. acquisition process defined in 1 which is to be supported Different actors get involved in a subsequent evaluation process and these actors may have differ ent roles depending on the stakeholders they represent and associated interests motiva tions and responsibilities The actors engage in the definition negotiation and re definition of the assessment criteria that are important to consider before a decision is made about whether an investment into some technology option should go forward The intrinsic interests and responsibilities associated with each role will determine which as sessment criteria will be deemed important by each particular actor A challenge at this point is to make explicit those assessment criteria as quantitative or qualitative measures which allow a decision to be made whether a certain criterion has been fulfilled After the first introductory phase part of the process is repeated to address further phases of the technology acquisition process which may involve other actors and related assessment see also Section 2 3 for more details The SIAM AST Application and Database Specification 7 criteria This idealised process assumes that after the technological solution has been fur ther assessed in the context of development implementation testing diffusion sustain ment and wider change a well informed decision can be made 1 2 Goals and Definitions The main goal of the SIAM AST was identified in
25. ad http pear php net go pear phar and save this file in the directory that contains the file php exe e g C wampNoinNphpNphp5 3 10Y Open an admin terminal Linux or the command console as Administrator Windows navi gate to the above directory and perform the following commands Oo php q go pear php O pear install o Net SMTP O pear install Mail Mail mime Uncomment the following in the php ini file extension php openssl dll Add the file system path of PEAR in php ini e g add the following line include path C wamp bin php php5 3 10 PEAR Restart the web server for the changes to take effect Application Settings Optional The SIAM AST application has two configuration files which can be edited to change global system settings and behaviour After a standard installation there is usually NO NEED to make any modifications here at all The system should run instantly without any changes to these files Technical Note Edit model db class php in order to change the database connector settings for the SIAM AST user level interface This may be necessary if your database name is different from the default setting or if you ve modified the user account that accesses the SIAM AST database Edit coredata includes config php in order to enable welcome emails or change the database connector settings for the SIAM AST administration console SIAM AST Installation Instructions 88 First Use Ope
26. allation us script will attempt to automatically create the SLAM database on the MySQL server ip Status server connection OK OK OK 2 OK OK OK OK OK DESEE 5 OK Processing data i OK Figure 40 Installation Protocol top section The installation script will perform a series of steps such as Opening a database server connection Creating and or opening a database container Creating a new user account and granting permissions to it or Adjusting the system configuration files to use existing credentials Creating the database tables Importing the standard data set The partial screen shot in Figure 40 shows the installation progress based on the previous custom settings made Figure 37 SIAM AST Installation Instructions 83 Once all steps have been processed without problems the script will report Process com pleted successfully at the end Figure 41 Processm step 109 OK Processin step 110 OK Processin step 111 OK Processin step 112 OK Processin step 113 OK Processin step 114 OK Processin step 115 OK Processin rt step 116 OK Processin step 117 OK Processin step 118 OK Processing data step 119 OK Process completed successfully Continue Figure 41 Installation Protocol bottom section If there were any problems during installation the
27. an access specific assessment cases once invited Provider Can answer only those assessment questions which have been delegated by other actors Observer Can access specific existing assessment cases Cannot answer any questions Can inspect the assessment report Table 1 User Functions in the SIAM AST 2 2 System Architecture and General Description The SIAM approach recognises that in the assessment of security technologies the socie tal technical and economic impacts of the decision to invest in a particular solution have to be considered and made conscious to the different stakeholders participating in this process Depending on the interests and responsibilities of the stakeholders assessment aspects may be related to issues such as ensuring legal compliance establishing and maintaining security operating under financial obligations and restrictions protecting civil liberties or advancing innovation for example Consequently there is a need to adhere to established standards and utilise up to date information that can be retrieved in the public domain or by government authorities e g legal documentation open standards technical reports about newly developed technology crime statistics national and international threat assessments research papers etc On the other side there is also a desire to keep certain information within the facility or institution where an assessment is made such as the physical layout of s
28. c structure to assessment questions Both are embedded in further conceptual elements belonging to the overall information gathering system in particular screens and screen groups as well as their related sub concepts Detailed information about how these concepts are defined and interrelated can be found in Appendix A 3 1 5 Assessment Questions Like topics and aspects the assessment questions are also deeply intertwined with the information gathering system employed by the toolkit In this course the conceptual struc ture of assessment questions has been substantially extended to incorporate additional semantic tags perspectives tasks supplementary resources meta information relevance information technologies actors the grouping and sequencing of questions within screen groups the specification of conditionality and many more SIAM ASSESSMENT SUPPORT TOOLKIT Home AssessmentCase Actions Preferences Help Core Data New Question Step 2 of 3 Screen CONTENT Actions Screen Heading Backto Overview Next Step Relevance Screen Group Context Topic Bodily integrity Aspect Question Text Intrusiveness Existing Questions in this Screen Group None Question Type Yes No Option 1 Yes Option 2 No Question Perspective Security Related Task Not assigned Supplementary Information Figure 5 Example Screenshot of the Actual Database Tool for Authoring Assess
29. cMeasure varchar 256 E e O text text 9 secActors varchar 256 2s erani task fid int 11 screen fid int 11 reu gy fid int 11 9 secActions varchar 256 adduser fid bigint 20 add dati datetime 4 file fid int 11 fid int 11 zx secTools varchar 256 F add dati datetime adduser fid bigint 20 BA r case fid bigint 20 a FN NU id int 11 V id int 11 F add dati datetime 8 id int 11 text longtext name varchar 128 1 id bigint 20 8 id int 11 S name cer rm rat teat M ON ms um tousr fid bigint 20 name varchar 256 category varchar 50 a 1 add dati Pea JO siam lu screen weblink B narrative longtext es mo Ose siam_hu_screen_smttype Sope lor JO s sam lu case seco 4 stepNumber int 11 fO s siam lu case threat 3 screen fid int 11 Nit isread tiny case fid bigint 20 weblink_fid int 11 threatAW tinyint 1 8 case fid bigint 20 8 smttype fid int 11 b 42 eus Bi int 11 EN f add dati datetime 8 threat fid int 11 NU name varchar 48 I1 explanation report varchar 256 i ik i screen fid int 11 KS answerty y me threat fid int 11 8 actor fid int 11 PEE qe 8 areatype fid int 11 id int 11 rz 8 techno fid int 11 3 description varchar 1024 E M add dati datetime Ao 6 probability fid int 11 id int 11 NI JO siam users UO siam lu com
30. cannot be deleted RENAME Select Task Choose one Rename Task CREATE NEW New Task DELETE Select Task Choose one Figure 29 Advanced Database Options Editing Tasks The initial task definitions provided with the system are an outcome of the SIAM project and used in its specific set of questions Note that although it is possible to use more or less than the seven pre defined perspectives for the question pool doing so has not been thoroughly tested with the toolkit In our first preliminary tests no negative effects could be observed though 5 8 Editing Perspective Definitions In the SIAM AST assessment perspectives are used as a secondary semantic attribute in addition to tasks for assessment questions In the assessment report they allow an analy sis of the information contributed by different assessment participants with respect to the attributed assessment perspectives The list of perspectives available for semantic tagging during question authoring can be edited using this advanced database action SIAM AST Administration Console User Manual 70 Note that as with all Editing type database options the renaming of perspectives will take instant effect in all existing assessment questions and cases Newly created perspective definitions will be available for new assessment questions which are added after the change Deleting task definitions is only possible if these are not actively linked
31. ch cf Figure 10 However screen groups have been designed to be capable of containing more than one single screen which provides some interesting features for entering more sophisticated question structures As introduced in section 1 1 having more than one question in a screen group allows these screens 1 to be ordered in a sequence and 2 to be extended with conditions that control their presentation based on the answers given to previous questions in that group 3 4 1 Add a Question to a Screen Group SIAM AST Administration Console User Manual 58 See the tutorial video here http youtu be zfujrkcptOQ In the overview page clicking New question will create an entirely new screen group con taining a new question Adding any follow up questions to an existing screen group can be done either 1 In the Screen Relevance part Step 3 of the data input wizard i e right after one brand new question has been completely specified To do so click the link Enter new Follow up Question Add to this Screen Group in the navigation and control panel 2 When editing the Screen Content or Screen Relevance pages by clicking the same link further down in the lower left part of the screen 3 4 2 Change the Presentation Order of Questions in a Group See the tutorial video here http youtu be ZpwNv 92bEI The navigation and control panel has a section Questions in this screen group which al lows quick switching between
32. configured name siam_db_ user and password Default Create a new database user but with a different name password J Use an existing user account for connecting to the SLAM database d0121ace mrriiitiiitiiiiit SIAM AST Data Import Create the SLAM database tables and import the standard dataset Default Create the SLAM database tables but import data from a different file State filename incl extension is to be placed in the Install folder before proceeding with the installati Note When selecting this option the data file nee Do not create any database tables or import anything Figure 37 Custom Settings Example When configuring the installer to use an existing database and or an existing user name clicking the related buttons Test Connection will open an additional window and a con nectivity check will be performed using the names or credentials provided After entering a database name and clicking the nearest Test Connection button the test script will attempt to establish a connection to a database of the given name Figure 38 using the SQL account credentials stated at the top of the form SIAM AST Installation Instructions 81 SIAM ASI Database Installation Operation Status Connecting to database server localhost OK Opening database d 121ace OK Test completed successfully You can now close this window Figure 38 Checking Connectivity to
33. ddition this process then intersects with other processes like travel The particular nature and parameters associated with those processes need to be considered as well Set de Beer Event Assessment People Assessment Assessment Screening Policing Situation Identification Process Control 4 x Awareness Information and Communication Enforcement Physical Access Figure 7 The SMT Typology The main advantage of the SMT typology is that it adopts a purpose oriented perspective in the definition of security technology as well as a level of granularity that is a Much more explicit and focused than the original definition of the SMT concept and b Sufficient to model and interrelate the various other assessment issues involved in SIAM e g threat crime infringement acceptance effectiveness etc on the basis of a common technology specification The SIAM AST Application and Database Specification 24 3 1 7 Assessment Scores During reporting the SIAM AST takes attributes of the questions asked count perspective task as well as the answers given count actor role to calculate different scores and in clude these in the assessment report All scores come in three flavours 1 Based on the entire question pool Global score 2 Differentiated by individual Assessment Perspectives 3 Differentiated by individual Assessment Tasks Completion This is a measure of how many of the different question
34. e allow a user to make fundamental changes to the system s core data Clear Assessment Cases Click on any ofthe links on the leftto learn more and make sure you know what you re doing before confirming any action Clear Assessment Questions Clear Topics and Aspects Complete Reset Edit Library Categories Edit Tasks Edit Perspectives Edit Actor Roles Figure 23 Advanced Database Options Overview 5 2 Clearing Assessment Cases SIAM AST Administration Console User Manual 65 This action will delete all assessment cases from the database including any answers giv en by participants This action removes user created assessment cases and answers how ever the question pool and existing user database remains untouched so that new assess ment cases can afterwards be created based on the original core data When users log on to the SIAM AST after this action has been performed their dashboard page will be empty SIAM Home Advanced Database Options Actions Backto Options ASSESSMENT SUPPORT TOOLKIT Log out CLEAR ASSESSMENT QUESTIONS Important Notice This action will delete all questions from the database as well as all existing assessment cases and answers given by participants This is usually only necessary when the system has been newly installed and is to be fitted with a new set of questions Are you sure you wantto do this Yes Figure 24 Advanced Database Options Deleting Assessment Cas
35. e an issue from a general question towards more specific ones SIAM AST Administration Console User Manual 60 Note When working with conditions make sure your questions are put in the right se quence and the initial question in a group is displayed unconditionally to prevent locking out the entire screen group from presentation SIAM AST Administration Console User Manual 61 4 User Administration Access the user administration tool by clicking Manage User Accounts on the console s home page Figure 16 4 1 Overview The overview page Figure 20 provides a list of all SIAM AST user accounts giving details on all associated information such as name user ID user type user organisation email address relevant dates as well as whether the account is currently active Only active ac counts can log in to the SIAM AST and or the Administration Console SIAM ASSESSMENT SUPPORT TOOLKIT Home User Accounts Overview x 2014 02 12 2014 02 20 Am Contributor 15 22 40 11 12 25 Home 2014 02 11 2014 02 20 l Potter Harry Contributor a b ac uk 15 58 47 11 10 40 Refresh Overview 3 um 1 2013 05 20 2014 02 20 2014 02 20 New User Account Administrator SIAM AST admin Administrator Some University c d ac uk 18 17 00 11 12 34 10 59 07 2014 02 11 2014 02 20 test test tt Contributor er f ac uk 15 52 59 11 10 56 Never 2014 02 12 2014 02 20 test test Contributor test test 14 54 07 11 11 57 Never Figure 2
36. ect Question Text Intrusiveness Existing Questions in this Screen Group None Question Type Yes No Option 1 Yes Option 2 No Question Perspective Security Related Task Not assigned Supplementary Information Figure 14 Step 2 Edit the Screen Content As outlined in section 1 3 screen content comprises 1 2 3 Heading This is the title of the screen and will be displayed in addition to the topic aspect of the question Keep it short Entering a heading is particularly useful if you have more than one screen in the current screen group as it makes identifying the different screens easier when set ting the order of their presentation Section 3 4 Info text This text will displayed before the question It could be used as an introduction or to give instructions to the end user on how to answer the question in this screen Question text This is the actual question Please consider the question type when formulating the question text next SIAM AST Administration Console User Manual 52 4 Question type Choose one of the question types provided Consider that this will determine how users can answer the question and how answers for this question can be summa rised in the assessment report Every question can only have one answer type If you discover you would like to elic it several types of answers for a particular issue this indicates that several specific quest
37. ecurity describes the technology s functionality in countering threats and reducing risks It covers the questions whether the technology fulfills the promises and expectations regarding its performance Assessment criteria are among others the detection rare the false alarm rate as well as the impact of intended interference or environmental interference Trust Trust encompasses the experience of the technology provider as well as of the technology scrutinized in using the technology Beside the experience the subjective perception defines in which way a technology achieves an appropriate acceptance level Assessment criteria for trust include for ex ample the degree of discrimination regarding the use of technology as The SIAM AST Application and Database Specification 8 well as the potential physiological and psychological invasiveness of the technology such as body scanner and claustrophobia Efficiency Efficiency implies the economical dimension of the technology Assessment criteria for this perspective are the product life cycle costs such as the purchasing costs the implementation costs the operating costs and dis missal costs But it also contains derivative criteria like opportunity costs and the impact on business processes such as the through put or false positive alarm rates Privacy The privacy dimension of technology assessment depicts the impact of a technology on the freedoms and rights of persons Essential
38. ecurity sensitive areas the functionality of existing installations or location specific threat scenarios Based on these considerations we envision the future SIAM AST to work in the manner of a system that uses distributed data with some information retrieved from the public domain or from NGOs or government authorities and further privately held information about The SIAM AST Application and Database Specification 13 facility specific models of threats processes and technologies This is not to say that local information cannot be shared We can imagine for example that an exchange of relevant standards best practices assessment criteria or scenarios between organisations can bring positive synergy effects and improve the speed and quality of technology acquisition processes across mass transportation facilities However a separation of the data will leave the assessing facility or institution in control of what private data to share and with whom At the heart of the computational implementation is a browser based application that sup ports the SIAM security technology assessment process This can be hosted locally on a web server such as an Apache or Internet Information Server and hence installed at dif ferent local sites Private data would be stored on a local SQL database and public as sessment information retrieved over the Internet from other databases which could be provided and maintained by public institutions or g
39. en file This table links supplementary file information with screens siam lu screen smtgroup This table links SMT group information with screens siam lu screen smttype This table links SMT type information with screens siam lu screen weblink This table links supplementary web resource infor mation with screens siam lu secinfo areatype This table links up certain threat assessment infor mation from a scenario siam lu smttype technology This table links configuration information from a sce nario with SMT types siam lu threat areatype This table links up certain threat assessment infor mation from a scenario This table links topics with topic groups siam message This table stores the subject headers of internal mes sages which users can send to each other siam perspective This table contains the perspective definitions which are used as semantic attributes of assessment ques tions siam probability This table contains threat assessment information of the assessment cases created with the system siam proposed security measure This table contains threat assessment information of the assessment cases created with the system The SIAM AST Application and Database Specification 29 Siam screen siam screencontent siam screengroup siam smttype siam task siam technology siam technologyphase siam threat siam topic siam topicgroup siam userfunction siam users s
40. en group it is possible to set up condi tions here See section 3 4 3 for more details SIAM AST Administration Console User Manual 54 3 Question Authoring How To The SIAM AST uses a pool of pre defined assessment questions to display to any users of the toolkit which engage in assessment cases Administrators can modify the question in this pool 3 1 Manage Question Pool On the home page click the link Manage Question Pool This will take you to the set of available question authoring tools SIAM ASSESSMENT SUPPORT TOOLKIT Administration Console Manage Question Pool Manage User Accounts Advanced Database Options Figure 16 Administration Console Homepage 3 2 Create a New Question On the overview page click on New Question to start the data input wizard The wizard will walk through the main steps as outlined in the subsequent sections eliciting the nec essary inputs on the way The following subsections briefly outline the major steps that need to be carried out More details on the individual pages can be found in section 2 2 Also note that there video tutorials for each page 3 2 1 Step 1 Set the Context of the Screen Group See the tutorial video here http youtu be GkZnkcrWtcE 1 Select a topic 2 Select an aspect 3 3 2 2 SIAM AST Administration Console User Manual 55 Click Create amp Next Step Step 2 Enter the Content of a Screen See the tutorial vide
41. ent ccccceeceseeceeeeeeeceseeceeeeaeeceaeesaeesaeeeeaeeegeetaseteeeenes 5 Figure 6 Step Configure Screen Relevante suci tivi iat s Cie teu s pus cuba utar oret o Levis dbonds doma cud 53 Figure 7 Administration Console Homepage seesseeeeeeneennnne nnnm nnne nnne nnne nnns 54 Figure 8 Navigating through the Data Input Wizard eseeeeeeeeeeennennnnn nnn 56 Figure 9 Quick switch and Reposition the Order of Questions within a Screen Group 58 Figure 10 Setting Conditions on Questions ccccecceseeesseeeseeeseeseeeeeeeesaestaeeeageeeeetaeenaeeteeteees 59 Figure 11 User ACCOUNTS OVelVIGW uscsocc eve ute vu uta vu ati eo ouicu d cuu cue Sun cu cuu cue cuu cut cu oan dude dud dd 61 Figure 12 Create a New User Account esessesseseeseenennen nennen nnne nenne ni ri reines reines reir iare 62 Figure 13 Edit an Existing User Account sssessseeseeeenee nennen nnne nnn nnne nnne nnns nnn nnns 63 Figure 14 Advanced Database Options Overview eeeeeeeseeeeeeennne nnne 64 Figure 15 Advanced Database Options Deleting Assessment Cases 65 Figure 16 Advanced Database Options Deleting the Question Pool 66 Figure 17 Advanced Database Options Deleting Topics and Aspects 66 Figure 18 Advanced Database Options Performing a Complete Reset
42. ers assessment participants of the SIAM AST will usually not operate this tool These users will log in to a dedicated user interface to engage in an as sessment There they can enter own custom questions which are specific to a particular assessment case There is a comprehensive range of video tutorials covering almost an hour of illustrated explanations and detailed How To walkthroughs for different features of the tool in par ticular the authoring of questions Access the entire range of video tutorials here http www youtube com playlist listZPLDMjco4x4wUd RAazIAriKfS9QA 1 kxU7f Note that the tutorials refer to the original request for information RFI 5 posed to the partners of the SIAM project However its practical content is still relevant for end users of the SIAM AST as the question authoring functionality in the Administration Console is largely identical to the previous RFI 5 version of the program 1 1 About Screens and Screen Groups The SIAM AST data structures for assessment questions organise all data input around two major concepts screens and screen groups A screen contains 1 textual information which a user may see when presented with a sin gle question including a question heading an introductory text and the actual question text A screen also has 2 configurational and relational information which includes the type of answer expected the particular STEFi assessment perspective addressed by
43. es 5 3 Clearing Assessment Questions This action will remove the standard question pool from the database as well as all exist ing assessment cases and answers given by participants The latter is necessary because there are active data links between the pool questions and existing assessment cases and related data which need to be removed as well SIAM AST Administration Console User Manual 66 SIAM ASSESSMENT SUPPORT TOOLKIT Wome Logout Advanced Database Options CLEAR ASSESSMENT QUESTIONS Actions Important Notice Backto Options This action will delete all questions from the database as well as all existing assessment cases and answers given by participants This is usually only necessary when the system has been newly installed and is to be fitted with a new set of questions Are you sure you wantto do this E Yes Figure 25 Advanced Database Options Deleting the Question Pool This action is usually only necessary when the system has been newly installed and is to be fitted with a new set of questions 5 4 Clearing Topics and Aspects This action deletes all topics aspects and assessment questions from the database as well as all existing assessment cases and answers given by participants These data ob jects need to be cleared together because of active data links that exist between them in an installation SIAM ASSESSMENT SUPPORT TOOLKIT Wome Logout Advanced Database Options CLEAR TOP
44. es tions that are presented in a particular sequence Every question can have one condition making its presentation dependent on the answer which was given to a previously pre sented question See Figure 19 for example This shows a partial screen snapshot of the Screen Relevance page On the left hand side it can be seen that there are three questions in the screen group Removal of clothing and two further questions asking for more details The ques tion displayed in bold font is the one which is currently being edited Removal af clothing Removal of clothing Details Condition Removal of clothing Details 2 Show only if question Removal of clothing has been answered with Yes Enter new Fallaw up Question Add to this Screen Group EDIT CONTEXT EDIT CONTENT JUST SAVE Enter new Independent Question Create new Screen Group Figure 19 Setting Conditions on Questions In this example the condition has been set such that the first main question needs to be answered with Yes for the second question to be displayed In other words the system will only ask for further details on the Removal of clothing issue if this is in fact an issue and skip the details questions otherwise In this general way the display of questions within screen groups can be controlled based on the answers given by the end user to previous questions This feature is particularly practical for using question sets which explor
45. es based on the answers given by all actors in volved and an appendix of all questions considered and answers collected WYSIWYG style report editor for the assessment leader Chapter selection links introduction one chapter for each defined task Automat ic inclusion of assessment case configuration information in the introduction facili ty to add a custom introduction Display of all assessment questions answered the specific answers given by the actors including links to any files attached ordered by topic and aspect including custom questions at the end of each chapter Indi cation of agreement conflicts or missing information for each question Facility to enter a summary statement for each chapter to include into the assessment report Button to generate the assessment report document in a separate window with the information provided Compiling of a printable assessment report personal summary Automatic generation of the chapters Inclusion of all information provided during report editing Calculation and visual representation of assessment scores for com pletion actor involvement and participation also differentiated by perspective and task Appendix of all questions posed and answers given by the actors involved 4 2 The SIAM AST Application and Database Specification 35 Administration Level 4 2 1 Question Pool Management 4 2 2 4 2 3 Question overview and filters Comprehensive autho
46. ferent actor roles from which the answers come from This score is therefore a further qualification of the completion and actor in volvement scores Calculation x The count of distinct roles that have answered nr of unconditional questions divided by y The count of distinct roles that have been invited nr of unconditional questions the related users would see The SIAM AST Application and Database Specification 26 3 2 Physical Data Model The physical data model codifies and structures the data and information required to facil itate the functionality of the assessment support software Since the SIAM AST uses a rela tional database data tables need to be specified that define the relevant concepts and the specific attributes that characterise these concepts The structural information in these tables then needs to be interrelated to form an effective data model Figure 8 according to established design principles so that the data model reflects abstract properties of the embedded concepts and their relations with each other like cardinalities and constraints for example go t id int 11 JO siam lu case user G name varchar 48 WA case fid bigint 20 8 topic fid int 11 WO siam file IO acce siam topicoroup user fid bigint 20 WO siam task id int 11 V id int 11 role explanation longtext i 8 id int 11 category _fid int 11 Ba B name vorchar 48 it f
47. fly the purpose of each Table 1 The SIAM AST Application and Database Specification 27 siam actor This table contains the different types of actor roles supported by the system siam answer This table stores all the answers and justifications giv en to assessment questions across all defined assess ment cases siam answercustomquestion This table stores the answers given to any custom as sessment questions posed by individual users siam answeroption This table contains additional information about the different answer types supported for assessment ques tions siam answertype This table contains the different answer types support ed for assessment questions e g single or multiple choice Yes No free text etc siam areatype This table contains threat assessment information of the assessment cases created with the system siam aspect This table contains the second level element of the hi erarchy that structures assessment criteria for in stance topic attributes or dimensions of normativity siam assessmentcase This table stores the names of the different assessment cases currently specified in the system This table contains the available library categories siam customquestion This table stores the custom assessment questions which were defined by individual users siam delegatequestion This table stores information about all the questions that were delegated during assessment siam docume
48. he application For any desktop PC or server running Windows as oper ating system an example is WAMP Server an open source product which is available for free use under the GPL license Summary of the Installation Steps In brief the following steps need to be performed to install the SIAM AST 1 Install and configure a web server Install and configure a database server Download the SIAM AST application files archive and unpack to a temporary directory Copy the SIAM AST application files to the web root directory of the web server Install the SIAM AST database Configure E mail support optional Oo uU A U N Note that the installation parts of step 1 and step 2 are usually performed together when installing a WAMP or LAMP software package on a local computer Application Access Levels The SIAM AST has two levels of access realised through dedicated user interfaces 1 A user level which allows the creating and editing of assessment cases performing of as sessments and generating of reports 2 An administration level which offers features for changing the core data of the system and for creating and managing user accounts Both user interfaces can be accessed via the main login page http lt server name gt lt SIAM AST web directory gt index php SIAM AST Installation Instructions 75 SIAM AST Installation and Configuration Details Web Server We recommend to install the SIAM AST on an Apache Web Ser
49. how or hide the afore mentioned options Button to cy cle through the current sub set of questions selected Custom Questions Editor Tool for creating a custom question Task association Recipient s Subject Question text and target this to another user or all existing users of a par ticular role Completion Bar Display of answering progress for the currently selected subset of questions Filters The SIAM AST Application and Database Specification 34 Filters to select a subset of question from the pool similar to the topic dash board but faster access suited for routine users of the system Filtering by Task Topic and Aspect Quick link back to the topic selector tool o Question Navigation Tree Hierarchical expandable collapsible representation of the currently selected subset of questions categorised by Topic and Aspect including any custom questions at the end of the tree Direct selection and display of questions by clicking on the elements of the tree Indication of answering progress colour change of tree elements visual ticking off of questions 4 1 4 Assessment Reporting Unit Different types of reporting documents depending on user function o Summary of the case plus the current user s personal contributions ques tions answered answers given questions delegated and custom questions asked o Assessment report containing comprehensive information about the case in cluding analysis and scor
50. iam weblink This table links together all information that is neces sary to present an assessment question to the users including conditions and the sequence number of a question within a screen group This table contains all data that is directly related to an assessment question such as heading question text perspective task answer type etc This table contains information about screen groups i e containers used to organise individual related questions such that they can be presented to the user in a sequence or with certain conditions in place The screen group also links to the topic and aspect which those questions share This table contains the groups defined in the SMT ty pology e g Threat Detection Access Control etc This table contains the different SMT types e g Identi fication Situation Awareness Access Control etc This table contains the task definitions which are used as semantic attributes of assessment questions This table contains configuration information of the assessment cases created with the system This table contains configuration information of the assessment cases created with the system This table contains threat assessment information of the assessment cases created with the system This table contains the top elements of the hierarchy for structuring assessment criteria This table contains groupings of topics to allow users to find particular assessment criteria faster
51. ich counter infringement measures clothing Details 2 are in place acceptance Does the SMT process person Assess legal v identifiable data PID issues test ertwtg ergrweg Test Test Wo wird die Uberschrift Why is the rate so high angezeigt fcxvxcvxc this is the question text Figure 12 Overview Page 2013 08 27 10 31 49 2013 08 27 11 27 57 2013 08 23 11 39 15 2013 08 20 19 30 59 2013 08 20 16 29 40 2013 08 20 15 41 04 2013 08 20 1531 37 2013 08 13 14 38 53 2013 08 15 15 21 26 2013 08 20 17 03 05 2013 08 21 02 55 06 2013 08 21 m One the left hand side the navigation and control offers options to refresh the table to display any entries that may have been made by other users since the last refresh Fur ther there are a couple of filters to limit the table display to one s own entries based on the user name currently logged on or single topics Clicking on New Question will trig ger a data input wizard which takes the user through the three steps required to set up a question Context Content and Relevance On the right hand side the table provides buttons that allow editing context content and relevance for existing screens screen groups User can also choose to delete screens if necessary However for contributors this option is limited to those screens they have cre ated themselves 2 2 2 Screen Group Context Page Before a question can be
52. ioned as useful future extensions of the system Their requirements have been considered as far as possible in the structural design of the core application to ensure they can be added later without causing major problems yet they present optional functionality beyond that what has been specified in the DoW In the pro totype we have illustrated in part how the interconnection with such modules could look like Threat Assessment A tool for planning threat assessment sessions and recording the results according to the methodology developed in WP6 These could then form a partial input for the technology assessment support system The assessment case configuration wizard in the prototype does provide input elements that correspond with the methodology in SIAM s WP6 2 Library Navigation and database slots for library search Whenever a user encounters a question that he or she cannot answer this optional tool could allow them to search a repository of suitable documents for further information The prototype features supplementary re sources that are directly associated to questions and which users can consult In addition a simple library tool which automatically collects and lists any resources provided by ques tion authors has been provided Ticketing Once practicable models of actors stakeholders and related organisations have been cre ated we imagine that a ticketing system could be developed for distributing requests for info
53. ions in the Navigation and Control Panel When entering a new question there are special buttons that allow you navigate to the next entry step 2 2 Question Authoring Specifics Throughout the process of creating or editing screens there are one overview and three main input screens corresponding to the descriptions in section 1 2 1 4 All three need to be edited or configured to prepare a question for presentation on screen 2 2 1 Overview Page This is the first page presented upon entering the tool It shows a table in the main work area listing details of any screens which have been set up thus far ASSESSMENT SUPPORT TOOLKIT SIAM SIAM AST Administration Console User Manual 48 Logged on Ronaki Grau ee TR ee re Bee Actions etres Bodity integrity Filters Show my own entries only Bodily integrity Scope Filter topic Data Data mini processing ng All Topics Effective Reliability prevention Accuracy Sensibility Bodily integrity Scope Through put False positive Accuracy Flexibility Compliance Labels Seals Bodily integrity Intrusiveness Bodily integrity Intrusiveness bsec Freedom Infringement Freedom Infringement Security When using the SMT are passengers Assess required to remove some of their organisational clothes issues Assess acceptance Issues Removal of Please give details about which clothing Details clothes need to be taken off sss Removal of Wh
54. ions are needed Add separate questions i e screens for every type of answer desired 5 Question perspective Every question explores one particular assessment perspective one out of STEFi Choose the one that applies If you think a particular issue may be assessed from different perspectives add additional questions i e screens to make these explicit 6 Related task Fvery question may be associated to a particular task Depending on the answers given by the end users it can later be determined in the assessment report to what extent these tasks have been addressed Select the one that applies or leave unas signed 7 Supplementary information Files and web links are presented as a reference to end users when the question is displayed in order to help them answer it You can add web links or upload files such as PDF images Word documents or spread sheets As long as the SIAM AST is hosted at the Kingston University web space make sure the file size does not ex ceed 2MB We hope this can be increased later 2 2 4 Screen Relevance Page In this part the presentation of the screen can be configured At the top of this page the heading info text and question text entered as content is displayed as a summary SIAM AST Administration Console User Manual 53 S A IM ASSESSMENT SUPPORT TOOLKIT Home AssessmentCase Actions Preferences Help Core Data New Question Step 3 of 3 Screen RELEVANCE Actions Some headi
55. it in the same group a condition can be put on the second question to be shown only if the answer to the first question was Yes SIAM AST Analysis and Reporting Assessment Case Configuration m Presentation Order Qq rB gt Screen Group I Screen Group Screen Group i Topic Aspect i Topic Aspect i Topic Aspect Jj Il Screen Screen Screen Screen Figure 10 Screen Groups and Screens in the SIAM AST SIAM AST Administration Console User Manual 44 When selecting a question for presentation to some user the SIAM AST will first select all available screen groups based on their context definition and then further evaluate whether any questions that reside within these groups should be shown Entering the required information to create a question involves three steps which are de tailed in the following sub sections 1 2 Screen Group Context This term relates to selecting a combination of 1 a topic and 2 an aspect to set the context for a question As screens which contain individual questions are al ways organised within screen groups independent of whether there is a single question or several questions in a group the context is a technical attribute of the screen group For example one possible context for questions about freedom infringement is the topic Bodily Integrity and its dependent a
56. l 39 Appendix A SIAM AST Administration Console User Manual SIAM SECURITY IMPACT ASSESSMENT MEASURES SIAM AST Administration Console User Manual 20 February 2014 Kingston DR RONALD R GRAU University London SIAM AST Administration Console User Manual 40 Table of Contents 1 Introduction and Question Authoring Concepts n eereeenre eren nnn 42 1 1 About Screens and Screen Groups eeseeseeseeeeeneennee nnne nennen nnne nnn nnn nns 42 INE rac iRCetlonSeoirad m 44 1 3 Screen Content NER 44 NS Sree A RELEY INO ee ntti inetatc atvlantesittenltectoetetnanitie naioseandaaie eaaauantanpannenimatens 45 Access Workspace Areas and Navigation eere essere eene nene nena nas e asas nana uasa rus 46 2 1 Basics and AY GUE ussscoispvtanedz tavit nuc oreet ad ina did andi Fea Daciae veu a Eus va Ev ual vUa vM S 46 2 l PCCESS and Home PAGS usseneieetu tine ipe a E atn i IN Lo oda Do peona E 46 2 12 Leader BBlususeuaudisuminmuadE amm E 47 2 1 3 Navigation and Control Panel eseeeseesseeeneee nennen nennen nnne nnn nnns 47 2 1 4 Main Work Area sseessesseeeeeeee nnne nnnm nnne nnne nnn sn nas na sanitas ns 47 2 0 Question Authoring SDGCITICS usxsxacuscvestedvs xke ve nauicu xstuqs dau qa dia qu Gab HE y aux at ao IM sIcpe CY nS VES 47 22l OVEIVIOW Pag Re EET 47 2 2 2 Screen Group Contex
57. l Topic selector tool visualising the structure of available assessment questions and personal completion progress for each user Panels for each task Sub panels for each topic Sub panels for aspects Overall completion progress bar progress indicator for all related questions displayed on the panels as well as for custom questions available and the related progress made with those Population of the filters with the information selected in this tool to al low seamless interoperability Comprehensive Assessment Interface for information gathering O Assessment Case Information Panel An expandable Collapsible panel containing assessment case configuration details for reference Situation Technology Invited Actors and their roles and functions Quick links to Configuration Topic Selector and Reporting Avail ability according to the defined user function Question Display Question heading Info text Question text Answer field option Justification text field option to delete change a given answer visual indication of the question perspective Additional Options Tools and Resources Option to attach upload document files with an answer Listing of such at tached files including links underneath the question panel Option to send a delegation request for the current question to another actor Option to in spect additional file and web resources specified during the authoring of the question Button to s
58. ly data gather ing and processing are major aspects of privacy assessment But also rights like intimacy and self determination are part of the privacy dimen sion and must be taken into account for an assessment Source 3 In terms of the system s internal mechanics these perspectives are used as semantic tags for assessment questions They were later extended with another such tag called tasks The range of SIAM tasks has been defined by the partners as follows Assess organisational issues Here all questions must be assigned to that deal with the integration of the SMT in to the business processes This entails questions about allocation of responsibilities actors and location Assess economic Issues This describes all questions about economical consequences of the implementation of the SMT For example requirements of space personnel and investments Assess technological issues The technological issues deal with all attributes related to the functionality of the SMT For example through put time electric or IT requirements or dependencies on further technologies Software Assess legal issues The SIAM AST Application and Database Specification 9 The legal issues shall entail all legal obligations or code of conducts that are con nected to the SMT Assess security issues The security issues deal with all questions that assess the reasons for implementing the SMT and all questions about effectiveness i
59. m The position put forward by the consortium partners was that basically anyone who might be an actor or stakeholder in a technology acquisition process could be considered a user Initially two distinct groups of stakeholders were identified and the relevant roles responsibilities and interests elicited 6 The results of these activi ties have been detailed in 5 Ultimately the consortium decided to employ a simpler list of role descriptions based on the results of 9 and not to consider the previously developed Areas of Interest and Re sponsibility AIR 8 as a further qualification of those roles The following roles were specified e SMT Investor e SMT Operator e NGO e SMT User Organisation e Data Protection Authority e Regulator Politician e Law Enforcement e Technology Developer In addition user functions and related permissions which apply to tasks in particular as sessment cases were defined The SIAM AST Application and Database Specification 12 Assessment e Can set up new assessment cases Leader Coordinator e Can specify and invite other actors e Can answer assessment questions e Can edit and generate the overall assessment report Assessment access assessment cases once invited Participant yes answer assessment questions according to their specified role create custom questions to be considered by other actors generate a Summary report of their personal contributions Information C
60. ment u id bigint 20 Va bigint 20 lt i R 255 8 screencontent fid int 11 category fid int 11 e 8 u name varchar 16 user fid bigint 20 infotext text 8 case fid bigint 20 9 name varchar 1024 V id int 11 ih iy ee varchar 50 task fid int 11 n arta V user fid bigint 20 3 content varchar 2048 threat varchar 256 hus char 32 comment longtext p text longtext answertext longtext tt adduser_fid bigint 20 P threatActors varchar 256 Daa A Te Spee SE SIME activeQ tinyint 1 f add dati datetime threatActions varchar 256 m u_type ate Bt HERI ee aan ee rege task fid int 11 answeroption fid int 11 threatTools varchar 256 add_dati datetime id int 11 answertype fid int 11 E justificationtext longtext V id int 11 9 add dati datetime mod dati datetime screencontent fid int 11 adduser fid bigint 20 Gi name varchar 128 8 Il dati datetime Pt case fid bigint 20 F add dati datetime u active tinyint 1 status tinyint 1 moduser fid bigint 20 u organisation varchar 32 appear tinyint 1 F mod dati datetime u surname varchar 50 u email varchar 50 Figure 8 Detailed ER Representation of the SIAM AST Data Model 3 2 1 Database Entities In the following we will present a comprehensive list of all the database tables developed for the SIAM AST and indicate brie
61. ment Questions See Appendix A for detailed information The SIAM AST Application and Database Specification 22 We have developed a comprehensive set of authoring features which the SIAM partners initially used to specify their particular assessment questions See an example screenshot of the authoring tool provided to the partners in Figure 5 This tool was then subsequent ly further developed and integrated into the SIAM AST Administration Console 3 1 6 Security Measures and Technologies SMTs One of the most important concepts at the core of the system relates to the security measure technologies SMT which are being assessed The consortium realised early on that the initial conceptualisation in the DoW was not suitable to frame the related issues appropriately Our revised conceptualisation of SMT has been based on a process based model of the security domain which identifies the nature of security policies as the defin ing element for security measures which are purposeful activities in the first place Our model then differentiates the actions for achieving the purpose of a policy from their im plementation aspects i e the actors and or technology involved in executing the actions Our approach recognises that technology as a concept comprises more than just a naive perception of technical devices e g procedures can be considered technology too More importantly the approach allows pinpointing more precisely the locus
62. n a Chrome browser Enter the SIAM AST URL http lt server name gt lt SIAM AST web directory gt For instance this is the URL to use for a local installation http localhost SIAM Log in to the SIAM AST using the default Administrator account admin admin You should now see the main menu and an empty dashboard Click on the PROFILE option and change the password of the default administrator account Consider that a strong password uses a combination of letters numbers and special charac ters Make sure you remember the password chosen Log out On the SIAM AST login page click the Administration Console link Log in using admin as user name and your newly set password Click on Manage User Accounts and create additional users as necessary The default user type for the SIAM AST user level interface is Contributor Assign the other types Adminis trator or Developer only to those users that need access to the administration console Log out of the Administration Console when finished
63. n addressing them Assess acceptance issues This category deals with all questions that are assessing the level of acceptance by an individual This entails all scrutinized persons such as personnel and passengers Assess social issues The social issues differ from the acceptance issues in that matter that it deals with the meta level of acceptance or the consequences of the SMT implementation on the society as a whole This can be aspects such as a change in behaviour because of the knowledge that the area is under surveillance Source 4 In terms of data modelling the tasks are considered a much more differentiated categori sation of assessment dimensions Technically speaking both perspectives and tasks are used as independent semantic attributes of questions in the system even though the defi nitions agreed by the partners show a clear conceptual overlap between both Generally such semantic tags are useful for analysing information gathering results according to the criteria embodied by them 1 3 Basic Use Case The development of a software system usually involves the design of one or more use cas es that reflect the problem which is to be solved and map the real world process to soft ware processes and user interactions At its core the acquisition of information has been realised through a mechanism of first defining an assessment case with all relevant information about a scenario and a suggest ed technological
64. n countering threats and reducing risks Different actors are interested in influ encing the technology development For this purpose they are mobilizing resources articulating demands and building networks in order to adapt the technology Con cerning the analysis of the security technology assessment process it is important to answer the question why a certain technology is selected by whom for further de velopments Testing Development During the testing development phase different assessment criteria are used to evaluate the technology performance Pilot tests in the existing infrastructure are conducted and give some insights about the compatibility and performance of the technology At this stage various problems occur which leads to a sobering phase after the big promises in the concept phase Furthermore learning processes under time pressure occur The central question here is how the technology is assessed by the decision makers and which criteria have been used for the testing and develop ment Adoption Diffusion After a phase of testing and problem solving the technology is introduced to the in frastructure The adoption of a new technology contains a connection to the existing technology as a replacement an addition or an integration in existing processes At this time the technology has to demonstrate its reliability and system compatibility The relevant questions are who is deciding at which time the technology is adapted
65. nERnER XE S Km EMNxSU EU EM R a E Ke XXe NEN Ee ord mie ek edo win Ron 19 Advanced Database ODON S sse cun cuscvuc ses vodbxaku cx E ana ExENK SES IS NV hUSE SEE II siu KU RUN MEER E PUN UE 19 3 Database MOG 20 EN MIN CONC OD a E E ee 20 Jdel AsSesSMENT CASE riiisg aahi 20 red ATO a E anc isissuoscecsaieuceaiageeinengssemaaeecausee 20 TS POCE e A A 20 32134 TON diit 739 CCI enone eee eee ee eee eee 21 31 5 Assessment QUESTIONS srren EE EEEa ENa ENEN EEEE AEE ERENER 21 3 1 6 Security Measures and Technologies SMTS ccccccecssceceecceeseeeseeeeeeeeeeseeeeeenans 22 Dele ASSESSMENT OCONEE S 2osenuuteniaenR pui MGE EE 24 Gener UU Tm 24 Involvement of JACLOES ooo cose epos eee c no veo ven per UEcye D UeTEe ive ve UE IW OD FRI Da e E c P ND rennene esu desee 24 The SIAM AST Application and Database Specification 3 FaFBICIDOPIOL S esses Dee E MM E I EM M MI 25 3 2 Physical Data MOGUBI 5 teitortestostes totas otros ve etutar olus uve o i bb Eb VEM ME M EEE 26 22l Database Entities ce 26 3 2 2 ENUIMICS ANG RELAUIONS eie a E 30 OMNI UCM dir mer 31 A T ser bevelen aaan a 31 Ak General Feature S acson E AA EES 31 4 1 2 Assessment Configuration UNmit s ico dos acne o RE De uro PED NEN AR RIED RD RTT CUBES 32 4 1 3 Information Gathering Unit 1seeesseeeseeeeeeennenen nnnm nnne 33 Al Assessment REDOFUIMG DEI
66. ng Finish and Back to Overview Some info text Finish and new Follow up Question Whatis the question Add to this Screen Group Finish and new Independent Question SMT Group SMT Type Actors Create a new Screen Group ThreatDetection V SMT Investor _ Access Control W SMT Operator Policing V NGO Screen Group Context Supot Identification W SMT User Organisation Topic _ Physical Access W Data Protection Authority Bodily integrity _ Situation Awareness V Regulator Politician Enforcement v Law Enforcement V Technology Developer Aspect Existing Questions in this Screen Group Condition N one Show always no condition v Figure 15 Step3 Configure Screen Relevance SMT Group SMT Type Select the SMTs for which the question should be displayed The relation between SMT groups and their SMT types are coded by colour Clicking an SMT group will de select all corresponding SMT types Actors Select the types of Actor who should see your question By default all actors are enabled When an assessment case is set up and different questions displayed the various assess ment participants logging on to the AST will have one of the actor types listed assigned to their user account The system will then determine which questions to show to a user based on the selection made in this section Condition If you have more than one question in a single scre
67. nistrative interface Figure 11 SIAM ASSESSMENT SUPPORT TOOLKIT Administration Console User ID Password Back to Assessment Support Toolkit Login Figure 11 Administration Console Login SIAM AST Administration Console User Manual 47 After the system has been newly set up the default login is admin admin You can create additional users with the Administration Console but note that only users of type Admin istrator or Developer can access the Administration Console 2 1 2 Header Bar The header bar is a simple heading display It tells what tool is currently in use Core Data and what you are currently doing Create or Edit Question 2 1 3 Navigation and Control Panel This part on the left hand side is the primary means for navigation It provides a range of Actions suited for the current input screen filters for the overview table as well as con textual information and tools for editing screens Screen group context order of ques tions special commands Note that clicking on any of the links shown in this panel will save any entries made before going to the selected destination except for Cancel commands 2 1 4 Main Work Area This is where data is displayed Overview table or entries made e g Context Content or Relevance In the data input pages there may be buttons at the bottom of the page these are just there for convenience and usually have the same function as the Act
68. nt This table stores information about the documents which users have attached to their answers siam email This table stores the contents senders recipients and status information about internal messages which us ers can send to each other siam existing sec reg info This table contains threat assessment information of the assessment cases created with the system siam file This table stores information about all supplementary files supplied with authored questions siam lu answer document This table links documents supplied with the users answers to assessment questions The SIAM AST Application and Database Specification 28 siam lu case secinfo This table links configuration information from a sce nario with the particular assessment case created for that scenario siam lu case technology This table links configuration information from a sce nario with the particular assessment case created for that scenario siam lu case threat This table links configuration information from a sce nario with the particular assessment case created for that scenario siam lu case user This table links configuration information from a sce nario with the particular assessment case created for that scenario siam lu comment This table stores the additional content created during the editing of an assessment report siam lu screen actor This table links actor role information with screens siam lu scre
69. nts in particular the definition of the question pool and information gathering mechanics can be found in the SIAM AST Admin istrative manual which is attached to this document as Appendix A 3 1 Main Concepts 3 1 1 Assessment Case The concept of an assessment case has been devised as a container for the description of a particular assessment problem It comprises a narrative of the initial situation detailing the location the threat a technology specification in terms of related SMT types and the acquisition stage for which an assessment is to be made Further the assessment case also contains information about the different actors who are involved their professional roles and assessment functions in the case 3 1 2 Actors Actors are the individuals who are involved in an assessment process Actors usually rep resent different institutions or groups of stakeholders and take part in the negotiation of assessment criteria that will be applied for evaluating technology options 3 1 3 Roles Actors represent different roles in an assessment process which correspond to particular interests and responsibilities of their institution or stakeholder group The SIAM AST Application and Database Specification 21 3 1 4 Topics and Aspects The ideas previously associated with assessment criteria and KPIs 5 have been concre tised in the form of a two tier hierarchy of topics and dependent aspects which are used to give a basi
70. o here http youtu be QmUhLdvsiAw l Zi Enter a heading Enter info text if applicable Enter the question text Set the question type Select question perspective Select related task Add supplementary information Click Save amp Next Step 3 2 3 Step 3 Configure the Relevance of a Screen See the tutorial video here http youtu be CP1 AcxHYFAQ l 2 3 Select all SMT groups and or types that apply to the question Deselect all actors who should not see the question Setup a condition that needs to be fulfilled for the question to be shown This fea ture is only useful if there are at least two questions in the screen group See sec tion 3 4 for more details Upon finishing all selections there is a choice to either 1 2 3 Click the Save and Finish button or the Finish and go back to the overview link This will save any entries made on the last wizard page and load up the overview table Enter a new independent question Link in the lower left of the navigation panel This will restart Step 1 of the wizard i e create a NEW screen group and a NEW question within this group This is useful for entering many independent questions quickly one after the other Enter a follow up question Link in the lower left of the navigation panel This will go to Step 2 of the wizard prompting you to enter a NEW question within SIAM AST Administration Console User Manual 56 THE SA
71. odules 2 3 General Application Structure Based on the different nature of the tasks that users of the SIAM AST can perform the software platform has been structured into a user and an administration level While the user level is intended to host the functionality directly related to assessment support the administration level provides tools for creating and editing the support data needed to run the system such as database connections users or data profiles that are used by the as sessment support application or any future modules added to the platform The SIAM AST Application and Database Specification 15 2 3 1 User Level SMT Assessment Support Module The assessment support module is the central functionality to be implemented in the pro totype Essentially this part of the software is a front end to the SIAM database with which users engage in assessment activities This part of the software will be realised with the provision of different screens that provide active guidance to the user i e a Wizard like interface that ensures all necessary inputs are made and in the right order for the next activity to proceed An overview of the first design of an operationalised assessment sup port process can be seen in the Appendix of this document This main module of the SIAM has been further structured into three units The infor mation specified and collected within each unit will contribute towards the final assess ment repor
72. of those SMT elements that may impact on the broad range of assessment issues addressed by SIAM 4 Security Policy Is implemented T3 a Security Measures are defined by are utilized for Security Measure Technologies Figure 6 A Process based Model of SMT Actors The SIAM AST Application and Database Specification 23 A typology was developed which uses SMT groups and SMT types that encode the intent of common security policies underpinning major security plans and which integrates the re lated ideas such as the use of preventive and corrective measures or the establishing and protecting of the integrity of security for example It also acknowledges that real world impact assessments do not usually face single technologies rather than complex technolo gy stacks embedded within solutions where every individual technology part may have a distinct impact on various issues depending on what it is used for For example a person or luggage scanner device actually combines a number of different scientific technologies for imaging analysis reporting etc in order to offer a technological solution to a prob lem and in compliance to the policies outlined in a security plan Moreover a solution is actually part of a wider security process involving human operators and their specific activ ities as well as architectural elements and economic constraints for instance In a
73. overnment authorities Policy Setters as Information Providers Public authorities Watchdogs Local Users NGOs Government institutions Policy Setters and Implementers as PRIVATE DATABASE PUBLIC DATABASE Responsible for Users se raid amp Standardised Models Assessment Updates P Questions and Procedures Figure 3 Envisioned SIAM AST Architecture Figure 3 shows how this architecture could look like should the system be chosen to be adopted and deployed at a comprehensive national or trans national scale Within the Sl A graphical overview of the initial outline of the process that is to be supported can be seen in Appendix 1 The SIAM AST Application and Database Specification 14 AM project our aim is to create a prototype of such a system which illustrates the capabili ties of the assessment support application As the partnerships with policy setter organisa tions which are required for implementing the above approach have not been established yet we will realise the solution using local demo databases The prototype functionality comprises a modular software platform which has a technology assessment support appli cation as its core unit which in turn connects to the SIAM database This database will store various kinds of assessment information such as that about the actors involved in the technology acquisition process their particular roles the assessment criteria related to these roles and the ques
74. present in the user database which acts as default Administrator The login for this default account is admin admin user name password 5 6 Editing Library Categories The SIAM AST organises all supplementary resources uploaded or specified during ques tion authoring in a global library User of the AST can access these resources from the main menu When a user uploads such resources they are asked to select a category into which the respective file or web resource will be placed In order to prevent duplicates and make sure only sensible categories are used users select from a list of predefined catego See section 2 2 2 SIAM AST Administration Console User Manual 68 ries rather than specify such categories by themselves However the Edit Library Catego ries database option allows editing the list of categories which are available for selection during question authoring SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Advanced Database Options EDIT LIBRARY CATEGORIES Actions Important Notice Back to Options Here you can edit the Library Categories available for files and web resources Note that modifying existing categories will affect any files and web resources currently in the library Categories that are still linked to resources cannot be deleted RENAME Select Category Choose one Rename Category CREATE NEW New Category DELETE Select Category Choose one Figure 28 Advanced
75. questions specified within a single group and changing their presentation order Available when editing the Screen Content or Screen Relevance pages of a question Questions in this Screen Group Removal of clothing Removal of clothing Details Removal of clothing Details 2 Figure 18 Quick switch and Reposition the Order of Questions within a Screen Group Simply point to one of the grey bars and left click to load the current editing page for a particular screen Left click and hold and drag the grey bar above or below any of the oth ers to reposition When the mouse button is released the grey bar will fall into place at the indicated location Clicking any of the links in the Actions section will save the specified order Note If any of the grey bars says Empty heading then no screen heading was specified in the question s screen content page To do so left click on the Empty heading link and SIAM AST Administration Console User Manual 59 then on Content in the navigation panel if necessary Then specify a heading for the question Upon saving the grey bar for that question will show the specified heading Note 2 Switching questions will automatically save your latest changes Repositioning will not 3 4 3 Set up Conditions for Questions in a Group See the video tutorial here http youtu be zfujrkcptOQ If a screen group contains at least two questions conditions can be set between the qu
76. r 2 Developer 3 Contributor For creating a normal SIAM AST user account choose Contributor as type The other types are only relevant for accessing the Administration Console If e mail support has been activated in the application settings there is an option to send a welcome email to the new user using the stated email address However doing this is not required for creating a user account as such 6 See the SIAM AST Installation Instructions for details SIAM AST Administration Console User Manual 63 4 2 Edit an Existing User Account By clicking the Edit button for a particular user account in the Overview page Figure 20 the information associated to a user account can be changed as well The respective page looks similar to that used for creating a new user but with all available information popu lated Figure 22 SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Manage User Accounts Edit User Account R Surname Actions Save amp Back to Overview Administrator Cancel Forename SIAM AST User ID admin User Email c d ac uk Organisation Some University User Type Administrator Account active Reset Password amp Send another Welcome Email Figure 22 Edit an Existing User Account Note that the application will prevent a console user to delete or change the type of a sole Administrator account This is a safety measure to prevent any careles
77. ring interface for creating editing and deleting assessment questions o Context specification Topic groups topics and aspects select or create new o Content specification Heading info text question text answer type perspective task supplemen tary files or web resources select specify or upload sequencing o Relevance criteria specification SMT groups SMT types Actor roles specific conditions sequencing User Management User accounts overview Comprehensive management interface for the creating or editing of user accounts Surname Forename User ID User Email address User organisation User type Ad ministrator Developer Contributor Account activation deactivation Reset of ac count password Sending of welcome emails Advanced Database Options Overview of available commands Clearing of Assessment Cases Details and Confirmation page Clearing of Assessment Questions Details and Confirmation page Clearing of Topics and Aspects Details and Confirmation page Performing a complete reset The SIAM AST Application and Database Specification 36 Details and Confirmation page Editing of Library Categories Options to Rename Create Delete Editing of Tasks Options to Rename Create Delete Editing of Perspectives Options to Rename Create Delete Editing of Actor Roles Options to Rename Create Delete The SIAM AST Application and Database Specification 37 References 1 2
78. rmation or specific assessment tasks to the users responsible within the facility or within other organisations Partial elements for such functionality have been implemented The SIAM AST Application and Database Specification 19 in the form delegation and communication features which allow the auditable transfer of assessment questions between actors as well as a comprehensive messaging system that coordinates those actions 2 3 2 Administration Level User Administration This part of the tool provides facilities for system administrators to create and manage user accounts and set specific options for each user For the prototype a comprehensive system of user permissions will not be required Here having individual user accounts serves the primary purpose of being able to create actor role configurations that can be associated with the user accounts In practice this means that different actors and or stakeholders could be enabled to log on to the system participate in the assessment pro cess or address tasks that have been assigned to them by other users The prototype does however distinguish between different user types where Contributors represent normal SIAM AST users whereas Administrators and Delevopers can also access the SIAM AST Administration Console which normal users should not Question Pool Administration This part provides a comprehensive authoring toolkit for creating and editing screens and screen g
79. roups associated to the assessment questions in the system and setting relevance criteria and conditions Advanced Database Options There are a number of advanced database operations available in the Administration Con sole that allow modifying and adapting the system s core data in order to allow installers to exploit its basic mechanisms in different contexts These options are primarily intended for maintenance purposes and to facilitate the continued use of the toolkit as a commer cial or research tool after the SIAM project The SIAM AST Application and Database Specification 20 3 Database Model The database model defines the entities and relations which will be used to structure in formation in the database It describes the main conceptual entities used in mapping the assessment process as well as the physical data structures necessary to facilitate the software s assessment support functionality Most conceptual underpinnings have already been discussed in the initial database specification 5 and subsequent reports 11 19 and summarised in chapter 2 of this document In this chapter 3 we will briefly reiterate the ideas underpinning some of the main concepts developed and then focus on present ing the physical database model in terms of entity relationship diagrams as well as a de tailed description of the data structures developed Further in depth specifics on the con ceptual structure of the assessment support eleme
80. s been conducted beforehand Step 2 Threat Assessment Workshop Results Threat description Threat Actors Threat Actions Threat Tools Affected Are as Assets and Probabilities Step 3 Existing Security Regime Information Description of existing security measures at the facility categorised by area Public areas Terminal Station Ramp Train Tunnel Baggage Control Center Other Step 4 Proposed Security Measures Details about the proposed security measures that came as a result of the threat assessment workshop differentiated by Security Actors Security Ac tions and Security Tools Step 5 Technology Specification Technology Name Technology description SMT Classification Step 6 Technology Acquisition Phase Selection of the phase currently Concept New Option only Details Step 7 Assessment Leader Information Display of data about the current user including Full Name Organisation E mail Address Selection of the Professional Role for the current case Explana tion of the role Assessment Function automatically set to Assessment Lead er Step 8 Assessment Actors Information Tool for inviting actors to the assessment case selection of the Professional Role for the each actor as well as the Assessment Function of the actor Management of all assigned users change role unassign The SIAM AST Application and Database Specification 33 4 1 3 Information Gathering Unit High leve
81. s in an assessment case have been answered at all The calculation is based on the non conditional questions of the screen groups because are the ones guaranteed to be shown If each of those questions has re ceived at least one answer the score will be 1 10096 Calculation x The count of answers given for any non conditional questions of the case divided by y The count of all non conditional questions that would be posed in the case Involvement of Actors This score is based on the number of different actors which have been invited to a case vs those which should have been invited target roles specified for the questions weighted by the number of questions which these actors would see In addition to the score a list of the actors who should be invited to the current is provid ed as well in the assessment report Calculation x The count of distinct roles that have been invited nr of unconditional questions they would see divided by y The count of distinct roles that each unconditional question was targeted at nr of those questions The SIAM AST Application and Database Specification 25 Participation This score is based on the number of different roles that have answered any questions vs all those which SHOULD have answered them target roles specified for the questions The participation score is useful to identify assessment questions that have received an unbalanced set of answers in terms of the dif
82. s user from locking out by mistake the only available administrator account from accessing the sys tem However if there is more than one user account of type Administrator specified in the system these settings can be changed SIAM AST Administration Console User Manual 64 5 Advanced Database Options The SIAM AST Administration Console offers advanced database options for making fun damental changes to the system s core data including question pool user accounts as sessment cases and related data library categories perspectives tasks and actor roles These options can be useful to use the assessment support system for further research and apply its core mechanics and features to contexts other than those of the original SI AM project The feature set described in this chapter can be accessed by clicking Advanced Database Options on the console s home page Figure 16 5 1 Overview The available actions are listed in the navigation and control panel Clicking on any of the actions for clearing database contents will display another page with details about what the action will do As most of the clearing actions will make profound changes to the SIAM database the user is required to explicitly confirm whether the action is to be carried out SIAM ASSESSMENT SUPPORT TOOLKIT Home Log out Advanced Database Options BE CAREFUL Actions Important Notice Home The advanced database options on this pag
83. se rele vance settings are taken into account in the calculation of assessment scores for reporting SIAM ASSESSMENT SUPPORT TOOLKIT Advanced Database Options EDIT ACTOR ROLES Actions Important Notice Backto Options Here you can change the Professional Roles of Actors available in the system Before modifying Actor Roles you should make sure all assessment questions and cases have been cleared first RENAME Select Role Choose one Rename Role CREATE NEW DELETE Select Role Choose one Figure 31 Advanced Database Options Editing Actor Roles As with all Editing type database options the renaming of roles will take instant effect in any assessment questions and cases that already exist when the change is made Newly created roles will be available for new assessment questions which are added after the change Deleting roles is only possible if these are not actively linked to the current pool of questions or any assessment cases respectively SIAM AST Installation Instructions 72 Appendix B SIAM AST Installation Instructions SIAM SECURITY IMPACT ASSESSMENT MEASURES SIAM Assessment Support Toolkit Installation Instructions 24 February 2014 Kingston DR RONALD R GRAU University London SIAM AST Installation Instructions 73 Table of Contents SIAM AST Installation Overview cere eere eere ere re erre eren nn rn nnam naasn anna ana a n
84. seesssseeeene nenne nnne nna rne seres na senses usum se sre snae sa rennes 61 4 2 Edit an Existing User ACCOUNT ui itiscus ue cuddus ek unt Pnkethraxsakea uns pvP xa Ex Xabxex vcr rV e M IEEE 63 Advanced Database Obptions 14 1 enis eres eere ene nenne nana nn naa an nana n aa asus uasa aa asma aa asma aaa mmus 64 GUI 64 5 2 Clearing Assessment Cases esssesssesseeeeeenene a sanas nnns 64 5 3 Clearing Assessment QUESTIONS ssssnisiesidimtuitu xs ved indent Feller diis Wl tuve dra resURU Fd EE 65 5 4 Clearing Topics and ASDGCES iicet aperuit ed c Fa a e Rc Eno ic Rn caede e e d 66 525 COMPIE ERE O a ee ec ee ee ee ee ee MI DIEI 67 ROEG Mirah Cale ONG TT OT 67 SIAM AST Administration Console User Manual 41 5 7 Editing Task Definitions essorer irin rierien innisin rinrinta 68 5 8 Editing Perspective Definitions eu vekexcentexienivecid r 69 5 9 Editing Actor Role Definito exisset Ex bRG ROAD nnna 70 List of Figures Figure 1 Screen Groups and Screens in the SIAM AST seeesseeeeeee nennen nennen 43 Figure 2 Administration Console Login eeseesseeeeeeeene nennen nnne nnnm nnne nnne nnns 46 HOUre 3 OVC Page a ice saris rss ends desde da d ce isin ee el ei ei sae 48 Figure 4 Step Create a Screen Group cccscceccecseceeceececaesnecneaeceecaeaesueseecesauseecesarseesescesanseess 49 Figure 5 Step 2 Edit the Screen Cont
85. spect Intrusiveness 1 3 Screen Content This is relates to all information that directly defines a screen 1 A heading 2 An info text 3 A question text 4 A question type 5 ASTEFi perspective 6 A related task 7 Any supplementary information that should be provided to the user SIAM AST Administration Console User Manual 45 1 4 Screen Relevance Screen relevance settings can be made to control the presentation of a screen All screens including those which reside in the same screen group can have their individual relevance settings These include 1 SMT groups and types for which the questions should be considered by the toolkit 2 Particular actors to which the question should be shown 3 Conditions to make presentation of a screen dependent on the answer given to a previous question in the same group SIAM AST Administration Console User Manual 46 2 Access Workspace Areas and Navigation 2 1 Basics and Layout Apart from the home page all editing tools in the Administration Console share a similar work space layout 1 A header bar 2 A navigation and control panel on the left hand side 3 A main work area to the right of the control panel 2 1 1 Access and Home Page You can access the Administration Console through the main login page of the SIAM AST click the respective link which sits underneath the login input fields You will then be re directed to a different page to login to the admi
86. t Page ccccccceceeceeseeceecececaececaeseeeceeeesaeeueeueeeeseeseeeeeeas 48 2 2 9 SEEN Content PaE uses oe exa iras E ERARE ERENS 50 2424 ENR Van e PAG a uiv D T E 52 Question Authoring HOW TO sssssesunnennnennnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnnn nanne E EE I SENE UE 54 3 1 Manage Question POON sisi diese cecdvadesdwacvedusemeswecaveueesseusemeduacuestacuadeecinsecabacevexcnvanesseeues 54 3 2 Create a New QUESTION Ree nnn rine an er 54 3 2 1 Step 1 Set the Context of the Screen Group ccccceecceeceeeeeeeeeeeeeenseeeeeeeeenenaeens 54 3 2 2 Step 2 Enter the Content of a SCOCN ccceccceeeceeeceeeeseeeseeeeeeeceeeeeeeeeeeegeenaeeees 55 3 2 3 Step 3 Configure the Relevance of a Screen eese 55 3 3 Edit EXIStinG QUESTIONS scssenxentuntinzustkwzuntuvEustrstauitasiaxixxdastautautzskuiztisEarsezazkwsEez asas EwrdisER 57 3 4 Work with Screen COU DS qmod retis ndum a a minit d stb SERES 57 3 4 1 Add a Question to a Screen Group esee mmn nnne nnn nennen 57 3 4 2 Change the Presentation Order of Questions in a Group eese 58 3 4 3 Set up Conditions for Questions in a Group ceecceecceeeeeeeeeeeeeeeeeeeeeaeeeeeeenseees 59 User Administration ueniet ccectvctececcenceneeceeesescecenctansacessnenevancewescidstececutuiessuceversncdesbessststesceuetec 61 Mt VOR Zw L 61 4 2 Create a New User ACCOUnRLE ssese
87. t that is being generated as an output of the whole module The ASSESSMENT CONFIGURATION unit provides wizard style input masks to fa cilitate the 1 Specification of the problem context for which technology options need to be assessed Several screens are used to collect all the information that comprise the scenario context for the assessment such as details about the facility for which an as sessment is made the threat to address the technology options considered and the corresponding stage in the technology acquisition process Figure 4 2 The selection of actors that are to be involved in the assessment process the roles these actors will take in this process as well as their assessment functions In this second step the user will first provide information about themselves as assessment leaders and then specify the actors which will be involved in the as sessment process Further the user is supposed to specify which role and func tion each actor will take in the process The SIAM AST Application and Database Specification 16 u SAVE 5 TECHNOLOGY SPECIFICATION Please name and describe the technological solution or device considered in this assessment case and select the applicable SMT classes which describe the specific purposes of its sub components Technology Name Advanced Luggage Monitoring Description This system employs video surveillance to monitor public areas for abandoned l
88. tallation Instructions 77 SIAM AST Installation The SIAM AST installation is performed in two steps l Installing the SLAM database 2 Securing the application by removing the installation files Install Database Figure 32 Main Installation Page on First Start up On clicking the button Install Database a page with installation setting is shown Figure 33 This page allows adjusting installation and application parameters before the data base is being deployed SIAM SIAM AST Database Installation Settings Installation Notes This page allows setting basic parameters for the SLAM AST database imstallation For a new installation on a local computer the default settings can be used For security make sure you use an encrypted connection before sending any of the requested account credentials through the form below esp when installing the SLAM AST on a public server If there are concerns about transmission security it may be safer to directly edit the header of the file Tnstall createdb php before copying the application files to the server When ready click the Install button at the bottom to proceed SQL Account for the Installation Here you may provide the credentials of an existing MySQL account that has sufficient permissions for performing the mstallation user name password Figure 33 Database Installation Settings page 1 4 SIAM AST Installation Instructions 78 The installation
89. te New Topic will open a popup window allowing you to define an entirely new topic and its definition Note that the topic will be placed in the currently selected topic group if you don t want to associate your new topic with any group leave the topic group at the All setting before clicking this button Show Definition will display the definition of the topic currently selected Note that most predefined topics don t have a definition yet These will be inserted into the database at a later stage Aspect This will display the particular assessment aspects or attributes belonging to a topic selected previously Note that a topic and its aspect need to be selected before a question group can be creat ed and subsequently a question put in this group Button Create New Aspect will open a popup window allowing you to define a new aspect for the selected topic 2 2 3 Screen Content Page Here you can edit the contents of a screen A screen corresponds to a single question In the navigation and control panel on the left you see the screen group context set for the current screen SIAM AST Administration Console User Manual 51 S A M ASSESSMENT SUPPORT TOOLKIT Home AssessmentCase Actions Preferences Help Core Data New Question Step 2 of 3 Screen CONTENT Actions Screen Heading Back to Overview Next Step Relevance Info Text Screen Group Context Topic Bodily integrity Asp
90. tem is to be installed on Web and or database servers that already exist as part of the network infrastructure of an organisation like a University for instance In such case the installing user does normally not have the required permissions to create new databases or database users or grant any permissions to users Instead only pre defined database and user names may be available to install the system with Figure 37 shows an example of how the SIAM AST installation parameters can be adjusted to allow an installation in en vironments with such technical restrictions By configuring the system to use both an ex isting database container as well as an existing user account the related permissions to create these are not required anymore to install the SIAM AST 8 When setting up the database manually the database can be created by importing this file into a common database management tool like phpMyAdmin SIAM AST Installation Instructions 80 SOL Account for the Installation Here you may provide the credentials of an existmg MySQL account that has sufficient permissions for performing the installation user name password d0121ace EETTTTITTTTTTITIITE SIAM AST Database O Create a new database using the preconfigured siam Default Create a new database use a diferent name Connect to an existing database d01 lace Test Connection SIAM AST Database User Create a new user account using the pre
91. the question the task to which a question belongs or any supplementary documents that should be presented when the screen is shown Each screen has a specification of the SIAM AST Administration Console User Manual 43 SMTs to which it applies and the actors to which it should be shown The presentation of a screen can also be configured to depend on a specific answer given to a previous question see 3 3 for more details A screen group is a container for one or more screens and defines the joint context topic aspect for the questions displayed by any of the screens it contains There may be many screen groups that have the same combination of topic and aspect yet different questions in them The purpose of screen groups is to organise those questions that are closely re lated to each other and allow additional constraints to be defined for their presentation Figure 10 Firstly all screens in a screen group can be ordered to be presented in a particular se quence This allows for the formulation of several questions to explore and assess the same issue for instance going from a very general question to more specific ones Secondly screens that reside within the same screen group can have additional conditions that control their presentation based on answers given to previous questions in that group For instance there could be an initial Yes No question followed by another which elicits more details If both questions s
92. tions that need to be asked to qualify these criteria for decision making Within the assessment support application these questions are then posed to us ers of the system in some structured fashion information collected from the users and reports generated based on the questions asked and the answers received On an adminis trative level there will be facilities for creating and editing data that are necessary to run the application manage users and advanced options for modifying the system core A modular approach has been favoured such that additional functionality can be added after the project ends in order to progress from a prototype to a production system that can be employed in real use contexts For example based on the methodology developed for WP6 an additional module could be created which feeds the results of threat assess ments carried out locally into the technology assessment support application Future de velopments may also involve additions or refinements of the prototype functionality such as replacing or extending the generation of assessment reports with a ticketing system in order to actively distribute information gathering or assessment tasks across different people and organisations Naturally developing such additional functionality would re quire the deployment of the system within a larger network of actors first such that organ isational structures can be modelled and made available for these additional m
93. to questions which are based on the answers given to specific previous questions In addition to a specification of roles for the participants in an assessment case it was also recognised that the users of the system must perform different tasks or functions which are more closely related to what they do with the mapped features in the computa tional system rather than just based on their professional roles Consequently user func tions were introduced as a means for distributing different organisational and contributory tasks in the assessment process Assessment Leader Assessment Participant Information Provider Observer Auditor These functions go along with certain permission and access rights to features of the toolkit that are relevant for each user to fulfil their particular set of tasks See section 2 1 for details on the roles The SIAM AST Application and Database Specification 11 2 System Overview This section provides an overview on the roles and functions of users who will be interact ing with the system the envisioned future architecture of the SIAM AST its underlying in frastructure and the purpose and scope of our prototype Last but not least the structure and range of core application units which have been created for the system are detailed 2 1 SIAM AST Users Roles and Functions For the design of the AST it has been important to determine the kinds of users which will interact with the syste
94. uggage Choose SMT Classification Click on the help icon for further information on correct SMT mapping gt THREAT DETECTION POLICING Object and Material Assessment E Situation Awareness Event Assessment C Enforcement E People Assessment SUPPORT ACCESS CONTROL E Process Control C Identification Information and Communication 7 Physical Access Figure 4 SIAM AST Example Screenshot of the Configuration Wizard I The INFORMATION GATHERING unit uses the configuration information of an as sessment case to gather answers to pre defined assessment questions from the actors The display of these questions is controlled by certain relevance criteria such as the technology considered in a case or the types of actors at which certain questions are targeted In addition to categorising questions according to assessment perspectives the da tabase should ideally support different sets of questions corresponding to the phases of the technology acquisition process as defined in the innovation journey report Concept New Option Based on assessments the concept new option phase starts either with the identifi cation of a new technological option or with the need or pressure for a new technol The SIAM AST Application and Database Specification 17 ogy to meet a certain problem During that phase technologies only exist as an idea combined with high expectations about the performance qualities and their efficien cy i
95. unction fid int 11 m eid e I descr varchar 1024 i i role fid int 11 screencontent fid int 11 s 9 type varchar 256 biai V topic fid int 11 8 id int 11 vean B size int 11 ny 8 task fid int 11 iens Ae 8 doc fd int 11 it odde fd dd sccosiam probability ef 8 adduser_fid topicgroup fid int 11 i id int 11 amd i D customquestion fid int 11 P add dati ae ce AEN Ne id int 11 secinfo_fid int 11 case fid bigint 20 SM T name varchar 128 m V areatype fid int 11 V id int 11 fd bici aZ description varchar 1024 reemcnent id d V user fid bigint 20 M siamd am technology 2 5 siam screengroup 8 id int 11 bip aus a ana a answertext longtext 8 id int 11 lid int 11 id E sts condition string varchar 256 c name varchar 32 Ptopic fid int 11 smtgroup fid int 11 V id int 11 condition screen fid int 11 i i i aspect fid int 11 gt E name varchar 48 ordernr int 5 id int 11 adduser_fid bigint 20 tt adduser_fid bigint 20 name varchar 128 7 add dati datetime 7 8 screen fid int 11 F add dati datetime Mes 7 auu uau uaucume _fid bigint 20 Li smtgroup fid int 11 i moduser _fid bigint 20 V id int 11 Ww F mod dati datetime id int 11 mT mod dati datetime ee apes z se
96. unnan nunen nnmnnn nn 74 Server SoftWare Regue mente sereme A GU UHR US FETU VIDI Can UR ONDE HODIE 74 Summary of the Installation Steps ccccccccceeeseeeeeseeeeeeeeeeeeeeeeseeeeueeeeeeeeeeaeeeaeeensuenseeseaeenes 74 ADDHC3LIOIN ACCOSS Levels usu aptus bu E nmn eee ee 74 SIAM AST Installation and Configuration Details cere rre ee ener ener ne nnnnans 75 WT SCY OM LL E E seuupieeaiete 75 da em 75 Application Files and Permissions cccccseccseceeeeeesceeseeeeeeeeueseeeeeuseeeeeueseeeeaeeseeeeueeeeesaeeees 75 MV SOLE SOI 2 76 Installing the SIAM AST Database ccccssecsseeceseeeseeteeetaeeteeeeeseesaestaeesageesaeetaeesanesegessaeees 76 COnfiguring Email Support optional eeeseeeseeeeenennnene nnne 86 Application Settings Optional ccccceccseeceeceeeeceeceeseeeeeeeeeeauenaueeaeeneueeuenaeeeeeeeeeeeeesaerees 87 ig m 88 SIAM AST Installation Instructions 74 SIAM AST Installation Overview Server Software Requirements The SIAM AST is a web based application that requires a PHP enabled Web server and a MySQL database server to run For private use and testing on a local machine most publicly available WAMP Windows Apache MySQL PHP or LAMP Linux Apache MySQL PHP packages will satisfy the require ments for running t
97. veloped in WP12 Obviously such a support tool requires the development of data structures However it was pointed out early on that software engi neering practice demands the proper specification of requirements before related concep tual models and data structures can be sensibly developed In other words knowing the required functionality of the software application which needs to utilise or operate on any set of data presents a pre requisite for performing any structural database design As a result comprehensive requirements and knowledge engineering activities were carried out and the emerging software prototype was tested evaluated and refined over various Stages of its development which included two user fora with external experts Eventually the software was completed to the specification achieved offering an impressive range of functionality and published for public use In the remaining sections of this introductory chapter we will briefly describe the domain and general task for which the support system was built and subsequently define the pur pose and scope of this software Chapter 2 will provide a high level overview of the system and describe its architecture users main functional units their different access levels and related user interfaces ona general level Chapter 3 will give insight into technical information about some of the developed concep tual mapping and related database models Chapter 4
98. ver version 2 2 22 or higher No special settings need to be modified but the toolkit does require PHP to be interpreted by the server usually enabled by default The server can either be installed separately or in the course of installing a WAMP or LAMP package PHP The SIAM AST requires PHP version 5 3 10 or greater We recommend the following PHP settings to be enabled file uploads allow url fopen y2k compliance output buffering The following PHP extensions should be active too php gd2 php mbstring php mysgl php mysgli php pdo mysgl Application Files and Permissions Copy the entire directory structure and files of the SIAM AST to your designated web direc tory It is good practice to first create a separate folder within the www root directory of the web server e g SIAM Then copy the SIAM AST files into this web folder For example if your web server s local www root directory is C wamp www Create a folder SIAM there and copy all files into C wamp www SIAM SIAM AST Installation Instructions 76 Technical note There are two folders within the SIAM AST application structure for storing uploaded files Once all application files have been copied the web server needs write permissions on these directories These would now be located in the SIAM folder we just created Files attached to questions coredata files Files attached to answers coredata documents In a normal
99. when using the tool optional This table stores the different functions which can be assigned to the actors that get invited to an assess ment case This table stores the information about SIAM AST user accounts This table stores information about all supplementary web resources supplied with authored questions Table 2 SIAM AST Database Tables The SIAM AST Application and Database Specification 30 3 2 2 Entities and Relations Figure 9 shows the ER Diagram of the SIAM database at the level of database tables CESA gt 1 swm_carzaony aw SAM AMSAE RCUS TOO UE STON lt p 0 s pat n Sh ASK T Ji j F E p scam DOCUMEHT i me X SUAM USERS t E la a J x i 3 i 3 j 1 I s E 3 3 Eriargdm in eehite means 1 4 A triangle in black rear H E meam 1 6 the Eatonin Coritraint the Focrign Kay b NOT HULL E Things Hiat mend to ba controlled bp programming Figure 9 High level ER Diagram of the SIAM AST Tables 4 The SIAM AST Application and Database Specification 31 Main Features The sections below list the main features which have been implemented in the prototype ordered by the application structure which was outlined in Section 2 3 For simplicity in formation about the developed range of technical functionality that was required to facili tate these features and any auxiliary features like help amp
Download Pdf Manuals
Related Search