The National Academies Press

Currently Skimming:

Pages 17-67

The Chapter Skim interface presents what we've algorithmically identified as the most significant single chunk of text within every page in the chapter.
Select key terms on the right to highlight them within pages of the chapter.

From page 17... ... 17 A P P E N D I X B Implementation and Products of Research Findings B.1 Secure Collaboration Tool The secure collaboration tool was developed as a macro-enabled Excel spreadsheet using the algorithm content from Task 5. Excel was chosen for implementation to assist in ease of adoption, as shown in Table B-1. Read the entire page →
From page 18... ... 18 Guidelines on Collaboration and Information Security for State DOTs This tab includes the project background, a list of the general best practices as described in Chapter 3, and a glossary of terms. The purpose of this tab is to provide a high-level view of best practices associated with collaboration and the sharing of knowledge and data. Read the entire page →
From page 19... ... Implementation and Products of Research Findings 19 Instructions for Agency Users This tab is intended as the starting point for agency users to provide instructions for use of the tool. Using a list of defined steps and screenshots, the instructions guide the users on how to make choices on the Select Objectives, Select Methods, and Select Operational Needs tabs. Read the entire page →
From page 20... ... 20 Guidelines on Collaboration and Information Security for State DOTs Results This tab is populated after users select requirements and click to see the results, as shown in Figure B-3. The Policies and Procedures column will be populated once the tool is customized by agency policy makers. Read the entire page →
From page 21... ... Implementation and Products of Research Findings 21 B.2 Secure Collaboration Tool Content This document is organized according to each of the steps a user would take while using the secure collaboration tool in order to generate applicable guidance as the output. The secure collaboration tool will contain discrete content for each of the 38 requirements, which were previously presented in IR2. Read the entire page →
From page 22... ... Step 1. Define Objectives Users are instructed to select one or more business objectives to be achieved. Read the entire page →
From page 23... ... Communication (FG2) Description Examples FG2 is engaging in synchronous or asynchronous mutual exchange of knowledge or information with another party to fulfill business and operational objectives. Read the entire page →
From page 24... ... Project Collaboration and Coordination (FG3) Description Examples FG3 refers to times when two or more external parties mutually engage, whether synchronously or asynchronously, to fulfill business and operational objectives by participation in a common work task or working separately to produce a common output. Read the entire page →
From page 25... ... Knowledge Sharing and Gaining (FG4) Description Examples FG4 is participation in activities with an external party to impart or receive specific knowledge to fulfill business and operational needs. Read the entire page →
From page 26... ... Documenting Collaboration (FG5) Description Examples FG5 is the observation and documentation of activities with or between other parties engaged in a common work task or producing a common output to create a record of activities that is accessible for future use. Read the entire page →
From page 27... ... Step 2. Define Outputs In Step 2, users are instructed to define the outputs to be achieved from safe and secure collaboration, coordination, or the sharing of data, information, and knowledge. Read the entire page →
From page 28... ... Access or Provide Access (FO2) Description Examples FO2 is enabling a party to receive, provide, and view Knowledge Assets, such as data, information, tools, or processes by removing restrictions and barriers to access and exchange, providing a mechanism to facilitate access and exchange, or both. Read the entire page →
From page 29... ... Achieve Desired Objective (FO3) Description Examples FO3 is defined as achieving a formally or informally defined outcome by engaging in specified business activities or operations. Read the entire page →
From page 30... ... Improvements (FO4) Description Examples FO4 is defined as enhancing performance of a process or achieving superior outcomes by engaging in specified business activities or operations. Read the entire page →
From page 31... ... Ownership (FO5) Description Examples FO5 is defined as the designation of or claim by a party to own, control, or be responsible for a physical or virtual asset, such as data or information, knowledge, tools, processes, outcomes, or environments. Read the entire page →
From page 32... ... Update Notifications (FO6) Description Examples FO6 is defined as communicating information to another party when changes occur in status, value, or condition to a physical or virtual asset, such as data or information, knowledge, tools, processes, performance, outcomes, or environments, when the change affects a party's business and operational objectives, activities, or considerations. Read the entire page →
From page 33... ... Step 3. Define Methods In Step 3, users are instructed to define the method by which Knowledge Assets will be utilized in collaboration, coordination, sharing, or work activities. Read the entire page →
From page 34... ... Scheduled Meetings (TM2) Description Examples TM2 is defined as activities involving planned, synchronous face-to-face communication, collaboration, or data- and information-sharing activities to support business objectives that occur, whether formally or informally, at designated times between parties in person or via virtual media. Read the entire page →
From page 35... ... Threaded Conversations (TM3) Description Examples TM3 is defined as activities involving asynchronous communication, collaboration, or data- and information-sharing activities, whether formal, informal, planned, or ad hoc, which occur between parties through physical documents or over a common electronic media platform, and which dynamically produce a documented record of communication, information, and data exchanged that is accessible for future use. Read the entire page →
From page 36... ... Collaborative Tools and Shared Media (TM4) Description Examples TM4 is defined as tools used to facilitate synchronous (and sometimes asynchronous) Read the entire page →
From page 37... ... Collaborative Efforts (TM5) Description Examples TM5 is defined as activities involving communication, collaboration, or data- and information-sharing between parties to achieve a common objective such as a specific task, whether formal or informal and whether planned or ad hoc, which may occur both synchronously or asynchronously and in person or over electronic media. Read the entire page →
From page 38... ... Structured Data Exchange (TM6) Description Examples TM6 is defined as planned, ongoing data-sharing activities between parties to support business objectives, which may occur both synchronously and asynchronously, for which the data resides in a predefined, mutually available format to facilitate controlled exchange. Read the entire page →
From page 39... ... File Sharing (TM7) Description Examples TM7 is defined as activities involving the planned or unplanned exchange of data or information that resides in a stored electronic media or paper format between parties to support business objectives. Read the entire page →
From page 40... ... Records Management (TM8) Description Examples TM8 is defined as activities required when parties engage in the planned, controlled, and organized documentation of files, information, activities, and other pertinent assets related to a project or task in a stored electronic media or paper format to make it accessible for future use. Read the entire page →
From page 41... ... Content Access Controls (TM9) Description Examples TM9 are the activities utilized when a party exercises or uses tools to control the exchange, access, or usage of virtual or physical assets such as data, information, knowledge, tools, environments, or media content with other parties. Read the entire page →
From page 42... ... Step 4. Define Data Characteristics In Step 4, users are instructed to define the characteristics of the Knowledge Assets to be used, accessed, or exchanged in the course of activities involving the sharing of data or information or collaboration and coordination. Read the entire page →
From page 43... ... Data Detail Level (TD2) Description Examples TD2 is defined as the level of detail provided in the relevant virtual or physical Knowledge Asset, such as data, files, information, knowledge, tools, environments, or media content, which must be known to facilitate usage. Read the entire page →
From page 44... ... Data Processing Level (TD3) Description Examples TD3 is defined as the extent to which virtual or physical data, files, information, knowledge, tools, environments, or media content has been modified with respect to content, format, organization, or other relevant information from the raw or original format. Read the entire page →
From page 45... ... Data Restrictions (TD4) Description Examples TD4 is defined as the nature of and the degree to which the formal requirements for a set of data or information limit its access or usage by other parties. Read the entire page →
From page 46... ... Data Integrity (TD5) Description Examples TD5 is defined as confirming the authenticity, accuracy, degree of verification or validation, reliability, integrity, and overall quality of a set of data or its source. Read the entire page →
From page 47... ... Step 5. Select Operational Requirements In Step 5, users are instructed to define the specific steps and operational requirements of the collaboration, coordination, usage, or exchange activities involving Knowledge Assets to be undertaken to ensure adherence to safety and security best practices. Read the entire page →
From page 48... ... Permission Procedures: Operational (O2) Description Examples O2 is defined as the operational requirements and formal procedures a controlling party must follow to safely and securely determine when to provide another party with access to data or information or to allow their participation in activities. Read the entire page →
From page 49... ... Approved Collaboration Tools (O3) Description Examples O3 is a formal list of electronic tools that enable parties to engage in common work tasks or to produce common outputs that have been assessed and deemed permissible, safe, and secure for use by an agency, typically in conjunction with specific usage requirements, prohibitions, or other formal procedures. Read the entire page →
From page 50... ... Data Content Policies (O4) Description Examples O4 is defined as the formal operational requirements and specific procedures to follow to ensure the proper, safe, and secure acquisition, storage, management, usage, and exchange of data or other physical and virtual content assets. Read the entire page →
From page 51... ... Structured Data Sharing Workflow (O5) Description Examples O5 is defined as the formal operational requirements and specific procedures to follow to ensure the proper, safe, and secure exchange of data that resides in a predefined, mutually available format to facilitate controlled exchange. Read the entire page →
From page 52... ... Data Sharing Agreements (O6) Description Examples O6 is defined as a documented set of formal operational requirements and specific procedures that parties agree to follow to ensure the proper, safe, and secure exchange of data that resides in a predefined, mutually available format to facilitate controlled exchange. Read the entire page →
From page 53... ... Documentation (O7) Description Examples O7 is defined as the materials a party produces and provides to other parties, such as files, information, activities, and other pertinent Knowledge Assets in a stored electronic media or paper format when observing and recording information related to a project or task or when imparting specific knowledge, such as a manual to make materials accessible. Read the entire page →
From page 54... ... Lifecycle Management (O8) Description Examples O8 is defined as the planned, controlled, and organized management (e.g., maintaining inventory, storage, access, modification, addition, and removal) Read the entire page →
From page 55... ... Roles and Responsibilities (O9) Description Examples O9 is defined as the detailed procedures, whether formal or informal, that each specific party involved in a project or task should follow and the objectives and outcomes that party is responsible for achieving or managing. Read the entire page →
From page 56... ... Authorization (S1) Description Examples S1 is the setting of rules that determine which parties may participate in collaborative activities; use certain tools and functionality; and access, use, modify, or exchange virtual or physical data, information, or media content in what manner, to what extent, and in what time frame. Read the entire page →
From page 57... ... Permission Procedures: Security (S2) Description Examples S2 refers to the detailed procedures a party should follow when determining, validating, or verifying the identity and authorization of a party, the value of data or its source, or the availability of a certain activity to ensure the parties, Knowledge Assets, and activities involving collaboration and sharing of information and data are safe, secure, and permissible for use and participation. Read the entire page →
From page 58... ... Tools (S3) Description Examples S3 is defined as electronic, virtual, or physical tools a party might use for activities involving collaboration or the acquisition, exchange, or management of data, information, and other Knowledge Assets, and the detailed procedures a party should follow for their safe, secure, and effective use. Read the entire page →
From page 59... ... Policies and Procedures (S4) Description Examples S4 is the formal procedures a party is required to follow when engaging in collaboration or data- and information-sharing activities to comply with the requirements for safety and security and the roles and responsibilities of participating parties and relevant authorities. Read the entire page →
From page 60... ... 60 Guidelines on Collaboration and Information Security for State DOTs B.3 Glossary of Terms Access The enabling of another party to view and utilize Knowledge Assets, such as data, information, knowledge, content, tools, media, processes, or environments by removing restrictions and barriers, by providing a mechanism to facilitate access and exchange, or both. Access Controls A party's exercise of its ability or use of tools to control the exchange, access, or usage of virtual or physical assets with other parties, such as data, information, knowledge, tools, environments, media content, and other Knowledge Assets. Read the entire page →
From page 61... ... Implementation and Products of Research Findings 61 Content Data, information, or other physical and virtual Knowledge Assets that are rendered in an accessible format to enable its access, viewing, use, modification, exchange, or restriction. Coordination The mutual act of supporting another party's business and operational needs through the reciprocity of strategy and operations, allocation of resources, and exchange of information to achieve separate but complementary or non- conflicting objectives. Read the entire page →
From page 62... ... 62 Guidelines on Collaboration and Information Security for State DOTs Information Management The custodianship of information and data resources through collecting, verifying, validating, authenticating, structuring, storing, curating, disseminating, archiving, and deleting data and information on behalf of those who use it to take effective action and make good decisions. Integrity The degree to which the quality, format, and state of a Knowledge Asset is whole, accurate, verified, validated, and unchanged from its intended state. Read the entire page →
From page 63... ... Implementation and Products of Research Findings 63 Lifecycle Management The planned, controlled, and organized management (e.g., maintaining inventory, storage, access, modification, addition, or removal) of files, information, data, and other pertinent Knowledge Assets related to a project or task in a stored electronic media or paper format. Read the entire page →
From page 64... ... 64 Guidelines on Collaboration and Information Security for State DOTs Restrictions Specific conditions or requirements that limit the extent, degree, or nature to which a Knowledge Asset can be accessed, used, modified, or exchanged for purposes of safety, security, propriety, or privacy. Risk The probability and severity of an undesirable outcome resulting from collaboration or an activity involving the sharing of data, information, or knowledge (e.g., the likelihood that data or information could be exposed, leaked, misused, or corrupted) Read the entire page →
From page 65... ... Implementation and Products of Research Findings 65 Verification The process of confirming the validity of the identity or the state of quality and characteristics claimed by a Knowledge Asset, its source, or an external party. Verification is also the process of confirming that procedures have been followed or that requirements or conditions have been met. Read the entire page →
From page 66... ... 66 Guidelines on Collaboration and Information Security for State DOTs 2. Promotes understanding of the barriers to safe and secure collaboration and the sharing of information and data for transportation agencies and stakeholders 3. Read the entire page →
From page 67... ... Implementation and Products of Research Findings 67 Opportunity Concept Rationale & Relevance Objectives Adoption workshop. Organize a workshop with national representation from all state transportation entities to deliver handson training and instruction on the deployment and usage of the tool. Read the entire page →

From page 17...

... 17 A P P E N D I X B Implementation and Products of Research Findings B.1 Secure Collaboration Tool The secure collaboration tool was developed as a macro-enabled Excel spreadsheet using the algorithm content from Task 5. Excel was chosen for implementation to assist in ease of adoption, as shown in Table B-1.