An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.

Overlap Between Common Genetic Polymorphisms Underpinning Kidney Traits and Cardiovascular Disease Phenotypes: The CKDGen Consortium.

BACKGROUND: Chronic kidney disease is associated with cardiovascular disease. We tested for evidence of a shared genetic basis to these traits. STUDY DESIGN: We conducted 2 targeted analyses. First, we examined whether known single-nucleotide polymorphisms (SNPs) underpinning kidney traits were associated with a series of vascular phenotypes. Additionally, we tested whether vascular SNPs were associated with markers of kidney damage. Significance was set to 1.5×10(-4) (0.05/325 tests). SETTING & PARTICIPANTS: Vascular outcomes were analyzed in participants from the AortaGen (20,634), CARDIoGRAM (86,995), CHARGE Eye (15,358), CHARGE IMT (31,181), ICBP (69,395), and NeuroCHARGE (12,385) consortia. Tests for kidney outcomes were conducted in up to 67,093 participants from the CKDGen consortium. PREDICTOR: We used 19 kidney SNPs and 64 vascular SNPs. OUTCOMES & MEASUREMENTS: Vascular outcomes tested were blood pressure, coronary artery disease, carotid intima-media thickness, pulse wave velocity, retinal venular caliber, and brain white matter lesions. Kidney outcomes were estimated glomerular filtration rate and albuminuria. RESULTS: In general, we found that kidney disease variants were not associated with vascular phenotypes (127 of 133 tests were nonsignificant). The one exception was rs653178 near SH2B3 (SH2B adaptor protein 3), which showed direction-consistent association with systolic (P = 9.3 ×10(-10)) and diastolic (P = 1.6 ×10(-14)) blood pressure and coronary artery disease (P = 2.2 ×10(-6)), all previously reported. Similarly, the 64 SNPs associated with vascular phenotypes were not associated with kidney phenotypes (187 of 192 tests were nonsignificant), with the exception of 2 high-correlated SNPs at the SH2B3 locus (P = 1.06 ×10(-07) and P = 7.05 ×10(-08)). LIMITATIONS: The combined effect size of the SNPs for kidney and vascular outcomes may be too low to detect shared genetic associations. CONCLUSIONS: Overall, although we confirmed one locus (SH2B3) as associated with both kidney and cardiovascular disease, our primary findings suggest that there is little overlap between kidney and cardiovascular disease risk variants in the overall population. The reciprocal risks of kidney and cardiovascular disease may not be genetically mediated, but rather a function of the disease milieu itself.

Structural analysis, clay mineralogy and K-Ar dating of fault gouges from Centovalli Line (Central Alps) for reconstruction of their recent activity

Between the cities of Domodossola and Locarno, the complex ``Centovalli Line'' tectonic zone of the Central Alps outlines deformation phases over a long period of time (probably starting similar to 30 Ma ago) and under variable P-T conditions. The last deformation phases developed gouge-bearing faults with a general E-W trend that crosscuts the roots of the Alpine Canavese zone and the Finero ultramafic body. Kinematic indicators show that the general motion was mainly dextral associated with back thrusting towards the S. The <2 mu m clay fractions of fault gouges from Centovalli Line consist mainly of illite, smectite and chlorite with varied illite-smectite, chlorite-smectite and chlorite-serpentine mixed-layers. Constrained with the illite crystallinity index, the thermal conditions induced by the tectonic activity show a gradual trend from anchizonal to diagenetic conditions. The <2 and <0.2 mu M clay fractions, and hydrothermal K-feldspar separates all provide K-Ar ages between 14.2 +/- 2.9 Ma and roughly 0 Ma, with major episodes at about 12,8, 6 and close to 0 Ma These ages set the recurrent tectonic activity and the associated fluid circulations between Upper Miocene and Recent. On the basis of the K-Ar ages and with a thermal gradient of 25-30 degrees C/km, the studied fault zones were located at a depth of 4-7 km. If they were active until now as observed in field, the exhumation was approximately 2.5-3.0 km for the last 12 Ma with a mean velocity of 0.4 mm/y. Comparison with available models on the recent Alpine evolution shows that the tectonic activity in the area relates to a continuum of the back-thrusting movements of the Canavese Line, and/or to several late-extensional phases of the Rhone-Simplon line. The Centovalli-Val Vigezzo zone therefore represents a major tectonic zone of the Central-Western Alps resulting from different interacting tectonic events. (C) 2011 Elsevier B.V. All rights reserved.

Early Iron Age Pottery: A Quantitative Approach. Proceedings of the International Round Table organized by the Swiss School of Archaeology in Greece (Athens, Novembre 28-30, 2008).

Quantitative approaches in ceramology are gaining ground in excavation reports, archaeological publications and thematic studies. Hence, a wide variety of methods are being used depending on the researchers' theoretical premise, the type of material which is examined, the context of discovery and the questions that are addressed. The round table that took place in Athens on November 2008 was intended to offer the participants the opportunity to present a selection of case studies on the basis of which methodological approaches were discussed. The aim was to define a set of guidelines for quantification that would prove to be of use to all researchers. Contents: 1) Introduction (Samuel Verdan); 2) Isthmia and beyond. How can quantification help the analysis of EIA sanctuary deposits? (Catherine Morgan); 3) Approaching aspects of cult practice and ethnicity in Early Iron Age Ephesos using quantitative analysis of a Protogeometric deposit from the Artemision (Michael Kerschner); 4) Development of a ceramic cultic assemblage: Analyzing pottery from Late Helladic IIIC through Late Geometric Kalapodi (Ivonne Kaiser, Laura-Concetta Rizzotto, Sara Strack); 5) 'Erfahrungsbericht' of application of different quantitative methods at Kalapodi (Sara Strack); 6) The Early Iron Age sanctuary at Olympia: counting sherds from the Pelopion excavations (1987-1996) (Birgitta Eder); 7) L'aire du pilier des Rhodiens à Delphes: Essai de quantification du mobilier (Jean-Marc Luce); 8) A new approach in ceramic statistical analyses: Pit 13 on Xeropolis at Lefkandi (David A. Mitchell, Irene S. Lemos); 9) Households and workshops at Early Iron Age Oropos: A quantitative approach of the fine, wheel-made pottery (Vicky Vlachou); 10) Counting sherds at Sindos: Pottery consumption and construction of identities in the Iron Age (Stefanos Gimatzidis); 11) Analyse quantitative du mobilier céramique des fouilles de Xombourgo à Ténos et le cas des supports de caisson (Jean-Sébastien Gros); 12) Defining a typology of pottery from Gortyn: The material from a pottery workshop pit, (Emanuela Santaniello); 13) Quantification of ceramics from Early Iron Age tombs (Antonis Kotsonas); 14) Quantitative analysis of the pottery from the Early Iron Age necropolis of Tsikalario on Naxos (Xenia Charalambidou); 15) Finding the Early Iron Age in field survey: Two case studies from Boeotia and Magnesia (Vladimir Stissi); 16) Pottery quantification: Some guidelines (Samuel Verdan).

Ultrastructural analysis of neuronal plasticity in the adult mouse

ABSTRACT Adult neuronal plasticity is a term that corresponds to a set of biological mechanisms allowing a neuronal circuit to respond and adapt to modifications of the received inputs. Mystacial whiskers of the mouse are the starting point of a major sensory pathway that provides the animal with information from its immediate environment. Through whisking, information is gathered that allows the animal to orientate itself and to recognize objects. This sensory system is crucial for nocturnal behaviour during which vision is not of much use. Sensory information of the whiskers are sent via brainstem and thalamus to the primary somatosensory area (S1) of the cerebral cortex in a strictly topological manner. Cell bodies in the layer N of S 1 are arranged in ring forming structures called barrels. As such, each barrel corresponds to the cortical representation in layer IV of a single whisker follicle. This histological feature allows to identify with uttermost precision the part of the cortex devoted to a given whisker and to study modifications induced by different experimental conditions. The condition used in the studies of my thesis is the passive stimulation of one whisker in the adult mouse for a period of 24 hours. It is performed by glueing a piece of metal on one whisker and placing the awake animal in a cage surrounded by an electromagnetic coil that generates magnetic field burst inducing whisker movement at a given frequency during 24 hours. I analysed the ultrastructure of the barrel corresponding the stimulated whisker using serial sections electron microscopy and computer-based three-dimensional reconstructions; analysis of neighbouring, unstimulated barrels as well as those from unstimulated mice served as control. The following elements were structurally analyzed: the spiny dendrites, the axons of excitatory as well as inhibitory cells, their connections via synapses and the astrocytic processes. The density of synapses and spines is upregulated in a barrel corresponding to a stimulated whisker. This upregulation is absent in the BDNF heterozygote mice, indicating that a certain level of activity-dependent released BDNF is required for synaptogenesis in the adult cerebral cortex. Synpaptogenesis is correlated with a modification of the astrocytes that place themselves in closer vicinity of the excitatory synapses on spines. Biochemical analysis revealed that the astrocytes upregulate the expression of transporters by which they internalise glutamate, the neurotransmitter responsible for the excitatory response of cortical neurons. In the final part of my thesis, I show that synaptogenesis in the stimulated barrel is due to the increase in the size of excitatory axonal boutons that become more frequently multisynaptic, whereas the inhibitory axons do not change their morphology but form more synapses with spines apposed to them. Taken together, my thesis demonstrates that all the cellular elements present in the neuronal tissue of the adult brain contribute to activity-dependent cortical plasticity and form part of a mechanism by which the animal responds to a modified sensory experience. Throughout life, the neuronal circuit keeps the faculty to adapt its function. These adaptations are partially transitory but some aspects remain and could be the structural basis of a memory trace in the cortical circuit. RESUME La plasticité neuronale chez l'adulte désigne un ensemble de mécanismes biologiques qui permettent aux circuits neuronaux de répondre et de s'adapter aux modifications des stimulations reçues. Les vibrisses des souris sont un système crucial fournissant des informations sensorielles au sujet de l'environnement de l'animal. L'information sensorielle collectée par les vibrisses est envoyée via le tronc cérébral et le thalamus à l'aire sensorielle primaire (S 1) du cortex cérébral en respectant strictement la somatotopie. Les corps cellulaires dans la couche IV de S 1 sont organisés en anneaux délimitant des structures nommées tonneaux. Chaque tonneau reçoit l'information d'une seule vibrisse et l'arrangement des tonneaux dans le cortex correspond à l'arrangement des vibrisses sur le museau de la souris. Cette particularité histologique permet de sélectionner avec certitude la partie du cortex dévolue à une vibrisse et de l'étudier dans diverses conditions. Le paradigme expérimental utilisé dans cette thèse est la stimulation passive d'une seule vibrisse durant 24 heures. Pour ce faire, un petit morceau de métal est collé sur une vibrisse et la souris est placée dans une cage entourée d'une bobine électromagnétique générant un champ qui fait vibrer le morceau de métal durant 24 heures. Nous analysons l'ultrastructure du cortex cérébral à l'aide de la microscopie électronique et des coupes sériées permettant la reconstruction tridimensionnelle à l'aide de logiciels informatiques. Nous observons les modifications des structures présentes : les dendrites épineuses, les axones des cellules excitatrices et inhibitrices, leurs connections par des synapses et les astrocytes. Le nombre de synapses et d'épines est augmenté dans un tonneau correspondant à une vibrisse stimulée 24 heures. Basé sur cela, nous montrons dans ces travaux que cette réponse n'est pas observée dans des souris hétérozygotes BDNF+/-. Cette neurotrophine sécrétée en fonction de l'activité neuronale est donc nécessaire pour la synaptogenèse. La synaptogenèse est accompagnée d'une modification des astrocytes qui se rapprochent des synapses excitatrices au niveau des épines dendritiques. Ils expriment également plus de transporteurs chargés d'internaliser le glutamate, le neurotransmetteur responsable de la réponse excitatrice des neurones. Nous montrons aussi que les axones excitateurs deviennent plus larges et forment plus de boutons multi-synaptiques à la suite de la stimulation tandis que les axones inhibiteurs ne changent pas de morphologie mais forment plus de synapses avec des épines apposées à leur membrane. Tous les éléments analysés dans le cerveau adulte ont maintenu la capacité de réagir aux modifications de l'activité neuronale et répondent aux modifications de l'activité permettant une constante adaptation à de nouveaux environnements durant la vie. Les circuits neuronaux gardent la capacité de créer de nouvelles synapses. Ces adaptations peuvent être des réponses transitoires aux stimuli mais peuvent aussi laisser une trace mnésique dans les circuits.

Inferring the mode of origin of polyploid species from next-generation sequence data.

Many eukaryote organisms are polyploid. However, despite their importance, evolutionary inference of polyploid origins and modes of inheritance has been limited by a need for analyses of allele segregation at multiple loci using crosses. The increasing availability of sequence data for nonmodel species now allows the application of established approaches for the analysis of genomic data in polyploids. Here, we ask whether approximate Bayesian computation (ABC), applied to realistic traditional and next-generation sequence data, allows correct inference of the evolutionary and demographic history of polyploids. Using simulations, we evaluate the robustness of evolutionary inference by ABC for tetraploid species as a function of the number of individuals and loci sampled, and the presence or absence of an outgroup. We find that ABC adequately retrieves the recent evolutionary history of polyploid species on the basis of both old and new sequencing technologies. The application of ABC to sequence data from diploid and polyploid species of the plant genus Capsella confirms its utility. Our analysis strongly supports an allopolyploid origin of C. bursa-pastoris about 80 000 years ago. This conclusion runs contrary to previous findings based on the same data set but using an alternative approach and is in agreement with recent findings based on whole-genome sequencing. Our results indicate that ABC is a promising and powerful method for revealing the evolution of polyploid species, without the need to attribute alleles to a homeologous chromosome pair. The approach can readily be extended to more complex scenarios involving higher ploidy levels.

Computational analysis of the genetic and environmental contributions to disease-related human phenotypes: From predicting adverse lipid response of HIV patients receiving antiretroviral therapy to genome-wide association studies of cardiovascular and lipid related disorders

Genetic variants influence the risk to develop certain diseases or give rise to differences in drug response. Recent progresses in cost-effective, high-throughput genome-wide techniques, such as microarrays measuring Single Nucleotide Polymorphisms (SNPs), have facilitated genotyping of large clinical and population cohorts. Combining the massive genotypic data with measurements of phenotypic traits allows for the determination of genetic differences that explain, at least in part, the phenotypic variations within a population. So far, models combining the most significant variants can only explain a small fraction of the variance, indicating the limitations of current models. In particular, researchers have only begun to address the possibility of interactions between genotypes and the environment. Elucidating the contributions of such interactions is a difficult task because of the large number of genetic as well as possible environmental factors.In this thesis, I worked on several projects within this context. My first and main project was the identification of possible SNP-environment interactions, where the phenotypes were serum lipid levels of patients from the Swiss HIV Cohort Study (SHCS) treated with antiretroviral therapy. Here the genotypes consisted of a limited set of SNPs in candidate genes relevant for lipid transport and metabolism. The environmental variables were the specific combinations of drugs given to each patient over the treatment period. My work explored bioinformatic and statistical approaches to relate patients' lipid responses to these SNPs, drugs and, importantly, their interactions. The goal of this project was to improve our understanding and to explore the possibility of predicting dyslipidemia, a well-known adverse drug reaction of antiretroviral therapy. Specifically, I quantified how much of the variance in lipid profiles could be explained by the host genetic variants, the administered drugs and SNP-drug interactions and assessed the predictive power of these features on lipid responses. Using cross-validation stratified by patients, we could not validate our hypothesis that models that select a subset of SNP-drug interactions in a principled way have better predictive power than the control models using "random" subsets. Nevertheless, all models tested containing SNP and/or drug terms, exhibited significant predictive power (as compared to a random predictor) and explained a sizable proportion of variance, in the patient stratified cross-validation context. Importantly, the model containing stepwise selected SNP terms showed higher capacity to predict triglyceride levels than a model containing randomly selected SNPs. Dyslipidemia is a complex trait for which many factors remain to be discovered, thus missing from the data, and possibly explaining the limitations of our analysis. In particular, the interactions of drugs with SNPs selected from the set of candidate genes likely have small effect sizes which we were unable to detect in a sample of the present size (<800 patients).In the second part of my thesis, I performed genome-wide association studies within the Cohorte Lausannoise (CoLaus). I have been involved in several international projects to identify SNPs that are associated with various traits, such as serum calcium, body mass index, two-hour glucose levels, as well as metabolic syndrome and its components. These phenotypes are all related to major human health issues, such as cardiovascular disease. I applied statistical methods to detect new variants associated with these phenotypes, contributing to the identification of new genetic loci that may lead to new insights into the genetic basis of these traits. This kind of research will lead to a better understanding of the mechanisms underlying these pathologies, a better evaluation of disease risk, the identification of new therapeutic leads and may ultimately lead to the realization of "personalized" medicine.

Perception, signaling and molecular basis of oviposition-mediated plant responses.

Eggs deposited on plants by herbivorous insects represent a threat as they develop into feeding larvae. Plants are not a passive substrate and have evolved sophisticated mechanisms to detect eggs and induce direct and indirect defenses. Recent years have seen exciting development in molecular aspects of egg-induced responses. Some egg-associated elicitors have been identified, and signaling pathways and egg-induced expression profiles are being uncovered. Depending on the mode of oviposition, both the jasmonic acid and salicylic acid pathways seem to play a role in the induction of defense responses. An emerging concept is that eggs are recognized like microbial pathogens and innate immune responses are triggered. In addition, some eggs contain elicitors that induce highly specific defenses in plants. Examples of egg-induced suppression of defense or, on the contrary, egg-induced resistance highlight the complexity of plant-egg interactions in an on-going arms race between herbivores and their hosts. A major challenge is to identify plant receptors for egg-associated elicitors, to assess the specificity of these elicitors and to identify molecular components that underlie various responses to oviposition.

Personalized drug administrations using Support Vector Machine

The decision-making process regarding drug dose, regularly used in everyday medical practice, is critical to patients' health and recovery. It is a challenging process, especially for a drug with narrow therapeutic ranges, in which a medical doctor decides the quantity (dose amount) and frequency (dose interval) on the basis of a set of available patient features and doctor's clinical experience (a priori adaptation). Computer support in drug dose administration makes the prescription procedure faster, more accurate, objective, and less expensive, with a tendency to reduce the number of invasive procedures. This paper presents an advanced integrated Drug Administration Decision Support System (DADSS) to help clinicians/patients with the dose computing. Based on a support vector machine (SVM) algorithm, enhanced with the random sample consensus technique, this system is able to predict the drug concentration values and computes the ideal dose amount and dose interval for a new patient. With an extension to combine the SVM method and the explicit analytical model, the advanced integrated DADSS system is able to compute drug concentration-to-time curves for a patient under different conditions. A feedback loop is enabled to update the curve with a new measured concentration value to make it more personalized (a posteriori adaptation).

The neural basis for writing from dictation in the temporoparietal cortex.

Cortical electrical stimulation mapping was used to study neural substrates of the function of writing in the temporoparietal cortex. We identified the sites involved in oral language (sentence reading and naming) and writing from dictation, in order to spare these areas during removal of brain tumours in 30 patients (23 in the left, and 7 in the right hemisphere). Electrostimulation of the cortex impaired writing ability in 62 restricted cortical areas (.25 cm2). These were found in left temporoparietal lobes and were mostly located along the superior temporal gyrus (Brodmann's areas 22 and 42). Stimulation of right temporoparietal lobes in right-handed patients produced no writing impairments. However there was a high variability of location between individuals. Stimulation resulted in combined symptoms (affecting oral language and writing) in fourteen patients, whereas in eight other patients, stimulation-induced pure agraphia symptoms with no oral language disturbance in twelve of the identified areas. Each detected area affected writing in a different way. We detected the various different stages of the auditory-to-motor pathway of writing from dictation: either through comprehension of the dictated sentences (word deafness areas), lexico-semantic retrieval, or phonologic processing. In group analysis, barycentres of all different types of writing interferences reveal a hierarchical functional organization along the superior temporal gyrus from initial word recognition to lexico-semantic and phonologic processes along the ventral and the dorsal comprehension pathways, supporting the previously described auditory-to-motor process. The left posterior Sylvian region supports different aspects of writing function that are extremely specialized and localized, sometimes being segregated in a way that could account for the occurrence of pure agraphia that has long-been described in cases of damage to this region.

Effective corporate governance : experimental evidence on international auditors'judgments and the contribution of financial accounting education

1 Summary This dissertation deals with two major aspects of corporate governance that grew in importance during the last years: the internal audit function and financial accounting education. In three essays, I contribute to research on these topics which are embedded in the broader corporate governance literature. The first two essays consist of experimental investigations of internal auditors' judgments. They deal with two research issues for which accounting research lacks evidence: The effectiveness of internal controls and the potentially conflicting role of the internal audit function between management and the audit committee. The findings of the first two essays contribute to the literature on internal auditors' judgment and the role of the internal audit function as a major cornerstone of corporate governance. The third essay theoretically examines a broader issue but also relates to the overall research question of this dissertation: What contributes to effective corporate governance? This last essay takes the perspective that the root for quality corporate governance is appropriate financial accounting education. r develop a public interest approach to accounting education that contributes to the literature on adequate accounting education with respect to corporate governance and accounting harmonization. The increasing importance of both the internal audit function and accounting education for corporate governance can be explained by the same recent fundamental changes that still affect accounting research and practice. First, the Sarbanes-Oxley Act of 2002 (SOX, 2002) and the 8th EU Directive (EU, 2006) have led to a bigger role for the internal audit function in corporate governance. Their implications regarding the implementation of audit committees and their oversight over internal controls are extensive. As a consequence, the internal audit function has become increasingly important for corporate governance and serves a new master (i.e. the audit committee) within the company in addition to management. Second, the SOX (2002) and the 8th EU Directive introduced additional internal control mechanisms that are expected to contribute to the reliability of financial information. As a consequence, the internal audit function is expected to contribute to a greater extent to the reliability of financial statements. Therefore, effective internal control mechanisms that strengthen objective judgments and independence become important. This is especially true when external- auditors rely on the work of internal auditors in the context of the International Standard on Auditing (ISA) 610 and the equivalent US Statement on Auditing Standards (SAS) 65 (see IFAC, 2009 and AICPA, 1990). Third, the harmonization of international reporting standards is increasingly promoted by means of a principles-based approach. It is the leading approach since a study of the SEC (2003) that was required by the SOX (2002) in section 108(d) was in favor of this approach. As a result, the Financial Accounting Standards Board (FASB) and the International Accounting Standards Board (IASB) commit themselves to the development of compatible accounting standards based on a principles-based approach. Moreover, since the Norwalk Agreement of 2002, the two standard setters have developed exposure drafts for a common conceptual framework that will be the basis for accounting harmonization. The new .framework will be in favor of fair value measurement and accounting for real-world economic phenomena. These changes in terms of standard setting lead to a trend towards more professional judgment in the accounting process. They affect internal and external auditors, accountants, and managers in general. As a consequence, a new competency set for preparers and users of financial statements is required. The basil for this new competency set is adequate accounting education (Schipper, 2003). These three issues which affect corporate governance are the initial point of this dissertation and constitute its motivation. Two broad questions motivated a scientific examination in three essays: 1) What are major aspects to be examined regarding the new role of the internal audit function? 2) How should major changes in standard setting affect financial accounting education? The first question became apparent due to two published literature reviews by Gramling et al. (2004) and Cohen, Krishnamoorthy & Wright (2004). These studies raise various questions for future research that are still relevant and which motivate the first two essays of my dissertation. In the first essay, I focus on the role of the internal audit function as one cornerstone of corporate governance and its potentially conflicting role of serving both management and the audit committee (IIA, 2003). In an experimental study, I provide evidence on the challenges for internal auditors in their role as servant for two masters -the audit committee and management -and how this influences internal auditors' judgment (Gramling et al. 2004; Cohen, Krishnamoorthy & Wright, 2004). I ask if there is an expectation gap between what internal auditors should provide for corporate governance in theory compared to what internal auditors are able to provide in practice. In particular, I focus on the effect of serving two masters on the internal auditor's independence. I argue that independence is hardly achievable if the internal audit function serves two masters with conflicting priorities. The second essay provides evidence on the effectiveness of accountability as an internal control mechanism. In general, internal control mechanisms based on accountability were enforced by the SOX (2002) and the 8th EU Directive. Subsequently, many companies introduced sub-certification processes that should contribute to an objective judgment process. Thus, these mechanisms are important to strengthen the reliability of financial statements. Based on a need for evidence on the effectiveness of internal control mechanisms (Brennan & Solomon, 2008; Gramling et al. 2004; Cohen, Krishnamoorthy & Wright, 2004; Solomon & Trotman, 2003), I designed an experiment to examine the joint effect of accountability and obedience pressure in an internal audit setting. I argue that obedience pressure potentially can lead to a negative influence on accountants' objectivity (e.g. DeZoort & Lord, 1997) whereas accountability can mitigate this negative effect. My second main research question - How should major changes in standard setting affect financial accounting education? - is investigated in the third essay. It is motivated by the observation during my PhD that many conferences deal with the topic of accounting education but very little is published about what needs to be done. Moreover, the Endings in the first two essays of this thesis and their literature review suggest that financial accounting education can contribute significantly to quality corporate governance as argued elsewhere (Schipper, 2003; Boyce, 2004; Ghoshal, 2005). In the third essay of this thesis, I therefore focus on approaches to financial accounting education that account for the changes in standard setting and also contribute to corporate governance and accounting harmonization. I argue that the competency set that is required in practice changes due to major changes in standard setting. As the major contribution of the third article, I develop a public interest approach for financial accounting education. The major findings of this dissertation can be summarized as follows. The first essay provides evidence to an important research question raised by Gramling et al. (2004, p. 240): "If the audit committee and management have different visions for the corporate governance role of the IAF, which vision will dominate?" According to the results of the first essay, internal auditors do follow the priorities of either management or the audit committee based on the guidance provided by the Chief Audit executive. The study's results question whether the independence of the internal audit function is actually achievable. My findings contribute to research on internal auditors' judgment and the internal audit function's independence in the broader frame of corporate governance. The results are also important for practice because independence is a major justification for a positive contribution of the internal audit function to corporate governance. The major findings of the second essay indicate that the duty to sign work results - a means of holding people accountable -mitigates the negative effect of obedience pressure on reliability. Hence, I found evidence that control .mechanisms relying on certifications may enhance the reliability of financial information. These findings contribute to the literature on the effectiveness of internal control mechanisms. They are also important in the light of sub-certification processes that resulted from the Sarbanes-Oxley Act and the 8th EU Directive. The third essay contributes to the literature by developing a measurement framework that accounts for the consequences of major trends in standard setting. Moreovér, it shows how these trends affect the required .competency set of people dealing with accounting issues. Based on this work, my main contribution is the development of a public interest approach for the design of adequate financial accounting curricula. 2 Serving two masters: Experimental evidence on the independence of internal auditors Abstract Twenty nine internal auditors participated in a study that examines the independence of internal auditors in their potentially competing roles of serving two masters: the audit committee and management. Our main hypothesis suggests that internal auditors' independence is not achievable in an institutional setting in which internal auditors are accountable to two different parties with potentially differing priorities. We test our hypothesis in an experiment in which the treatment consisted of two different instructions of the Chief audit executive; one stressing the priority of management (cost reduction) and one stressing the priority of the audit committee (effectiveness). Internal auditors had to evaluate internal controls and their inherent costs of different processes which varied in their degree of task complexity. Our main results indicate that internal auditors' evaluation of the processes is significantly different when task complexity is high. Our findings suggest that internal auditors do follow the priorities of either management or the audit committee depending on the instructions of a superior internal auditor. The study's results question whether the independence of the internal audit function is actually achievable. With our findings, we contribute to research on internal auditors' judgment and the internal audit function's independence in the frame of corporate governance.

The class basis of the cleavage between the New Left and the radical right: An analysis for Austria, Denmark, Norway and Switzerland

This chapter argues that the electoral competition between the New Left and the Radical Right is best understood as a cultural divide anchored in different class constituencies. Based on individual-level data from the European Social Survey, we analyze the links between voters' class position, their economic and cultural preferences and their party choice for four small and affluent European countries. We find a striking similarity in the class pattern across countries. Everywhere, the New Left attracts disproportionate support from socio-cultural professionals and presents a clear-cut middle-class profile, whereas the Radical Right is most successful among production and service workers and receives least support from professionals. In general, the Radical Right depends on the votes of lowereducated men and older citizens and has turned into a new type of working-class party. However, its success within the working-class is not due to economic, but to cultural issues. The voters of the Radical Right collide with those of the New Left over a cultural conflict of identity and community - and not over questions of redistribution. A full-grown cleavage has thus emerged in the four countries under study, separating a libertarian-universalistic pole from an authoritarian-communitarian pole and going along with a process of class realignment.