36 research outputs found
Towards Cybersecurity by Design: A multi-level reference model for requirements-driven smart grid cybersecurity
This paper provides a first step towards a reference model for end-to-end cybersecurity by design in the electricity sector. The envisioned reference model relies, among others, on the integrated consideration of two currently fragmented, but complementary, reference models: NISTIR 7628 and powerLang. As an underlying language architecture of choice, we rely on multi-level modeling, specifically on the Flexible Meta Modeling and Execution Language (FMMLx), as multi-level modeling supports a natural integration across different abstraction levels inherent to reference models. This paperâs contributions are a result of one full consideration of Wieringaâs engineering cycle: for problem investigation, we describe the problems the reference model should address; for treatment design, we contribute the requirements the reference model should fulfill; for treatment implementation, we provide reference modelâs fragments implemented in an integrated modeling and programming environment. Finally, for treatment evaluation, we perform expert interviews to check, among others, the artefactâs relevance and utility
Queensland University of Technology: Annual Report 2009
Our annual report provides an evaluation of our performance and achievements during the previous year, measured against our goals and strategic plans. It documents our performance in the three key areas of:
teaching and learning
research
community service.
The report includes a summary of financial performance and a copy of our audited accounts
Recommended from our members
Requirements-Driven Adaptation of Choreographed Interactions
Electronic services are emerging as the de-facto enabler of interaction interoperability across organization boundaries. Cross-organizational interactions are often âchoreographedâ, i.e. specified by a messaging protocol from a global point of view independent of the local view of each interacting organization. Local requirements motivating an interaction as well as the global contextual requirements governing the interaction inevitably evolve over time, requiring adaptation of the corresponding interaction protocol. Adaptation of an interaction protocol must ensure the satisfaction of both sets of interaction requirements while maintaining consistency between the global view and the local views of an interaction specification. Such adaptation is not possible with the current state-of-the-art representations of choreographed interactions, as they capture only operational messaging specifications detached from both local organizational requirements as well as global contextual requirements.
This thesis presents three novel contributions that tackle adaptation of choreographed interaction protocols: an automated technique for deriving an interaction protocol from requirements, a formalization of consistency between local and global views, and a framework for guiding the adaptation of a choreographed interaction. A choreographed interaction is specified using models of organizational requirements motivating the interaction. We employ the formal semantics embedded in requirements models to automatically derive an interaction protocol. We propose a framework for relating the global and local views of interaction specification and maintaining consistency between them. We develop a metamodel for interaction specification, from which we enumerate adaptation operations. We build a catalogue that provides guidance on performing each operation and propagating changes between the global and local views. These contributions are evaluated using examples from the literature as well as a real-world case study
Data-driven conceptual modeling: how some knowledge drivers for the enterprise might be mined from enterprise data
As organizations perform their business, they analyze, design and manage a variety of processes represented in models with different scopes and scale of complexity. Specifying these processes requires a certain level of modeling competence. However, this condition does not seem to be balanced with adequate capability of the person(s) who are responsible for the task of defining and modeling an organization or enterprise operation.
On the other hand, an enterprise typically collects various records of all events occur during the operation of their processes. Records, such as the start and end of the tasks in a process instance, state transitions of objects impacted by the process execution, the message exchange during the process execution, etc., are maintained in enterprise repositories as various logs, such as event logs, process logs, effect logs, message logs, etc. Furthermore, the growth rate in the volume of these data generated by enterprise process execution has increased manyfold in just a few years.
On top of these, models often considered as the dashboard view of an enterprise. Models represents an abstraction of the underlying reality of an enterprise. Models also served as the knowledge driver through which an enterprise can be managed. Data-driven extraction offers the capability to mine these knowledge drivers from enterprise data and leverage the mined models to establish the set of enterprise data that conforms with the desired behaviour.
This thesis aimed to generate models or knowledge drivers from enterprise data to enable some type of dashboard view of enterprise to provide support for analysts. The rationale for this has been started as the requirement to improve an existing process or to create a new process. It was also mentioned models can also serve as a collection of effectors through which an organization or an enterprise can be managed.
The enterprise data refer to above has been identified as process logs, effect logs, message logs, and invocation logs. The approach in this thesis is to mine these logs to generate process, requirement, and enterprise architecture models, and how goals get fulfilled based on collected operational data.
The above a research question has been formulated as whether it is possible to derive the knowledge drivers from the enterprise data, which represent the running operation of the enterprise, or in other words, is it possible to use the available data in the enterprise repository to generate the knowledge drivers? .
In Chapter 2, review of literature that can provide the necessary background knowledge to explore the above research question has been presented. Chapter 3 presents how process semantics can be mined. Chapter 4 suggest a way to extract a requirements model. The Chapter 5 presents a way to discover the underlying enterprise architecture and Chapter 6 presents a way to mine how goals get orchestrated. Overall finding have been discussed in Chapter 7 to derive some conclusions
An Exploration of Enterprise Architecture Research
Management of the enterprise architecture has become increasingly recognized as a crucial part of both business and IT management. Still, a common understanding and methodological consistency seems far from being developed. Acknowledging the significant role of research in moving the development process along, this article employs different bibliometric methods, complemented by an extensive qualitative interpretation of the research field, to provide a unique overview of the enterprise architecture literature. After answering our research questions about the collaboration via co-authorships, the intellectual structure of the research field and its most influential works, and the principal themes of research, we propose an agenda for future research based on the findings from the above analyses and their comparison to empirical insights from the literature. In particular, our study finds a considerable degree of co-authorship clustering and a positive impact of the extent of co-authorship on the diffusion of works on enterprise architecture. In addition, this article identifies three major research streams and shows that research to date has revolved around specific themes, while some of high practical relevance receive minor attention. Hence, the contribution of our study is manifold and offers support for researchers and practitioners alike
Information Systems as Representations: A Review of the Theory and Evidence
Representation theory proposes that the basic purpose of an information system (IS) is to faithfully represent certain real-world phenomena, allowing users to reason about these phenomena more cost- effectively than if they were observed directly. Over the past three decades, the theory has underpinned much research on conceptual modeling in IS analysis and design and, increasingly, research on other IS phenomena such as data quality, system alignment, IS security, and system use. The original theory has also inspired further development of its core premises and advances in methodological guidelines to improve its use and evaluation. Nonetheless, the theory has attracted repeated criticisms regarding its validity, relevance, usefulness, and robustness. Given the burgeoning literature on the theory over time, both positive and negative, the time is ripe for a narrative, developmental review. We review representation theory, examine how it has been used, and critically evaluate its contributions and limitations. Based on our findings, we articulate a set of recommendations for improving its application, development, testing, and evaluation
Method support for enterprise architecture management capabilities
"What can our EA organization do and/or what should it be capable of?". In order to answer this questions, a capability-based method is developed, which assists in the identification, structuring and management of capabilities. The approach is embedded in a process comprising four building blocks providing appropriated procedures, concepts and supporting tools evolved from theory and practical use cases. The guide represents a flexible method for capability newcomers and experienced audiences to optimize enterprisesâ economic impacts of EAM supporting the alignment of business and IT.âWas muss unser UAM leisten können?â Als Grundlage fĂŒr die Beantwortung dieser Frage sollen Konzepte aus dem FĂ€higkeitenmanagement genutzt werden. Im Rahmen dieser Arbeit wird eine fĂ€higkeitenbasierte Methode entwickelt, welche Unternehmen bei der Identifikation, Strukturierung und Verwaltung von UAM-FĂ€higkeiten unterstĂŒtzt. Der Ansatz ist in einen Prozess eingegliedert, welcher vier Hauptbestandteile beinhaltet und die fĂŒr die DurchfĂŒhrung notwendigen Vorgehen, Konzepte und Hilfsmittel beschreibt, welche wiederrum in Kooperationen mit der Praxis getestet wurden
IngĂ©nierie et Architecture dâEntreprise et des SystĂšmes dâInformation - Concepts, Fondements et MĂ©thodes
L'ingĂ©nierie des systĂšmes d'information s'est longtemps cantonnĂ©e Ă la modĂ©lisation du produit (objet) qu'est le systĂšme dâinformation sans se prĂ©occuper des processus d'usage de ce systĂšme. Dans un environnement de plus en plus Ă©volutif, la modĂ©lisation du fonctionnement du systĂšme dâinformation au sein de l'entreprise me semble primordiale. Pendant les deux derniĂšres dĂ©cennies, les pratiques de management, dâingĂ©nierie et dâopĂ©ration ont subi des mutations profondes et multiformes. Nous devons tenir compte de ces mutations dans les recherches en ingĂ©nierie des systĂšmes dâinformation afin de produire des formalismes et des dĂ©marches mĂ©thodologiques qui sauront anticiper et satisfaire les nouveaux besoins, regroupĂ©s dans ce document sous quatre thĂšmes:1) Le systĂšme dâinformation est le lieu mĂȘme oĂč sâĂ©labore la coordination des actes et des informations sans laquelle une entreprise (et toute organisation), dans la diversitĂ© des mĂ©tiers et des compĂ©tences quâelle met en Ćuvre, ne peut exister que dans la mĂ©diocritĂ©. La comprĂ©hension des exigences de coopĂ©ration dans toutes ses dimensions (communication, coordination, collaboration) et le support que lâinformatique peut et doit y apporter deviennent donc un sujet digne dâintĂ©rĂȘt pour les recherches en systĂšme dâinformation.2) Le paradigme de management des processus dâentreprise (BPM) est en forte opposition avec le dĂ©veloppement traditionnel des systĂšmes dâinformation qui, pendant plusieurs dĂ©cennies, a cristallisĂ© la division verticale des activitĂ©s des organisations et favorisĂ© ainsi la construction dâĂźlots dâinformation et dâapplications. Cependant, les approches traditionnelles de modĂ©lisation de processus ne sont pas Ă la hauteur des besoins dâingĂ©nierie des processus dans ce contexte en constant changement, que ce dernier soit de nature contextuelle ou permanente. Nous avons donc besoin de formalismes (i) qui permettent non seulement de reprĂ©senter les processus dâentreprise et leurs liens avec les composants logiciels du systĂšme existant ou Ă venir mais (ii) qui ont aussi lâaptitude Ă reprĂ©senter la nature variable et/ou Ă©volutive (donc parfois Ă©minemment dĂ©cisionnelle) de ces processus.3) Les systĂšmes dâinformation continuent aujourdâhui de supporter les besoins classiques tels que lâautomatisation et la coordination de la chaĂźne de production, lâamĂ©lioration de la qualitĂ© des produits et/ou services offerts. Cependant un nouveau rĂŽle leur est attribuĂ©. Il sâagit du potentiel offert par les systĂšmes dâinformation pour adopter un rĂŽle de support au service de la stratĂ©gie de lâentreprise. Les technologies de lâinformation, de la communication et de la connaissance se sont ainsi positionnĂ©es comme une ressource stratĂ©gique, support de la transformation organisationnelle voire comme levier du changement. Les modĂšles dâentreprise peuvent reprĂ©senter lâĂ©tat actuel de lâorganisation afin de comprendre, de disposer dâune reprĂ©sentation partagĂ©e, de mesurer les performances, et Ă©ventuellement dâidentifier les dysfonctionnements. Ils permettent aussi de reprĂ©senter un Ă©tat futur souhaitĂ© afin de dĂ©finir une cible vers laquelle avancer par la mise en Ćuvre des projets. Lâentreprise Ă©tant en mouvement perpĂ©tuel, son Ă©volution fait partie de ses multiples dimensions. Nous avons donc besoin de reprĂ©senter, a minima, un Ă©tat futur et le chemin de transformation Ă construire pour avancer vers cette cible. Cependant planifier/imaginer/se projeter vers une cible unique et, en supposant que lâon y arrive, croire quâil puisse exister un seul chemin pour lâatteindre semble irrĂ©aliste. Nous devons donc proposer des formalismes qui permettront de spĂ©cifier des scenarii Ă la fois pour des cibles Ă atteindre et pour des chemins Ă parcourir. Nous devons aussi dĂ©velopper des dĂ©marches mĂ©thodologiques pour guider de maniĂšre systĂ©matique la construction de ces modĂšles dâentreprise et la rationalitĂ© sous-jacente.4) En moins de cinquante ans, le propos du systĂšme dâinformation a Ă©voluĂ© et sâest complexifiĂ©. Aujourdâhui, le systĂšme dâinformation doit supporter non seulement les fonctions de support de maniĂšre isolĂ©e et en silos (1970-1990), et les activitĂ©s appartenant Ă la chaĂźne de valeur [Porter, 1985] de lâentreprise (1980-2000) mais aussi les activitĂ©s de contrĂŽle, de pilotage, de planification stratĂ©gique ainsi que la cohĂ©rence et lâharmonie de lâensemble des processus liĂ©s aux activitĂ©s mĂ©tier (2000-201x), en un mot les activitĂ©s de management stratĂ©gique et de gouvernance dâentreprise. La gouvernance d'entreprise est l'ensemble des processus, rĂ©glementations, lois et institutions influant la maniĂšre dont l'entreprise est dirigĂ©e, administrĂ©e et contrĂŽlĂ©e. Ces processus qui produisent des âdĂ©cisionsâ en guise de âproduitâ ont autant besoin dâĂȘtre instrumentalisĂ©s par les systĂšmes dâinformation que les processus de nature plus opĂ©rationnels de lâentreprise. De mĂȘme, ces processus stratĂ©giques (dits aussi âde dĂ©veloppementâ) nĂ©cessitent dâavoir recours Ă des formalismes de reprĂ©sentation qui sont trĂšs loin, en pouvoir dâexpression, des notations largement adoptĂ©es ces derniĂšres annĂ©es pour la reprĂ©sentation des processus dâentreprise.Ainsi, il semble peu judicieux de vouloir (ou penser pouvoir) isoler, pendant sa construction, lâobjet âsystĂšme dâinformationâ de son environnement dâexĂ©cution. Si le sens donnĂ© Ă lâinformation dĂ©pend de la personne qui la reçoit, ce sens ne peut ĂȘtre entiĂšrement capturĂ© dans le systĂšme technique. Il sera plutĂŽt apprĂ©hendĂ© comme une composante essentielle dâun systĂšme socio-technique incluant les usagers du systĂšme dâinformation technologisĂ©, autrement dit, les acteurs agissant de lâentreprise. De mon point de vue, ce systĂšme socio-technique qui mĂ©rite lâintĂ©rĂȘt scientifique de notre discipline est lâentreprise. Les recherches que jâai rĂ©alisĂ©es, animĂ©es ou supervisĂ©es , et qui sont structurĂ©es en quatre thĂšmes dans ce document, visent Ă rĂ©soudre les problĂšmes liĂ©s aux contextes de l'usage (l'entreprise et son environnement) des systĂšmes dâinformation. Le point discriminant de ma recherche est l'intĂ©rĂȘt que je porte Ă la capacitĂ© de reprĂ©sentation :(i) de l'Ă©volutivitĂ© et de la flexibilitĂ© des processus d'entreprise en particulier de ceux supportĂ©s par un systĂšme logiciel, dâun point de vue microscopique (modĂšle dâun processus) et macroscopique (reprĂ©sentation et configuration dâun rĂ©seau de processus) : thĂšme 2(ii) du systĂšme dâentreprise dans toutes ses dimensions (stratĂ©gie, organisation des processus, systĂšme dâinformation et changement) : thĂšme 3Pour composer avec ces motivations, il fallait :(iii) sâintĂ©resser Ă la nature mĂȘme du travail coopĂ©ratif et Ă lâintentionnalitĂ© des acteurs agissant afin dâidentifier et/ou proposer des formalismes appropriĂ©s pour les dĂ©crire et les comprendre : thĂšme 1(iv) se questionner aussi sur les processus de management dont le rĂŽle est de surveiller, mesurer, piloter lâentreprise afin de leur apporter le soutien quâils mĂ©ritent du systĂšme dâinformation : thĂšme