Validating the domains of an inter-organizational business-IT alignment assessment instrument: A case study

CIOs can judge the effectiveness of their business-IT alignment activities by assessing maturity of processes in domains relevant to alignment. Currently, assessment instruments that support this are being developed. This paper reports on a case study aimed at validating four process domains we deemed necessary for inclusion in an assessment instrument that focuses on business-IT alignment at the level of inter-organizational collaboration. Our case study research draws on empirical evidence from an inter-organizational collaboration among different government departments within the state of Tamaulipas in Mexico. The case study revealed that the domains included in the alignment assessment instrument are the most important ones to address when achieving business-IT alignment in inter-organizational collaborations

Validating adequacy and suitability of business-IT alignment criteria in an inter-enterprise maturity model

Aligning requirements of a business with its information technology is currently a major issue in enterprise computing. Existing literature indicates important criteria to judge the level of alignment between business and IT within a single enterprise. However, identifying such criteria in an inter-enterprise setting – or re-thinking the existing ones – is hardly addressed at all. Business-IT alignment in such settings poses new challenges, as in inter-enterprise collaborations, alignment is driven by economic processes instead of centralized decision-making processes. In our research, we develop a maturity model for business-IT alignment in inter-enterprise settings that takes this difference into account. In this paper, we report on a multi-method approach we devised to confront the validation of the business-IT alignment criteria that we included in the maturity model. As independent feedback is critical for our validation, we used a focus group session and a case study as instruments to take the first step in validating the business-IT alignment criteria. We present how we applied our approach, what we learnt, and what the implications were for our model

Towards a business-IT alignment maturity model for collaborative networked organizations

Aligning business and IT in networked organizations is a complex endeavor because in such settings, business-IT alignment is driven by economic processes instead of by centralized decision-making processes. In order to facilitate managing business-IT alignment in networked organizations, we need a maturity model that allows collaborating organizations to assess the current state of alignment and take appropriate action to improve it where needed. In this paper we propose the first version of such a model, which we derive from various alignment models and theories

iTrust: a trust-aware ontology for information systems development

This paper gives a synopsis of our present state of affairs in modelling an ontology which reflects trust related concepts collectively in information systems development. The main problem is that there is a lack of ontological and methodological support to model and reason about trust with its related concepts in one allied framework. This situation provides the foremost motivation for our research. In particular, our aim is to develop a reasoning and modelling framework that will enable information system developers to consider trust and its related concepts collectively during the development of information systems

Applying Misuse Case to Improve the Security of Information Systems

In the Information Security Profession we are losing the Battle. Today’s Information Systems are, perversely, more secure than Tomorrow’s. The only way we can reverse this trend is by securing Information Systems smarter and faster than we do today. This dissertation explores Information Systems and how they are developed with the aim of incorporating Security in the early stages of their development; using a technique called ‘Misuse Cases’. Misuse Cases capture how an Information System can be used in a way that it is not supposed to, either deliberately (an attack) or accidentally (a mistake). It is true to say that Information Systems are misused by Human beings. Humans may use machines as a proxy from which to commit their misuses, but ultimately the security profession is at the mercy of human creativity (and stupidity). Misuse Cases provide us with a way to reason about how a System might be misused at an early stage in its development. We can use this information to incorporate countermeasures into the System’s Requirements (in the form of security requirements). We apply Four Techniques based on Misuse Cases to a hypothetical Case Study-an IT Contractor Management System to achieve the following: • Identify potential top-level Misuses; • Use Misuse Cases to Elicit Security Requirements; • Propose a way to develop Tests to verify that Security Requirements have been met. In applying the Techniques we recognise their benefits and limitations and where appropriate propose some enhancements