95,369 research outputs found
MOSTO: A toolkit to facilitate security auditing of ICS devices using Modbus/TCP
The integration of the Internet into industrial plants has connected Industrial Control Systems (ICS) worldwide, resulting in an increase in the number of attack surfaces and the exposure of software and devices not originally intended for networking. In addition, the heterogeneity and technical obsolescence of ICS architectures, legacy hardware, and outdated software pose significant challenges. Since these systems control essential infrastructure such as power grids, water treatment plants, and transportation networks, security is of the utmost importance. Unfortunately, current methods for evaluating the security of ICS are often ad-hoc and difficult to formalize into a systematic evaluation methodology with predictable results. In this paper, we propose a practical method supported by a concrete toolkit for performing penetration testing in an industrial setting. The primary focus is on the Modbus/TCP protocol as the field control protocol. Our approach relies on a toolkit, named MOSTO, which is licensed under GNU GPL and enables auditors to assess the security of existing industrial control settings without interfering with ICS workflows. Furthermore, we present a model-driven framework that combines formal methods, testing techniques, and simulation to (formally) test security properties in ICS networks
Evaluating the integration of supply chain information systems: A case study
Supply chain management (SCM) is the integrated management of business links, information flows and people. It is with this frame of reference that information systems integration from both intra- and inter-organisational levels becomes significant. Enterprise application integration (EAI) has emerged as software technologies to address the issue of integrating the portfolio of SCM components both within organisations and through cross-enterprises. EAI is based on a diversity of integration technologies (e.g. message brokers, ebXML) that differ in the type and level of integration they offer. However, none of these technologies claim to be a panacea to overcoming all integration problems but rather,
need to be pieced together to support the linking of diverse applications that often exist within supply chains. In exploring the evaluation of supply chain integration, the authors propose a framework for evaluating the portfolio of integration technologies that are used to unify inter-organisational and intra-organisational information systems. The authors define and classify the permutations of information systems available according to their characteristics and integration requirements. These, classifications of system types are then adopted as part of the evaluation framework and empirically tested within a case study
Correlating Architecture Maturity and Enterprise Systems Usage Maturity to Improve Business/IT Alignment
This paper compares concepts of maturity models in the areas of Enterprise Architecture and Enterprise Systems Usage. We investigate whether these concepts correlate, overlap and explain each other. The two maturity models are applied in a case study. We conclude that although it is possible to fully relate constructs from both kinds of models, having a mature architecture function in a company does not imply a high Enterprise Systems Usage maturity
Towards a novel framework for the assessment of enterprise application integration packages
In addressing enterprise integration problems, a diversity
of technologies such as CORBA and XML were
promoted, yet no single integration technology solves all
integration problems. As a result, a new generation of
software called Enterprise Application Integration (EAI)
is emerging to addresses many integration problems by
combining a diversity of integration technologies (e.g.
message brokers, adapters, XML). Since EAI is a new
research area, there is an absence of literature discussing
issues like its adoption, evaluation and implementation.
This paper, examines the application of two frameworks
for the evaluation of EAI packages in the practical arena.
In doing so, the authors use case study strategy to
investigate integration issues. Empirical data derived
from the case study suggest additions to the two
evaluation frameworks. Therefore, the authors revised
and extend previous works by proposing a novel
evaluation framework for the assessment of EAI
packages. The proposed framework makes novel
contribution at two levels. First, at the conceptual level,
as it incorporates criteria identified separately in previous
studies as evaluation criteria. The proposed framework
can be used as a decision-making tool and, supports
management when taking decisions regarding the
adoption of EAI. Additionally, it can be used by
researchers to analyse and understand the capabilities o
Migrating agile methods to standardized development practice
Situated process and quality frame-works offer a way to resolve the tensions that arise when introducing agile methods into standardized software development engineering. For these to be successful, however, organizations must grasp the opportunity to reintegrate software development management, theory, and practice
Beyond enterprise resource planning projects: innovative strategies for competitive advantage
ABSTRACT A rapidly changing business environment and legacy IT problems has resulted in many organisations implementing standard package solutions. This 'common systems' approach establishes a common IT and business process infrastructure within organisations and its increasing dominance raises several important strategic issues. These are to what extent do common systems impose common business processes and management systems on competing firms, and what is the source of competitive advantage if the majority of firms employ almost identical information systems and business processes? A theoretical framework based on research into legacy systems and earlier IT strategy literature is used to analyse three case studies in the manufacturing, chemical and IT industries. It is shown that the organisations are treating common systems as the core of their organisations' abilities to manage business transactions. To achieve competitive advantage they are clothing these common systems with information systems designed to capture information about competitors, customers and suppliers, and to provide a basis for sharing knowledge within the organisation and ultimately with economic partners. The importance of these approaches to other organisations and industries is analysed and an attempt is made at outlining the strategic options open to firms beyond the implementation of common business systems
Integrating IVHM and Asset Design
Integrated Vehicle Health Management (IVHM) describes a set of capabilities that enable effective and efficient maintenance and operation of the target vehicle. It accounts for the collection of data, conducting analysis, and supporting the decision-making process for sustainment and operation. The design of IVHM systems endeavours to account for all causes of failure in a disciplined, systems engineering, manner. With industry striving to reduce through-life cost, IVHM is a powerful tool to give forewarning of impending failure and hence control over the outcome. Benefits have been realised from this approach across a number of different sectors but, hindering our ability to realise further benefit from this maturing technology, is the fact that IVHM is still treated as added on to the design of the asset, rather than being a sub-system in its own right, fully integrated with the asset design. The elevation and integration of IVHM in this way will enable architectures to be chosen that accommodate health ready sub-systems from the supply chain and design trade-offs to be made, to name but two major benefits. Barriers to IVHM being integrated with the asset design are examined in this paper. The paper presents progress in overcoming them, and suggests potential solutions for those that remain. It addresses the IVHM system design from a systems engineering perspective and the integration with the asset design will be described within an industrial design process
Recommended from our members
Using ERP as a basis for Enterprise application integration
Architecting and implementing e-Business supply chain solutions across and within the modern day enterprise, is now becoming a necessity in order to maintain competitive and be adaptable to market needs. As such, the integration of information and processes is a vital step, using technologies such as using Enterprise Resource Planning (ERP), Supply Chain Management (SCM) and enterprise portal platforms. The effective sharing of resource planning and other enterprise related data across and within the enterprise is typically seen as a facet of a business to business (B2B) platform. However, such infrastructures typically involve a tight integration across intra and inter-organisational systems. This paper examines an Enterprise Application Integration (EAI) initiative taken by a global manufacturer of industrial automation products, which attempted to utilise ERP as an integration tool across its internal B2B infrastructure, to achieve such an aim. This paper discusses those integration considerations and complexities, experienced by the case company upon embarking on an EAI integration programme through the adoption of a core ERP as a catalyst for organizational change. In doing so the authors present an analysis of the inherent risks and limitations of this approach in terms of previously published literature in the field, relating to technology-driven organizational change and EAI impact and adoption frameworks
- …