Artificial intelligence applied to stakeholder theory

The constant evolution and change in the world have forced organizations to rethink their business model. Intelligent Systems have proved to be very promising in business management, increasing business performance by simplifying processes, increasing efficiency and decision-making. The importance of Stakeholder Theory as an integral part of business analysis becomes evident as all Stakeholders will influence the business environment at some point, and therefore its constant monitoring becomes crucial. Despite the importance of stakeholder analysis, it remains a significant gap in organizations. To find solutions to this problem, this investigation's main objective is to study the impact of Intelligent Systems on Stakeholder Theory. For this, after a literary review, two research questions were raised. The investigation is based on an inductive, exploratory study and was carried out from a non-probabilistic convenience sample. To obtain answers to the research questions, a hybrid approach of qualitative and quantitative methods was used, with an analysis of 13 interviews and 168 online questionnaires, respectively. The results obtained allow us to demonstrate that the use of Intelligent Systems related to the Stakeholder Theory in organizations becomes relevant and that the perception and knowledge of individuals, influenced or not by the benefits and challenges that the implementation of Artificial Intelligence can entail, becomes crucial in the decision to implement these systems in their companies.A constante evolução e mudança no mundo, tem forçado as organizações a repensar todo o seu modelo empresarial. Os Sistemas Inteligentes têm-se revelado bastante promissores em relação à gestão empresarial, aumentando o desempenho dos negócios através da simplificação de processos, aumento de eficiência e tomada de decisão. A importância da Teoria dos Stakeholders como parte integrante das análises das empresas torna-se evidente na medida em que todos os Stakeholders irão influenciar o ambiente empresarial em algum momento e por isso, torna-se crucial a sua monitorização constante. Apesar da importância da análise de Stakeholders, continua a ser uma grande lacuna nas organizações. No sentido de encontrar soluções para esta problemática, o principal objetivo desta investigação prende-se com o estudo do impacto dos Sistemas Inteligentes na Teoria dos Stakeholders. Para isso, depois de uma revisão literária, foram levantadas duas questões de pesquisa. A investigação é baseada em uma investigação indutiva, exploratória e foi realizada a partir de uma amostra não probabilística de conveniência. Na obtenção de respostas para as questões de pesquisa foi utilizado uma abordagem mista de métodos qualitativos e quantitativos com análise de 13 entrevistas e 168 questionários online, respetivamente. Os resultados obtidos permitem demonstrar que a utilização de Sistemas Inteligentes relacionada com a Teoria dos Stakeholders nas organizações torna-se relevante e que, a perceção e conhecimento dos indivíduos influenciada ou não pelos benefícios e desafios que a implementação da Inteligência Artificial pode acarretar, se torna crucial na decisão da implementação destes sistemas nas suas empresas

Supporting the Discovery, Reuse, and Validation of Cybersecurity Requirements at the Early Stages of the Software Development Lifecycle

The focus of this research is to develop an approach that enhances the elicitation and specification of reusable cybersecurity requirements. Cybersecurity has become a global concern as cyber-attacks are projected to cost damages totaling more than $10.5 trillion dollars by 2025. Cybersecurity requirements are more challenging to elicit than other requirements because they are nonfunctional requirements that requires cybersecurity expertise and knowledge of the proposed system. The goal of this research is to generate cybersecurity requirements based on knowledge acquired from requirements elicitation and analysis activities, to provide cybersecurity specifications without requiring the specialized knowledge of a cybersecurity expert, and to generate reusable cybersecurity requirements. The proposed approach can be an effective way to implement cybersecurity requirements at the earliest stages of the system development life cycle because the approach facilitates the identification of cybersecurity requirements throughout the requirements gathering stage. This is accomplished through the development of the Secure Development Ontology that maps cybersecurity features and the functional features descriptions in order to train a classification machine-learning model to return the suggested security requirements. The SD-SRE requirements engineering portal was created to support the application of this research by providing a platform to submit use case scenarios and requirements and suggest security requirements for the given system. The efficacy of this approach was tested with students in a graduate requirements engineering course. The students were presented with a system description and tasked with creating use case scenarios using the SD-SRE portal. The entered models were automatically analyzed by the SD-SRE system to suggest the security requirements. The results showed that the approach can be an effective approach to assist in the identification of security requirements

A framework for active software engineering ontology

The passive structure of ontologies results in the ineffectiveness to access and manage the knowledge captured in them. This research has developed a framework for active Software Engineering Ontology based on a multi-agent system. It assists software development teams to effectively access, manage and share software engineering knowledge as well as project information to enable effective and efficient communication and coordination among teams. The framework has been evaluated through the prototype system as proof-of-concept experiments

Domain- and Quality-aware Requirements Engineering for Law-compliant Systems

Titel in deutscher Übersetzung: Domänen- und qualitätsgetriebene Anforderungserhebung für gesetzeskonforme Systeme Der bekannte Leitsatz in der Anforderungserhebung und -analyse besagt, dass es schwierig ist, das richtige System zu bauen, wenn man nicht weiß, was das 'Richtige' eigentlich ist. Es existieren überzeugende Belege, dass dieser Leitsatz die Notwendigkeit der Anforderungserhebung und -analyse exakt definiert und beschreibt. Zum Beispiel ergaben Studien, dass das Beheben von Defekten in einer Software, die bereits produktiv genutzt wird, bis zu 80 mal so teuer ist wie das frühzeitige Beheben der korrespondierenden Defekte in den Anforderungen. Generell hat es sich gezeigt, dass das Durchführen einer angemessenen Anforderungserhebung und -analyse ein wichtiger Erfolgsfaktor für Softwareentwicklungsprojekte ist. Während der Progression von den initialen Wünschen der beteiligten Interessensvertretern für ein zu entwickelndes System zu einer Spezifikation für eben dieses Systems müssen Anforderungsanalysten einen komplexen Entscheidungsprozess durchlaufen, der die initialen Wünsche in die Spezifikation überführt. Tatsächlich wird das Treffen von Entscheidungen als integraler Bestandteil der Anforderungsanalyse gesehen. In dieser Arbeit werden wir versuchen zu verstehen welche Aktivitäten und Information von Nöten sind, um eine fundierte Auswahl von Anforderungen vorzunehmen, welche Herausforderungen damit verbunden sind, wie eine ideale Lösung zur Anforderungswahl aussehen könnte und in welchen Bereichen der aktuelle Stand der Technik in Bezug auf diese ideale Lösung lückenhaft ist. Innerhalb dieser Arbeit werden wir die Informationen, die notwendig für eine fundierte Anforderungsauswahl sind, identifizieren, einen Prozess präsentieren, um diese notwendigen Informationen zu sammeln, die Herausforderungen herausstellen, die durch diesen Prozess und die damit verbundenen Aktivitäten adressiert werden und eine Auswahl von Methoden diskutieren, mit deren Hilfe man die Aktivitäten des Prozesses umsetzen kann. Die gesammelten Informationen werden dann für eine automatisierte Anforderungsauswahl verwendet. Für die Auswahl kommt ein Optimierungsmodell, das Teil des Beitrags dieser Arbeit ist, zum Einsatz. Da wir während der Erstellung dieser Arbeit zwei große Lücken im Stand der Technik bezüglich unseres Prozesses und der damit verbundenen Aktivitäten identifiziert haben, präsentieren wir darüber hinaus zwei neuartige Methoden für die Kontexterhebung und die Erhebung von rechtlichen Anforderungen, um diese Lücken zu schließen. Diese Methoden sind Teil des Hauptbeitrags dieser Arbeit. Unsere Lösung für der Erhebung des Kontext für ein zu entwickelndes System ermöglicht das Etablieren eines domänenspezifischen Kontextes unter Zuhilfenahme von Mustern für verschiedene Domänen. Diese Kontextmuster erlauben eine strukturierte Erhebung und Dokumentation aller relevanten Interessensvertreter und technischen Entitäten für ein zu entwickelndes System. Sowohl die Dokumentation in Form von grafischen Musterinstanzen und textuellen Vorlageninstanzen als auch die Methode zum Sammeln der notwendigen Informationen sind expliziter Bestandteil jedes Kontextmusters. Zusätzlich stellen wir auch Hilfsmittel für die Erstellung neuer Kontextmuster und das Erweitern der in dieser Arbeit präsentierten Kontextmustersprache zur Verfügung. Unsere Lösung für die Erhebung von rechtlichen Anforderungen basiert auch auf Mustern und stellt eine Methode bereit, welche es einem erlaubt, die relevanten Gesetze für ein zu erstellendes System, welches in Form der funktionalen Anforderungen bereits beschrieben sein muss, zu identifizieren und welche die bestehenden funktionalen Anforderungen mit den rechtlichen Anforderungen verknüpft. Diese Methode beruht auf der Zusammenarbeit zwischen Anforderungsanalysten und Rechtsexperten und schließt die Verständnislücke zwischen ihren verschiedenartigen Welten. Wir veranschaulichen unseren Prozess unter der Zuhilfenahme eines durchgehenden Beispiels aus dem Bereich der service-orientierten Architekturen. Zusätzlich präsentieren wir sowohl die Ergebnisse der Anwendung unseres Prozesses (bzw. Teilen davon) auf zwei reale Fälle aus den Bereichen von Smart Grids und Wahlsystemen, als auch alle anderen Ergebnisse der wissenschaftlichen Methoden, die wir genutzt haben, um unsere Lösung zu fundieren und validieren.The long known credo of requirements engineering states that it is challenging to build the right system if you do not know what right is. There is strong evidence that this credo exactly defines and describes the necessity of requirements engineering. Fixing a defect when it is already fielded is reported to be up to eighty times more expensive than fixing the corresponding requirements defects early on. In general, conducting sufficient requirements engineering has shown to be a crucial success factor for software development projects. Throughout the progression from initial stakeholders' wishes regarding the system-to-be to a specification for the system-to-be requirements engineers have to undergo a complex decision process for forming the actual plan connecting stakeholder wishes and the final specification. Indeed, decision making is considered to be an inherent part of requirements engineering. In this thesis, we try to understand which activities and information are needed for selecting requirements, which the challenges are, how an ideal solution for selecting requirements would look like, and where the current state of the art is deficient regarding the ideal solution. Within this thesis we identify the information necessary for an informed requirements selection, present a process in which one collects all the necessary information, highlight the challenges to be addressed by this process and its activities, and a selection of methods to conduct the activities of the process. All the collected information is then used for an automated requirements selection using an optimization model which is also part of the contribution of this thesis. As we identified two major gaps in the state of the art considering the proposed process and its activities, we also present two novel methods for context elicitation and for legal compliance requirements elicitation to fill the gaps as part of the main contribution. Our solution for context elicitation enables a domain-specific context establishment based on patterns for different domains. The context patterns allow a structured elicitation and documentation of relevant stakeholders and technical entities for a system-to-be. Both, the documentation in means of graphical pattern instances and textual template instances as well as the method for collecting the necessary information are explicitly given in each context pattern. Additionally, we also provide the means which are necessary to derive new context patterns and extend our context patterns language which is part of this thesis. Our solution for legal compliance requirements elicitation is a pattern-based and guided method which lets one identify the relevant laws for a system-to-be, which is described in means of functional requirements, and which intertwines the functional requirements with the according legal requirements. This method relies on the collaboration of requirements engineers and legal experts, and bridges the gap between their distinct worlds. Our process is exemplified using a running example in the domain of service oriented architectures. Additionally, the results of applying (parts of) the process to real life cases from the smart grid domain and voting system domain are presented, as well as all other results from the scientific means we took to ground and validate the proposed solutions