An analysis about the relationship between the cloud computing model and ITIL v3 2011

Cloud Computing is widely recognized as a recent computing paradigm of digital transformation in which scalable and elastic computational resources are delivered as a service through Internet technologies. Its characteristics made this business model increasingly adopted by organizations reaching business goals. Besides its benefits, some risks may impact organizations internally and, in the way they deliver their services to their clients. Therefore, it became important to understand the impacts of the Cloud model on the way companies organize their processes. The goal of this work is to investigate which are the main impacts arising from the Cloud Computing model currently impacting Information Technology Infrastructure Library framework processes. The methodology selected will be through semi-structured interviews with knowledgeable professionals to effectively collect practical information that, according to the Systematic Literature Review performed, could not be collected by the traditional literature. By analyzing the Systematic Literature Review results, several processes of this framework were affected, which may lead to a need for reframing it. Although the organization’s approach to this model must be enhanced and adapted to a new reality, the empirical insights collected from semi-structured interviews, suggest that the framework does not need to be reframed, and ITIL v3 2011 most impacted processes by the introduction of the Cloud-based model, are Change Management and Incident Management.A computação em nuvem é amplamente reconhecida como um paradigma de computação recente da transformação digital, no qual recursos computacionais escaláveis e elásticos são fornecidos como um serviço através de tecnologias na Internet. As suas características fizeram com que esse modelo de negócio fosse cada vez mais adotado por organizações que na prossecução dos seus objetivos de negócio. Além dos benefícios, também existem os riscos podem impactar as organizações internamente e na forma como entregam os seus serviços aos clientes. Portanto, tornou-se importante entender os impactos do modelo de Cloud na forma como as empresas organizam seus próprios processos e práticas. O objetivo deste trabalho é investigar quais são os principais impactos decorrentes do modelo de Cloud que impactam atualmente os processos da Information Technology Infrastructure Library. A metodologia selecionada será por meio de entrevistas semiestruturadas a profissionais capacitados para recolher informações decorrentes de experiências na prática que, de acordo com a Revisão Sistemática da Literatura realizada, não poderiam ser obtidas pela literatura tradicional. Ao analisar os resultados da Revisão Sistemática da Literatura, diversos processos desta framework foram afetados, o que pode levar à necessidade de reformulá-la. As considerações empíricas recolhidas nas entrevistas semiestruturadas, sugerem que a framework não necessita de ser reformulada e que os processos do ITIL v3 2011 mais impactados no modelo Cloud são o de Gestão de Incidentes e de Gestão da Mudança

Facets of Information Governance system at the South Africa Council for Social Service Professions

In many organisations, information governance (IG) is implemented in fragmented silos and does not add value. After realising this, South African Council for Social Service Professions (SACSSP), embarked on digital transformation process to modernise the organisation by implementing an information governance system. The SACSSP was experiencing challenges due to the lack of a cogent information technology (IT) system design and the disparaged registration, finance and external verification systems inherited that are not compatible with new system innovations to ensure effective and efficient operations. This study utilised the Control Objective for Information and Related Technology (COBIT) to develop an information governance system at SACSSP, with a view for entrenching a culture of good corporate governance. This critical emancipatory study used qualitative data collected through interviews, focus groups, observation, system and document analysis in response to research questions. The study was a participatory action research project that involved collaboration between the researcher and study participants in defining and solving the problem through needs assessment exercise. In order to address bias, the research findings were reviewed by peers to identify things that might have been missed or gaps that were not addressed. All three phases of participatory action research were followed, namely the ‘look phase’: getting to know stakeholders so that the problem is defined on their terms and the problem definition is reflective of the community context; the ‘think phase’: interpretation and analysis of what was learned in the ‘look phase’; and the ‘act phase’: planning, implementing, and evaluating, based on information collected and interpreted in the first two phases. Data was analysed thematically with the use of Atlas Ti 9 and presented in text, figures, pictures and diagrams. The key findings report on the processes taken by the SACSSP in identifying and implementing the IG system implementation, that is records management, information technology, content management, data governance, information security, data privacy, risk management, litigation readiness, regulatory compliance, long-term digital preservation, and even business intelligence. The results of the analysis suggest that integrated online system implementation, including system architecture can be used to address issues associated with information integrity in the present and near term, with proper IG policy and information & communication technology (ICT) infrastructure in place. It does not, however, guarantee reliability of information in the first place, and would have several limitations as a long term solution for maintaining digital records. The study established that there were no underlying technologies for the implementation of innovation technologies such as, artificial intelligence (AI). Core services of the organisation for social service professionals is dealing with registration related services such: as requirements for registrations; Foreign applications; Registrations fees; Restoration, Banking details. However, the SACSSP was on the right track towards digital transformation of the organisation. The study suggests a framework for information governance to assist professional organisations and board members to adopt a tailored governance system that would be designed according to their needs. It can be concluded that a successful IG system can be attained through adoption of principles and related accountabilities with a clear strategic direction that is supported by organisational business units. The study recommends that organisations need to make an emphasis of a holistic approach to IG in order to empower a board to coordinate and integrate decision making across the organisation.Information ScienceD. Litt. et Phil. (Information Science

A framework for social media use in project management

There has been rapid adoption of social media (SM) in business functions such as marketing and advertising. This being primarily due to its capability to communicate information. There has been less widespread adoption of SM for other business functions and the potential of SM is not comprehensively understood. The purpose of this thesis is to explore the potential of SM for project management and to understand some of the difficulties that arise from SM use. The research specifically investigated how SM is being used for project activities and the maturity of the management processes that govern SM use. Implications for underlying theories such as virtual team, social capital and process maturity have also been analysed. An expert panel of project management practitioners from various geographic regions were invited to participate in this research. To facilitate the investigation, the Project Management Body of Knowledge (PMBOK) from Project Management Institute (PMI) was used as the term of reference comprising forty seven project management activities. The research utilised two methods, firstly a Delphi Study of three rounds was used to identify the fundamentals of the phenomenon and attempt to align the expert views, and secondly, Structured Case Study interviews took place to explore the rationale and motivation of responses given by selected panellists. It further investigates the impact on project team performance and the robustness of processes that supports SM use by assessing the contribution to relationship building, trusts, coordination, cohesion and team virtuality. Key findings from the Delphi Study indicate that not all SM categories offer benefit for project activities. A list of SM categories that are most and least useful for all forty seven PMBOK process activities (across the project lifecycle) was identified. The two knowledge areas that are significantly benefitted are communication and stakeholder management while procurement management had limited use for SM. The findings also led to factors that could enable and inhibit the use of SM. Structured Case study confirmed that project team performance is enhanced through the use of SM as it improves social capital factors of relationship building, coordination and cohesion, however, trust development is not easily achieved. SM tools support mobility, facilitate effective and efficient information sharing, provide a single information repository and offer wider stakeholder reach surpassing geographic limitations constrained only by internet connectivity which in composite results in cost savings for project team communication. These factors increase team virtuality but the perception that SM use is free or of minimal costs, may encourage circumvention of control mechanisms such as senior management reviews and approvals. Findings indicate that lack of formulated business processes to manage SM use will lead to poor governance. Therefore, a Social Media Maturity Model (SM Cube hereafter) was propagated. SM Cube will help project professionals evaluate the robustness of SM enabling processes. This research proffers a mechanism to determine maturity of support processes for SM use thereby adding originality to the body of knowledge. Project professional can use this research as a guideline or framework to introduce SM for their project management. It extends the process maturity, virtual team and social capital theories

ICSEA 2021: the sixteenth international conference on software engineering advances

The Sixteenth International Conference on Software Engineering Advances (ICSEA 2021), held on October 3 - 7, 2021 in Barcelona, Spain, continued a series of events covering a broad spectrum of software-related topics. The conference covered fundamentals on designing, implementing, testing, validating and maintaining various kinds of software. The tracks treated the topics from theory to practice, in terms of methodologies, design, implementation, testing, use cases, tools, and lessons learnt. The conference topics covered classical and advanced methodologies, open source, agile software, as well as software deployment and software economics and education. The conference had the following tracks: Advances in fundamentals for software development Advanced mechanisms for software development Advanced design tools for developing software Software engineering for service computing (SOA and Cloud) Advanced facilities for accessing software Software performance Software security, privacy, safeness Advances in software testing Specialized software advanced applications Web Accessibility Open source software Agile and Lean approaches in software engineering Software deployment and maintenance Software engineering techniques, metrics, and formalisms Software economics, adoption, and education Business technology Improving productivity in research on software engineering Trends and achievements Similar to the previous edition, this event continued to be very competitive in its selection process and very well perceived by the international software engineering community. As such, it is attracting excellent contributions and active participation from all over the world. We were very pleased to receive a large amount of top quality contributions. We take here the opportunity to warmly thank all the members of the ICSEA 2021 technical program committee as well as the numerous reviewers. The creation of such a broad and high quality conference program would not have been possible without their involvement. We also kindly thank all the authors that dedicated much of their time and efforts to contribute to the ICSEA 2021. We truly believe that thanks to all these efforts, the final conference program consists of top quality contributions. This event could also not have been a reality without the support of many individuals, organizations and sponsors. We also gratefully thank the members of the ICSEA 2021 organizing committee for their help in handling the logistics and for their work that is making this professional meeting a success. We hope the ICSEA 2021 was a successful international forum for the exchange of ideas and results between academia and industry and to promote further progress in software engineering research

Framework for Security Transparency in Cloud Computing

The migration of sensitive data and applications from the on-premise data centre to a cloud environment increases cyber risks to users, mainly because the cloud environment is managed and maintained by a third-party. In particular, the partial surrender of sensitive data and application to a cloud environment creates numerous concerns that are related to a lack of security transparency. Security transparency involves the disclosure of information by cloud service providers about the security measures being put in place to protect assets and meet the expectations of customers. It establishes trust in service relationship between cloud service providers and customers, and without evidence of continuous transparency, trust and confidence are affected and are likely to hinder extensive usage of cloud services. Also, insufficient security transparency is considered as an added level of risk and increases the difficulty of demonstrating conformance to customer requirements and ensuring that the cloud service providers adequately implement security obligations. The research community have acknowledged the pressing need to address security transparency concerns, and although technical aspects for ensuring security and privacy have been researched widely, the focus on security transparency is still scarce. The relatively few literature mostly approach the issue of security transparency from cloud providers’ perspective, while other works have contributed feasible techniques for comparison and selection of cloud service providers using metrics such as transparency and trustworthiness. However, there is still a shortage of research that focuses on improving security transparency from cloud users’ point of view. In particular, there is still a gap in the literature that (i) dissects security transparency from the lens of conceptual knowledge up to implementation from organizational and technical perspectives and; (ii) support continuous transparency by enabling the vetting and probing of cloud service providers’ conformity to specific customer requirements. The significant growth in moving business to the cloud – due to its scalability and perceived effectiveness – underlines the dire need for research in this area. This thesis presents a framework that comprises the core conceptual elements that constitute security transparency in cloud computing. It contributes to the knowledge domain of security transparency in cloud computing by proposing the following. Firstly, the research analyses the basics of cloud security transparency by exploring the notion and foundational concepts that constitute security transparency. Secondly, it proposes a framework which integrates various concepts from requirement engineering domain and an accompanying process that could be followed to implement the framework. The framework and its process provide an essential set of conceptual ideas, activities and steps that can be followed at an organizational level to attain security transparency, which are based on the principles of industry standards and best practices. Thirdly, for ensuring continuous transparency, the thesis proposes an essential tool that supports the collection and assessment of evidence from cloud providers, including the establishment of remedial actions for redressing deficiencies in cloud provider practices. The tool serves as a supplementary component of the proposed framework that enables continuous inspection of how predefined customer requirements are being satisfied. The thesis also validates the proposed security transparency framework and tool in terms of validity, applicability, adaptability, and acceptability using two different case studies. Feedbacks are collected from stakeholders and analysed using essential criteria such as ease of use, relevance, usability, etc. The result of the analysis illustrates the validity and acceptability of both the framework and tool in enhancing security transparency in a real-world environment

“Access denied”? Barriers for staff accessing, using and sharing published information online within the National Health Service (NHS) in England: technology, risk, culture, policy and practice

The overall aim of the study was to investigate barriers to online professional information seeking, use and sharing occurring within the NHS in England, their possible effects (upon education, working practices, working lives and clinical and organisational effectiveness), and possible explanatory or causative factors. The investigation adopted a qualitative case study approach, using semi-structured interviews and documentary analysis as its methods, with three NHS Trusts of different types (acute - district general hospital, mental health / community, acute – teaching) as the nested sites of data collection. It aimed to be both exploratory and explanatory. A stratified sample of participants, including representatives of professions whose perspectives were deemed to be relevant, and clinicians with educational or staff development responsibilities, was recruited for each Trust. Three non-Trust specialists (the product manager of a secure web gateway vendor, an academic e-learning specialist, and the senior manager at NICE responsible for the NHS Evidence electronic content and web platform) were also interviewed. Policy documents, statistics, strategies, reports and quality accounts for the Trusts were obtained via public websites, from participants or via Freedom of Information requests. Thematic analysis following the approach of Braun and Clarke (2006) was adopted as the analytic method for both interviews and documents. The key themes of the results that emerged are presented: barriers to accessing and using information, education and training, professional cultures and norms, information governance and security, and communications policy. The findings are discussed under three main headings: power, culture, trust and risk in information security; use and regulation of Web 2.0 and social media, and the system of professions. It became evident that the roots of problems with access to and use of such information lay deep within the culture and organisational characteristics of the NHS and its use of IT. A possible model is presented to explain the interaction of the various technical and organisational factors that were identified as relevant. A number of policy recommendations are put forward to improve access to published information at Trust level, as well as recommendations for further research

An autoethnography exploring the engagement of records management (RM) through a computer mediated communication co-operative inquiry (CMC)

This thesis is an autoethnography exploring the engagement of records management (RM) through the vehicle of a computer mediated communication (CMC) focused co-operative inquiry. CMC is defined as, “communication that takes place between human beings via the instrumentality of computers” (Herring, 1996, p.81). The PhD stance was that with the advent of new technologies, such as CMC, the role and place of RM has been challenged. RM practitioners needed to evaluate their principles and practice in order to discover why RM is not uniformly understood and also why it fails to engage many CMC users and information professionals. The majority of today’s information is generated as the result of unstructured communications (AIIM, 2005 and 2006) that no longer have a fixed reality but exist across fragmented globalised spaces through the Cloud, Web 2.0 and software virtualisation. Organisational boundaries are permanently perforated and the division between public and private spaces are blurred. Traditional RM has evolved in highly structured organisational information environments. Nevertheless, RM could lie at the heart of the processes required for dealing with this splintered data. RM takes a holistic approach to information management, establishing the legislative requirements, technical requirements and the training and support for individuals to communicate effectively, simultaneously transmitting and processing the communications for maximum current and ongoing organisational benefits. However RM is not uniformly understood or practiced. The focus of the thesis was to understand how RM engagement can and should be achieved. The research was conducted by establishing a co-operative inquiry consisting of 82 international co-researchers, from a range of disciplines, investigating the question, ‘How do organisations maximise the information potential of CMC for organisational benefit, taking into account the impact of the individual?” The PhD established a novel approach to co-operative inquiry by separating, managing and merging three groups of co-researchers (UK Records Managers, UK CMC users, international Records Managers and CMC users). I was embedded as a co-researcher within this wider inquiry personally exploring as an autoethnography the relevance of RM to the wider research question, the ability of RM practitioners to advocate for RM and the co-researchers’ responses to the place of RM within this context. The thesis makes several contributions to the research field. It examines how records managers and RM principles and practice engaged through the inquiry, articulating the reasons why users sometimes failed to engage with RM principles and practice, and what assists users to successfully engage with RM. It was found that national perspectives and drivers were more significant as to whether or not individuals engaged with RM concepts than age, gender or professional experience. In addition, users engaged with RM when it was naturally embedded within processes. In addition, as a result of the inquiry’s discussions and actions, the thesis suggests that RM principles and practice need to be refined, for example in regards to the characteristics that define a record. In this respect it concludes that there is rarely likely to be an original archival record surviving through time given the need for migration. The research delivered a novel approach to co-operative inquiry whereby merging groups through time produced new learning at each merger point. The thesis recommends further research to build upon its findings

An autoethnography exploring the engagement of records management through a computer mediated communication focused co-operative inquiry

This thesis is an autoethnography exploring the engagement of records management (RM) through the vehicle of a computer mediated communication (CMC) focused co-operative inquiry. CMC is defined as, “communication that takes place between human beings via the instrumentality of computers” (Herring, 1996, p.81). The PhD stance was that with the advent of new technologies, such as CMC, the role and place of RM has been challenged. RM practitioners needed to evaluate their principles and practice in order to discover why RM is not uniformly understood and also why it fails to engage many CMC users and information professionals. The majority of today’s information is generated as the result of unstructured communications (AIIM, 2005 and 2006) that no longer have a fixed reality but exist across fragmented globalised spaces through the Cloud, Web 2.0 and software virtualisation. Organisational boundaries are permanently perforated and the division between public and private spaces are blurred. Traditional RM has evolved in highly structured organisational information environments. Nevertheless, RM could lie at the heart of the processes required for dealing with this splintered data. RM takes a holistic approach to information management, establishing the legislative requirements, technical requirements and the training and support for individuals to communicate effectively, simultaneously transmitting and processing the communications for maximum current and ongoing organisational benefits. However RM is not uniformly understood or practiced. The focus of the thesis was to understand how RM engagement can and should be achieved. The research was conducted by establishing a co-operative inquiry consisting of 82 international co-researchers, from a range of disciplines, investigating the question, ‘How do organisations maximise the information potential of CMC for organisational benefit, taking into account the impact of the individual?” The PhD established a novel approach to co-operative inquiry by separating, managing and merging three groups of co-researchers (UK Records Managers, UK CMC users, international Records Managers and CMC users). I was embedded as a co-researcher within this wider inquiry personally exploring as an autoethnography the relevance of RM to the wider research question, the ability of RM practitioners to advocate for RM and the co-researchers’ responses to the place of RM within this context. The thesis makes several contributions to the research field. It examines how records managers and RM principles and practice engaged through the inquiry, articulating the reasons why users sometimes failed to engage with RM principles and practice, and what assists users to successfully engage with RM. It was found that national perspectives and drivers were more significant as to whether or not individuals engaged with RM concepts than age, gender or professional experience. In addition, users engaged with RM when it was naturally embedded within processes. In addition, as a result of the inquiry’s discussions and actions, the thesis suggests that RM principles and practice need to be refined, for example in regards to the characteristics that define a record. In this respect it concludes that there is rarely likely to be an original archival record surviving through time given the need for migration. The research delivered a novel approach to co-operative inquiry whereby merging groups through time produced new learning at each merger point. The thesis recommends further research to build upon its findings

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse