Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Business Process Management Education in Academia: Status, challenges, and Recommendations

In response to the growing proliferation of Business Process Management (BPM) in industry and the demand this creates for BPM expertise, universities across the globe are at various stages of incorporating knowledge and skills in their teaching offerings. However, there are still only a handful of institutions that offer specialized education in BPM in a systematic and in-depth manner. This article is based on a global educators’ panel discussion held at the 2009 European Conference on Information Systems in Verona, Italy. The article presents the BPM programs of five universities from Australia, Europe, Africa, and North America, describing the BPM content covered, program and course structures, and challenges and lessons learned. The article also provides a comparative content analysis of BPM education programs illustrating a heterogeneous view of BPM. The examples presented demonstrate how different courses and programs can be developed to meet the educational goals of a university department, program, or school. This article contributes insights on how best to continuously sustain and reshape BPM education to ensure it remains dynamic, responsive, and sustainable in light of the evolving and ever-changing marketplace demands for BPM expertise

Correct and Control Complex IoT Systems: Evaluation of a Classification for System Anomalies

In practice there are deficiencies in precise interteam communications about system anomalies to perform troubleshooting and postmortem analysis along different teams operating complex IoT systems. We evaluate the quality in use of an adaptation of IEEE Std. 1044-2009 with the objective to differentiate the handling of fault detection and fault reaction from handling of defect and its options for defect correction. We extended the scope of IEEE Std. 1044-2009 from anomalies related to software only to anomalies related to complex IoT systems. To evaluate the quality in use of our classification a study was conducted at Robert Bosch GmbH. We applied our adaptation to a postmortem analysis of an IoT solution and evaluated the quality in use by conducting interviews with three stakeholders. Our adaptation was effectively applied and interteam communications as well as iterative and inductive learning for product improvement were enhanced. Further training and practice are required.Comment: Submitted to QRS 2020 (IEEE Conference on Software Quality, Reliability and Security

MANAGING KNOWLEDGE AND DATA FOR A BETTER DECISION IN PUBLIC ADMINISTRATION

In the current context, the society is dominated by the rapid development of computer networks and the integration of services and facilities offered by the Internet environment at the organizational level. The success of an organization depends largely on the quality and quantity of information it has available to develop quickly decisions able to meet the current needs. The need for a collaborative environment within the central administration leads to the unification of resources and instruments around the Center of Government, to increase both the quality and efficiency of decision - making, especially reducing the time spent with decision - making, and upgrading the decision – making act.administration, strategy, decision, complex systems, management, infrastructure, e-government, information society, government platform.

Engaging stakeholders in research to address water-energy-food (WEF) nexus challenges

The water–energy–food (WEF) nexus has become a popular, and potentially powerful, frame through which to analyse interactions and interdependencies between these three systems. Though the case for transdisciplinary research in this space has been made, the extent of stakeholder engagement in research remains limited with stakeholders most commonly incorporated in research as end-users. Yet, stakeholders interact with nexus issues in a variety of ways, consequently there is much that collaboration might offer to develop nexus research and enhance its application. This paper outlines four aspects of nexus research and considers the value and potential challenges for transdisciplinary research in each. We focus on assessing and visualising nexus systems; understanding governance and capacity building; the importance of scale; and the implications of future change. The paper then proceeds to describe a novel mixed-method study that deeply integrates stakeholder knowledge with insights from multiple disciplines. We argue that mixed-method research designs—in this case orientated around a number of cases studies—are best suited to understanding and addressing real-world nexus challenges, with their inevitable complex, non-linear system characteristics. Moreover, integrating multiple forms of knowledge in the manner described in this paper enables research to assess the potential for, and processes of, scaling-up innovations in the nexus space, to contribute insights to policy and decision making

A business model perspective for ICTs in public engagement

This is the post-print version of the Article. The official published article can be accessed from the link below - Copyright @ 2012 ElsevierPublic institutions, in their efforts to promote meaningful citizen engagement, are increasingly looking at the democratic potential of Information and Communication Technologies (ICTs). Previous studies suggest that such initiatives seem to be impeded by socio-technical integration barriers such as low sustainability, poor citizen acceptance, coordination difficulties, lack of understanding and failure to assess their impact. Motivated by these shortcomings, the paper develops and applies a business model perspective as an interceding framework for analysis and evaluation. The underlying principle behind this approach is that it is not technology per se which determines success, but rather the way in which the businessmodel of the technological artifact is configured and employed to achieve the strategic goals. The business model perspective is empirically demonstrated with the case of an online petitioning system implemented by a UK local authority. The case illustrates the importance of considering ICTs in public engagement from a holistic view to make them more manageable and assessable