A visual analysis of the process of process modeling

The construction of business process models has become an important requisite in the analysis and optimization of processes. The success of the analysis and optimization efforts heavily depends on the quality of the models. Therefore, a research domain emerged that studies the process of process modeling. This paper contributes to this research by presenting a way of visualizing the different steps a modeler undertakes to construct a process model, in a so-called process of process modeling Chart. The graphical representation lowers the cognitive efforts to discover properties of the modeling process, which facilitates the research and the development of theory, training and tool support for improving model quality. The paper contains an extensive overview of applications of the tool that demonstrate its usefulness for research and practice and discusses the observations from the visualization in relation to other work. The visualization was evaluated through a qualitative study that confirmed its usefulness and added value compared to the Dotted Chart on which the visualization was inspired

Proceedings of the 4th Workshop of the MPM4CPS COST Action

Proceedings of the 4th Workshop of the MPM4CPS COST Action with the presentations delivered during the workshop and papers with extended versions of some of them

Exploring the motivation behind cybersecurity insider threat and proposed research agenda

Cyber exploitation and malicious activities have become more sophisticated. Insider threat is one of the most significant cyber security threat vector, while posing a great concern to corporations and governments. An overview of the fundamental motivating forces and motivation theory are discussed. Such overview is provided to identify motivations that lead trusted employees to become insider threats in the context of cyber security. A research agenda with two sequential experimental research studies are outlined to address the challenge of insider threat mitigation by a prototype development. The first proposed study will classify data intake feeds, as recognized and weighted by cyber security experts, in an effort to establish predictive analytics of novel correlations of activities that may lead to cyber security incidents. It will also develop approach to identify how user activities can be compared against an established baseline, the user’s network cyber security pulse, with visualization of simulated users’ activities. Additionally, the second study will explain the process of assessing the usability of a developed visualization prototype that intends to present correlated suspicious activities requiring immediate action. Successfully developing the proposed prototype via feeds aggregation and an advanced visualization from the proposed research could assist in the mitigation of malicious insider threat

AMAN-DA : Une approche basée sur la réutilisation de la connaissance pour l'ingénierie des exigences de sécurité

In recent years, security in Information Systems (IS) has become an important issue that needs to be taken into account in all stages of IS development, including the early phase of Requirement Engineering (RE). Considering security during early stages of IS development allows IS developers to envisage threats, their consequences and countermeasures before a system is in place. Security requirements are known to be “the most difficult of requirements types”, and potentially the ones causing the greatest risk if they are not correct. Moreover, requirements engineers are not primarily interested in, or knowledgeable about, security. Their tacit knowledge about security and their primitive knowledge about the domain for which they elicit security requirements make the resulting security requirements poor and too generic.This thesis explores the approach of eliciting requirements based on the reuse of explicit knowledge. First, the thesis proposes an extensive systematic mapping study of the literature on the reuse of knowledge in security requirements engineering identifying the diferent knowledge forms. This is followed by a review and classification of security ontologies as the main reuse form.In the second part, AMAN-DA is presented. AMAN-DA is the method developed in this thesis. It allows the elicitation of domain-specific security requirements of an information system by reusing knowledge encapsulated in domain and security ontologies. Besides that, the thesis presents the different elements of AMANDA: (i) a core security ontology, (ii) a multi-level domain ontology, (iii) security goals and requirements’s syntactic models, (iv) a set of rules and mechanisms necessary to explore and reuse the encapsulated knowledge of the ontologies and produce security requirements specifications.The last part reports the evaluation of the method. AMAN-DA was implemented in a prototype tool. Its feasibility was evaluated and applied in case studies of three different domains (maritime, web applications, and sales). The ease of use and the usability of the method and its tool were also evaluated in a controlled experiment. The experiment revealed that the method is beneficial for the elicitation of domain specific security requirements, and that the tool is friendly and easy to use.Au cours de ces dernières années, la sécurité des Systèmes d'Information (SI) est devenue une préoccupation importante, qui doit être prise en compte dans toutes les phases du développement du SI, y compris dans la phase initiale de l'ingénierie des exigences (IE). Prendre en considération la sécurité durant les premieres phases du dévelopment des SI permet aux développeurs d'envisager les menaces, leurs conséquences et les contre-mesures avant qu'un système soit mis en place. Les exigences de sécurité sont connues pour être "les plus difficiles des types d’exigences", et potentiellement celles qui causent le plus de risque si elles ne sont pas correctes. De plus, les ingénieurs en exigences ne sont pas principalement intéressés à, ou formés sur la sécurité. Leur connaissance tacite de la sécurité et leur connaissance primitive sur le domaine pour lequel ils élucident des exigences de sécurité rendent les exigences de sécurité résultantes pauvres et trop génériques.Cette thèse explore l'approche de l’élucidation des exigences fondée sur la réutilisation de connaissances explicites. Tout d'abord, la thèse propose une étude cartographique systématique et exhaustive de la littérature sur la réutilisation des connaissances dans l'ingénierie des exigences de sécurité identifiant les diférentes formes de connaissances. Suivi par un examen et une classification des ontologies de sécurité comme étant la principale forme de réutilisation.Dans la deuxième partie, AMAN-DA est présentée. AMAN-DA est la méthode développée dans cette thèse. Elle permet l’élucidation des exigences de sécurité d'un système d'information spécifique à un domaine particulier en réutilisant des connaissances encapsulées dans des ontologies de domaine et de sécurité. En outre, la thèse présente les différents éléments d'AMAN-DA : (i) une ontologie de sécurité noyau, (ii) une ontologie de domaine multi-niveau, (iii) des modèles syntaxique de buts et d’exigences de sécurité, (iv) un ensemble de règles et de mécanismes nécessaires d'explorer et de réutiliser la connaissance encapsulée dans les ontologies et de produire des spécifications d’exigences de sécurité.La dernière partie rapporte l'évaluation de la méthode. AMAN-DA a été implémenté dans un prototype d'outil. Sa faisabilité a été évaluée et appliquée dans les études de cas de trois domaines différents (maritimes, applications web, et de vente). La facilité d'utilisation et l’utilisabilité de la méthode et de son outil ont également été évaluées dans une expérience contrôlée. L'expérience a révélé que la méthode est bénéfique pour l’élucidation des exigences de sécurité spécifiques aux domaines, et l'outil convivial et facile à utiliser

Aligning business processes and IT of multiple collaborating organisations

When multiple organisations want to collaborate with one another they have to integrate their business processes. This requires aligning the collaborative business processes and the underlying IT (Information Technology). Realizing the required alignment is, however, not trivial and is the subject of this thesis. We approached the issue of alignment in three steps. First, we explored business-IT alignment problems in detail in a real-life business case. This is done in order to clarify what alignment of business processes and IT systems across a collaboration network entails. Second, we provided a business-IT alignment framework called BITA* (pronounce bita-star). The framework provides modelling abstractions for alignment. Third, we applied the framework in two real-life case studies, including the real-life business case used in step one. By applying the framework in practice we showed that the framework can, in fact, help to address the business-IT alignment problems that we identified in the first step. The work presented in this thesis is conducted over a number of years in the context of four large EU sponsored research projects. The projects focused on alignment problems in two very distinct application areas. Two projects were about realizing transparency systems for meat supply chains and constitute the first case study. The other two projects were about realizing multidisciplinary modelling collaboration systems and constitute the second case study. Although the projects were conducted sequentially the research questions were addressed iteratively over the years. The research methodology that shows how the framework is designed and how the case studies are applied is discussed in detail in chapter 2. In chapter 3 we present BITA*, a Business-IT Alignment framework for multiple collaborating organisations. The main challenges in designing BITA* have been what models to consider for alignment and how to compare them in order to make explicit statements about alignment. We addressed this problem by introducing allocation and alignment modelling constructs to help the alignment process, and the concept of business collaboration model to represent the models that have to be aligned. We identified three groups of stakeholders for whom we designed explicit design viewpoints and associated allocation and alignment models. The Business Process to Business Process (BP2BP) alignment viewpoint is designed for business analysts who have to align diverse business collaboration process models. The IT to IT (IT2IT) alignment viewpoint is designed for software architects to align the distribution of data and IT systems across a collaboration network. The Business Process to IT (BP2IT) alignment viewpoint is designed for an interdisciplinary team of business analysts and software architects who have to align the different ways of supporting business collaboration processes with distributed IT system. An essential element of this thesis has been elaborating how business-IT alignment problems occur in the context of multi-organisational collaboration. The case studies were used to demonstrate business-IT alignment concerns. Particularly, the details of the first case study presented in chapters 4 and 5 were used in chapter 3 to help derive the alignment framework. The case study presented an ideal problem scenario since realizing transparency across supply chains is intrinsically a collaborative effort. The second case study was used to enhance the validity of our approach. The results of the second case study are presented in chapter 6. The alignment framework was designed during the iterative process we followed when realizing a generic transparency system for meat supply chains. To realize the required generic transparency system we needed a reference architecture. To derive the reference architecture we adapted an already existing and broadly-accepted generic reference architecture. We have to adapt the generic reference architecture in order to address specific requirements of the meat sector that were not considered in the generic reference architecture. The adaptation process made it clear that we needed models for representing business collaborations. We, therefore, introduced the notion of business collaboration model, which we used both to model reference architectures and to adapt them. Adaptation required aligning the generic reference architecture with the diverse business collaboration models adopted by the organisations that have to collaborate. The alignment framework is thus used for adapting a generic reference architecture in order to create a reference architecture that the collaborating organisations can, and are willing to, adopt. We identified three types of business collaboration models: business collaboration process model, business collaboration IT model, and a model for representing the relationship between these two. A business collaboration process model is a business process model that spans a collaboration network. A business collaboration IT model is a model of the distribution of the IT across the collaboration network. A business collaboration process-IT model is a model of the relationships between the elements of the business collaboration processes and the elements of the distributed IT. Each organisation is considered to adopt its own business collaboration models. For instance, different actors in meat supply chains have different views on how chain-wide transparency should be realized. Which business processes and IT systems each organisation has to deploy and use depends on the business collaboration models each food operator adopts. If two different food operators adopt the same set of business collaboration models, they are aligned; otherwise they are misaligned. Hence, alignment entails comparing the different business collaboration models adopted by the participating organisations. The results of the alignment process are explicit statements about how convergent or divergent the organisations are from the chosen generic reference architecture. The explicit statements of alignment guide how best the generic and the corresponding organisational business collaboration models can be adapted to create a better state of alignment. To further enhance the validity of the overall approach the second case study was conducted. The second case study was a retrospective investigation of two past research projects focusing on aligning environmental modelling processes and IT systems. A retrospective case study was chosen because launching a new business-IT alignment project involving multiple collaborating organisations was not feasible. The projects were undertaken to support the European Water Framework Directive, which mandated, among other things, participatory, multidisciplinary, river-basin wide and model-based studies to manage the water resources of Europe. The directive particularly required a collaborative approach to building environmental decision support systems and to deriving methodologies for applying existing decision support systems. We applied BITA* to aligning environmental modelling processes and IT systems in order to evaluate the suitability of the framework to addressing alignment problems in other application areas. The contributions of the thesis are summarized in chapter 7. The contributions include a number of design artefacts, which can be grouped into four categories: constructs, models, methods, and instantiations. The contribution in the first category includes the conceptualization of allocation and alignment. The contributions in the second category include allocation and alignment models, and reference architectures. Allocation models are representations of business collaboration models in a form that can be compared and are the basis for alignment modelling. The main contribution in the third category is the BITA* systematic approach to alignment modelling. The contributions in the fourth category are the software systems developed with the help of the reference architectures.</p

Scientific History of Incipit in the period 2010-2016

Historial de la actividad científica y técnica del Instituto de Ciencias del Patrimonio (Incipit) del CSIC, basado en Santiago de Compostela, desde su fecha de creación (2010) hasta el año 2016. Se presentan la misión y las líneas de investigación del Incipit, centradas principalmente en el estudio de los procesos de patrimonialización y de valorización social del patrimonio cultural realizadas con una perspectiva transdisciplinar. Se relacionan las publicaciones, proyectos de investigación, actividades de ciencia pública, eventos de comunicación y productos de divulgación que su personal investigador ha producido a lo largo de estos años.General introduction to the Incipit. Presentation of the Research Line: Cultural Heritage Studies: Sub-Theme: Landscape Archaeology and Cultural Landscapes, Sub-theme: Heritagization Processes: Memory, Power and Ethnicity, Sub-theme: Socioeconomics of Cultural Heritage, Sub-theme: Archaeology of the Contemporary Past, Sub-theme: Material culture and formalization processes of cultural heritage. Scientific Contributions. Transfer of Knowledge. International Activities. Other Activities and Results. Scientific DisseminationN

Barry Smith an sich

Festschrift in Honor of Barry Smith on the occasion of his 65th Birthday. Published as issue 4:4 of the journal Cosmos + Taxis: Studies in Emergent Order and Organization. Includes contributions by Wolfgang Grassl, Nicola Guarino, John T. Kearns, Rudolf Lüthe, Luc Schneider, Peter Simons, Wojciech Żełaniec, and Jan Woleński