224,307 research outputs found
Aligning a Service Provisioning Model of a Service-Oriented System with the ITIL v.3 Life Cycle
Bringing together the ICT and the business layer of a service-oriented system
(SoS) remains a great challenge. Few papers tackle the management of SoS from
the business and organizational point of view. One solution is to use the
well-known ITIL v.3 framework. The latter enables to transform the organization
into a service-oriented organizational which focuses on the value provided to
the service customers. In this paper, we align the steps of the service
provisioning model with the ITIL v.3 processes. The alignment proposed should
help organizations and IT teams to integrate their ICT layer, represented by
the SoS, and their business layer, represented by ITIL v.3. One main advantage
of this combined use of ITIL and a SoS is the full service orientation of the
company.Comment: This document is the technical work of a conference paper submitted
to the International Conference on Exploring Service Science 1.5 (IESS 2015
Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach
Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach
Recommended from our members
Current capabilities, requirements and a proposed strategy for interdependency analysis in the UK
The UK government recently commissioned a research study to identify the state-of-the-art in Critical Infrastructure modelling and analysis, and the government/industry requirements for such tools and services. This study (Cetifs) concluded with a strategy aiming to bridge the gaps between the capabilities and requirements, which would establish interdependency analysis as a commercially viable service in the near future. This paper presents the findings of this study that was carried out by CSR, City University London, Adelard LLP, a safety/security consultancy and Cranfield University, defense academy of the UK
ERP implementation methodologies and frameworks: a literature review
Enterprise Resource Planning (ERP) implementation is a complex and vibrant process, one that involves a combination of technological and organizational interactions. Often an ERP implementation project is the single largest IT project that an organization has ever launched and requires a mutual fit of system and organization. Also the concept of an ERP implementation supporting business processes across many different departments is not a generic, rigid and uniform concept and depends on variety of factors. As a result, the issues addressing the ERP implementation process have been one of the major concerns in industry. Therefore ERP implementation receives attention from practitioners and scholars and both, business as well as academic literature is abundant and not always very conclusive or coherent. However, research on ERP systems so far has been mainly focused on diffusion, use and impact issues. Less attention has been given to the methods used during the configuration and the implementation of ERP systems, even though they are commonly used in practice, they still remain largely unexplored and undocumented in Information Systems research. So, the academic relevance of this research is the contribution to the existing body of scientific knowledge. An annotated brief literature review is done in order to evaluate the current state of the existing academic literature. The purpose is to present a systematic overview of relevant ERP implementation methodologies and frameworks as a desire for achieving a better taxonomy of ERP implementation methodologies. This paper is useful to researchers who are interested in ERP implementation methodologies and frameworks. Results will serve as an input for a classification of the existing ERP implementation methodologies and frameworks. Also, this paper aims also at the professional ERP community involved in the process of ERP implementation by promoting a better understanding of ERP implementation methodologies and frameworks, its variety and history
Methodology for Designing Decision Support Systems for Visualising and Mitigating Supply Chain Cyber Risk from IoT Technologies
This paper proposes a methodology for designing decision support systems for
visualising and mitigating the Internet of Things cyber risks. Digital
technologies present new cyber risk in the supply chain which are often not
visible to companies participating in the supply chains. This study
investigates how the Internet of Things cyber risks can be visualised and
mitigated in the process of designing business and supply chain strategies. The
emerging DSS methodology present new findings on how digital technologies
affect business and supply chain systems. Through epistemological analysis, the
article derives with a decision support system for visualising supply chain
cyber risk from Internet of Things digital technologies. Such methods do not
exist at present and this represents the first attempt to devise a decision
support system that would enable practitioners to develop a step by step
process for visualising, assessing and mitigating the emerging cyber risk from
IoT technologies on shared infrastructure in legacy supply chain systems
- …