941 research outputs found

    Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

    Get PDF
    The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

    An approach to reconcile the agile and CMMI contexts in product line development

    Get PDF
    Software product line approaches produce reusable platforms and architectures for products set developed by specific companies. These approaches are strategic in nature requiring coordination, discipline, commonality and communication. The Capability Maturity Model (CMM) contains important guidelines for process improvement, and specifies "what" we must have into account to achieve the disciplined processes (among others things). On the other hand, the agile context is playing an increasingly important role in current software engineering practices, specifying "how" the software practices must be addressed to obtain agile processes. In this paper, we carry out a preliminary analysis for reconciling agility and maturity models in software product line domain, taking advantage of both.Postprint (published version

    ICoNOs MM: The IT-enabled Collaborative Networked Organizations Maturity Model

    Get PDF
    The focus of this paper is to introduce a comprehensive model for assessing and improving maturity of business-IT alignment (B-ITa) in collaborative networked organizations (CNOs): the ICoNOs MM. This two dimensional maturity model (MM) addresses five levels of maturity as well as four domains to which these levels apply: partnering structure, information system (IS) architecture, process architecture and coordination. The model can be used to benchmark and support continuous improvement of B-ITa process areas in CNOs

    A CMMI-compliant requirements management and development process

    Get PDF
    Requirements Engineering has been acknowledged an essential discipline for Software Quality. Poorly-defined processes for eliciting, analyzing, specifying and validating requirements can lead to unclear issues or misunderstandings on business needs and project’s scope. These typically result in customers’ non-satisfaction with either the products’ quality or the increase of the project’s budget and duration. Maturity models allow an organization to measure the quality of its processes and improve them according to an evolutionary path based on levels. The Capability Maturity Model Integration (CMMI) addresses the aforementioned Requirements Engineering issues. CMMI defines a set of best practices for process improvement that are divided into several process areas. Requirements Management and Requirements Development are the process areas concerned with Requirements Engineering maturity. Altran Portugal is a consulting company concerned with the quality of its software. In 2012, the Solution Center department has developed and applied successfully a set of processes aligned with CMMI-DEV v1.3, what granted them a Level 2 maturity certification. For 2015, they defined an organizational goal of addressing CMMI-DEV maturity level 3. This MSc dissertation is part of this organization effort. In particular, it is concerned with the required process areas that address the activities of Requirements Engineering. Our main goal is to contribute for the development of Altran’s internal engineering processes to conform to the guidelines of the Requirements Development process area. Throughout this dissertation, we started with an evaluation method based on CMMI and conducted a compliance assessment of Altran’s current processes. This allowed demonstrating their alignment with the CMMI Requirements Management process area and to highlight the improvements needed to conform to the Requirements Development process area. Based on the study of alternative solutions for the gaps found, we proposed a new Requirements Management and Development process that was later validated using three different approaches. The main contribution of this dissertation is the new process developed for Altran Portugal. However, given that studies on these topics are not abundant in the literature, we also expect to contribute with useful evidences to the existing body of knowledge with a survey on CMMI and requirements engineering trends. Most importantly, we hope that the implementation of the proposed processes’ improvements will minimize the risks of mishandled requirements, increasing Altran’s performance and taking them one step further to the desired maturity level

    Developing an inter-enterprise alignment maturity model: research challenges and solutions

    Get PDF
    Business-IT alignment is pervasive today, as organizations strive to achieve competitive advantage. Like in other areas, e.g., software development, maintenance and IT services, there are maturity models to assess such alignment. Those models, however, do not specifically address the aspects needed for achieving alignment between business and IT in inter-enterprise settings. In this paper, we present the challenges we face in the development of an inter-enterprise alignment maturity model, as well as the current solutions to counter these problems

    Towards a business-IT alignment maturity model for collaborative networked organizations

    Get PDF
    Aligning business and IT in networked organizations is a complex endeavor because in such settings, business-IT alignment is driven by economic processes instead of by centralized decision-making processes. In order to facilitate managing business-IT alignment in networked organizations, we need a maturity model that allows collaborating organizations to assess the current state of alignment and take appropriate action to improve it where needed. In this paper we propose the first version of such a model, which we derive from various alignment models and theories

    Harnessing software development contexts to inform software process selection decisions

    Get PDF
    Software development is a complex process for which numerous approaches have been suggested. However, no single approach to software development has been met with universal acceptance, which is not surprising, as there are many different software development concerns. In addition, there are a multitude of other contextual factors that influence the choice of software development process and process management decisions. The authors believe it is important to develop a robust mechanism for relating software process decisions and software development contexts. Such an approach supports industry practitioners in their efforts to implement the software development processes vital for a particular set of contextual factors. In this paper, the authors outline a new tool-based framework for relating the complexity of software settings with the various aspects of software processes. This framework can extract the key software process concepts from process repositories, for example, from CMMI-DEV or ISO/IEC 15504-5 (a.k.a. SPICE – Software Process Improvement and Capability dEtermination). A team of software development experts then collaborates in order to identify and validate the strength and nature of the relationship between the key process concepts and the contextual factors that are known to affect the software development process. The result of this collaboration is a prototype of a flexible model, which can be extended over time into a broader process consideration, for example, where agile processes or further specific situational factors could be added to the framework. The authors contend that a model such as the one proposed in this paper can serve as a valuable tool, assisting software developers in making decisions regarding the selection of software best practices, as well as providing general guidance for process improvement initiatives

    CMMI level 3 engineering processes implementation project

    Get PDF
    Estágio realizado no Porto DC's Quality Manager e orientado por Teresa CarreiroTese de mestrado integrado. Engenharia Informática e Computação. Faculdade de Engenharia. Universidade do Porto. 200

    Tailoring PMI and OGC frameworks for IT project portfolio management

    Get PDF
    Tese de Doutoramento - Programa Doutoral em Tecnologias e Sistemas de InformaçãoPrivate non-profit organizations that are dedicated to developing research and development (R&D) projects with the University, through a context of interface between Universities and companies, are currently recognized in Portugal as Technological Interface Centres. These organizations develop applied research projects between TRL 4 and 8 for companies in close collaboration with the research units of the Universities. As with any organization with no budget coming from the state, its main strategy is to efficiently and effectively manage the project portfolio to ensure control of execution costs as well as the expected quality of projects delivered to customers and partners. The currently available project portfolio management frameworks are not sufficiently clear as to how processes or practices suggested to practitioners should effectively be applied. In the specific field of Information Technology (IT), there is at least one framework for supporting portfolios management, but the level of detail in the adoption of the practices is (insufficiently) generic. This thesis intends to configure an IT project portfolios management framework, based on the coordinated (extended subsets) adaptation of the two main frameworks currently in the area: PMI and OGC. This configuration required the alignment between PMI and OGC frameworks, through a map of dependencies between processes, as well as the mapping between artefacts and processes. As a case study to test this framework, a Portuguese organization was chosen, formally recognized as a Technological Interface Centre, where two portfolios of IT projects in R&D contexts were characterized and analysed in light of the framework's techniques.As organizações privadas sem fins lucrativos que se dedicam a desenvolver projetos de investigação e desenvolvimento junto das Universidades, através de um contexto de interface entre Universidades e empresas, são atualmente reconhecidas em Portugal, como Centros de Interface Tecnológicos. Estas organizações desenvolvem projetos de investigação aplicada entre TRL 4 e 8 para as empresas, em colaboração estreita com as Unidades de Investigação das Universidades. Como em qualquer organização, sem orçamento proveniente do Estado, a sua estratégia principal é gerir com eficiência e eficácia o portfólio de projetos, de modo a garantir o controlo dos custos de execução, bem como a expetativa de qualidade dos projetos entregues aos clientes e parceiros. As frameworks de gestão de portfólio de projetos atualmente disponíveis não são suficientemente claras em relação à forma como processos ou práticas sugeridas aos profissionais devem efetivamente ser aplicados. No domínio específico das Tecnologias da Informação (TI) existe, pelo menos, uma framework de suporte à gestão de portfólios, mas o nível de detalhe na adoção das práticas é (insuficientemente) genérico. Com esta tese pretende-se configurar uma framework de gestão de portfólios de projetos de TI, a partir da adaptação coordenada (extended subsets) das duas principais frameworks atualmente existentes na área: a do PMI e a do OGC. A referida configuração exigiu o alinhamento entre frameworks do PMI e OGC através dum mapa de dependências entre processos, bem como o mapeamento entre artefactos e processos. Como estudo de caso para experimentar a referida framework, foi selecionada uma organização portuguesa, formalmente reconhecida como Centro de Interface Tecnológico, onde dois portfólios de projetos de TI em contextos de I&D foram caracterizados e analisados à luz das técnicas da referida framework.Este trabalho foi desenvolvido com o apoio financeiro da Associação CCG/ZGDV – Centro de Computação Gráfica
    corecore