91,863 research outputs found
An Experience Report of Eliciting Security Requirements from Business Processes
VĂ€ikesed ja keskmise suurusega ettevĂ”tted nĂ€evad vaeva, et leida strateegiaid saavutamaks kĂ”rgetasemelist infoturvet. Tihti ei ole need ettevĂ”tted teadlikud infotehnoloogiaga seonduvatest riskidest. Lisaks suurendab haavatavuse riski finants- ja IT osakondade vĂ€hesus, kellel ei ole oma teabeturbe ametnikku. Ăriprotsesside juhtimise ning joondamine, mis omakorda avaldub turvalisuse vajaduste esiletoomises kasutades Ă€riprotsessidepĂ”hist lĂ€henemist, pakub sellele sektoripĂ”hisele teemale oma lahenduse, vĂ”imaldades juurutada turvalisuse riskidele orienteeritud mudeleid ka Ă€rianalĂŒĂŒtikute jaoks. Kontekstuaalsetel valdkondadel pĂ”hinevad mustrid illustreerivad ettevĂ”ttevarasid, haavatavust ja riskikohtlemist turvanĂ”uete kujul. See saavutatakse kasutades Ă€riprotsesside mudelit, Notation 2.0 modelleerimiskeelt ning spetsiaalselt projekteeritud lahendusi, mis lisanduvad IT turvalisuse valdkondkonnale. Selle tulemuseks on kohaldatav lahendus, mis kutsub esile turvanĂ”uded. Selle uurimuse keskmes on mustrite rakendumine, mÔÔtmaks nende sooritust saksa SME-s. Ărivahendite ja ohutusalaste eesmĂ€rkide mÀÀramise jĂ€rel identifitseeriti mitmed mustri esinemised, mis kulmineerusid mitmete ohutusnĂ”uete mÀÀramisega. Rakendamise oskuste ja kasutatavusega seoses ettevĂ”ttega, tĂ”i esile vĂ€ga selge mustrite esinemise. Lisaks arendati eelnevaga seoses uus muster kasutades informatsioonisĂŒsteemi turvariski juhtimise domeeni (Information System Security Risk Management Domain) mudelit. LĂ”petuseks soovitab autor kĂ€esolevas uurimuses prioritiseerimise ja inspektsiooni meetodite kaasamist ohutuskvaliteedi nĂ”uete tehnika metoodikast ning organisatsioonilise koosseisu teoreemi laiendust, mis omakorda vĂ”imaldab SREBP-i tĂ€iendavat automatiseerimist. Need muudatused toovad kaasa kĂ€sitluse, mille alusel suureneb vĂ€ikese ja keskmise suurusega ettevĂ”tete turvalisus.
MĂ€rksĂ”nad: vĂ€iksed ja keskmise suurusega ettevĂ”tted, Ă€riprotsesside juhtimine, ohutusnĂ”uete esilekutsumine Ă€riprotsesside baasil, ohutusriskialased mustrid, ohutusnĂ”uded, mustri esinemised, informatsioonisĂŒsteemi turvariski juhtimise domeeni mudel.Small and Medium Sized Enterprises struggle to find strategies to achieve a high level of information security or are unaware of the risks posed by information technology. A lack of finance and IT departments that miss an information security officer increase the risk of exploited vulnerabilities. The alignment of Business Process Management and Security engineering manifested in the Security Requirements Elicitation using Business Processes approach provides a solution of this sector wide issue by introducing Security Risk-oriented Patterns applicable also for Business analysts. Patterns that are based on contextual areas illustrate business assets, vulnerabilities and risk treatment in form of security requirements. This is achieved by using the Business Process Model and Notation 2.0 modeling language and specifically engineered extensions which add the IT security domain. Outcome of this bridging is an applicable solution to elicit security requirements. Core of this thesis is the pattern application to measure their performance in a German SME. After business assets and security objectives were set, several pattern occurrences have been identified that resulted in a number of security requirements. Implementation abilities and usefulness with regards to the company underlined strong pattern performance. Moreover, a new pattern has been developed by using the Information System Security Risk Management Domain Model. Finally, the inclusion of prioritization and inspection techniques from the Security Quality Requirements Engineering methodology is suggested and extensions from the theorem of organizational configurations that enable further automation of SREBP. These modifications result in an approach that increases the security of Small and Medium Sized Enterprises.
Keywords: Small and Medium Sized Enterprises; Business Process Management; Security Requirements Elicitation using Business Processes; Security Risk-oriented Patterns; security requirements; pattern occurrences; Information System Security Risk Management Domain Mode
Recommended from our members
Knowledge management: Using a knowledge requirements framework to enhance UK health sector supply chains
The gaps of mismatch both knowledge and understanding of beneficiaries and solution providers at the
initial stage of developing projects have led to the failures of many projects including supply chains
(SC) and related information technology systems (ITS) projects (Lyytinen and Hirschheim, 1987) . The
aims of this paper are first, to address theoretical framework by bridging the gaps of different types of
knowledge. Second, to establishing business requirements and the flow of information in supply chains
between beneficiaries and solution providers in the long and complicated supply chains of the UKâs
Health Sector. On the basis of brief introduction to knowledge, knowledge management and supply
chain, the paper presents a practical framework that has been developed through critical and relevant
literatures in the above three subject areas. Techniques and Tools stem from both management science
and information systems were used to provide a possible solution for the problem in bridging the gaps
of mismatch knowledge and understanding at the initial stage of identifying requirements in projects
through knowledge sharing and transfer
Industry-driven innovative system development for the construction industry: The DIVERCITY project
Collaborative working has become possible using the innovative integrated systems in construction as many activities are performed globally with stakeholders situated in various locations. The Integrated VR based information systems can bind the fragmentation and provide communication and collaboration between the distributed stakeholders n various locations. The development of these technologies is vital for the uptake of these systems by the construction industry.
This paper starts by emphasising the importance of construction IT research and reviews some future research directions in this area. In particular, the paper explores how virtual prototyping can improve the productivity and effectiveness of construction projects, and presents DIVERCITY, which is th as a case study of the research in virtual prototyping.
Besides, the paper explores the requirements engineering of the DIVERCITY project. DIVERCITY has large and evolving requirements, which considered the perspectives of multiple stakeholders, such as clients, architects and contractors. However, practitioners are often unsure of the detail of how virtual environments would support the construction process, and how to overcome some barriers to the introduction of new technologies. This complicates the requirements engineering process
Exact Requirements Engineering for Developing Business Process Models
Process modeling is a suitable tool for improving the business processes.
Successful process modeling strongly depends on correct requirements
engineering. In this paper, we proposed a combination approach for requirements
elicitation for developing business models. To do this, BORE (Business-Oriented
Requirements Engineering) method is utilized as the base of our work and it is
enriched by the important features of the BDD (Business-driven development)
method, in order to make the proposed approach appropriate for modeling the
more complex processes. As the main result, our method eventuates in exact
requirements elicitation that adapts the customers' needs. Also, it let us
avoid any rework in the modeling of process. In this paper, we conduct a case
study for the paper submission and publication system of a journal. The results
of this study not only give a good experience of real world application of
proposed approach on a web-based system, also it approves the proficiency of
this approach for modeling the complex systems with many sub-processes and
complicated relationships.Comment: (IEEE) 3th International Conference on Web Researc
Alternative project delivery in rural Alaska: experiences, quality and claims
Master's Project (M.S.) University of Alaska Fairbanks, 2015The popularity of alternative project delivery systems has expanded beyond the private sector and into the public sector. Alaska embodies unique challenges that may present obstacles while using alternative project delivery systems. This analysis will provide an understanding of alternative project delivery systems in Alaska and how local experiences, quality and claims are affected. Alaska's unique characteristics present both challenges and opportunities for implementing alternative project delivery systems. This report begins with a discussion of experiences from several rural Alaska projects, and how alternative project delivery systems can be utilized. Some impacts that alternative project delivery systems have on quality are then presented, including a perspective on quality and recommendations for achieving customer satisfaction. A treatment of construction claims is then provided, followed by conclusions and recommendations for stakeholders in selecting an appropriate project delivery system. Alternative project delivery systems were researched by means of scholarly literature reviews, professional interviews and seminars. The report of these findings is intended to provide owners and contractors with a concise presentation of the challenges and advantages for using alternative project delivery systems in Alaska
A requirements engineering framework for integrated systems development for the construction industry
Computer Integrated Construction (CIC) systems are computer environments through which
collaborative working can be undertaken. Although many CIC systems have been developed to demonstrate the
communication and collaboration within the construction projects, the uptake of CICs by the industry is still
inadequate. This is mainly due to the fact that research methodologies of the CIC development projects are
incomplete to bridge the technology transfer gap. Therefore, defining comprehensive methodologies for the
development of these systems and their effective implementation on real construction projects is vital.
Requirements Engineering (RE) can contribute to the effective uptake of these systems because it drives the
systems development for the targeted audience. This paper proposes a requirements engineering approach for
industry driven CIC systems development. While some CIC systems are investigated to build a broad and deep
contextual knowledge in the area, the EU funded research project, DIVERCITY (Distributed Virtual Workspace
for Enhancing Communication within the Construction Industry), is analysed as the main case study project
because its requirements engineering approach has the potential to determine a framework for the adaptation of
requirements engineering in order to contribute towards the uptake of CIC systems
- âŠ