5 research outputs found

    Strengthening the Management of Ubiquitous Internet by Refining ISO/IEC 27001 Implementation Using a Generic Responsibility Model

    Get PDF
    The recent emergence of decentralized networks and ubiquitous Internet has highlighted the need for a better management of the companies’ IT architecture and for an improvement of the users of the network’s responsibility. Many standards have recently emerged to face these requirements. By analyzing them, we observe that they all include reference to the user responsibility but also that no common understanding of it exists. These statements have oriented our research toward the elaboration of an innovative, simple and pragmatic responsibility model that includes a user commitment dimension. ISO/IEC 27001:2005 is one of that new standard that aims at providing a framework for improving the information system management and the security of IT architecture. Although this standard is recognized over the globe, many surveys and cases studies provide interesting feedback about its implementation problems. In this paper, we introduce our responsibility model, we depict the responsibility aspects encompassed in ISO 27001 and we propose some improvement perspectives to face these problems and strengthen its implementation

    Strengthening the Management of Ubiquitous Internet by Refining ISO/IEC 27001 Implementation Using a Generic Responsibility Model

    Get PDF
    The recent emergence of decentralized networks and ubiquitous Internet has highlighted the need for a better management of the companies’ IT architecture and for an improvement of the users of the network’s responsibility. Many standards have recently emerged to face these requirements. By analyzing them, we observe that they all include reference to the user responsibility but also that no common understanding of it exists. These statements have oriented our research toward the elaboration of an innovative, simple and pragmatic responsibility model that includes a user commitment dimension. ISO/IEC 27001:2005 is one of that new standard that aims at providing a framework for improving the information system management and the security of IT architecture. Although this standard is recognized over the globe, many surveys and cases studies provide interesting feedback about its implementation problems. In this paper, we introduce our responsibility model, we depict the responsibility aspects encompassed in ISO 27001 and we propose some improvement perspectives to face these problems and strengthen its implementation

    Improving Responsibility modelling in Enterprise Architecture, Case Study in the Healthcare Sector

    Get PDF
    Economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, new and paramount governance requirements advocate for having the responsibility for business processes and tasks formally defined and assigned to the employees. Without efficient formalisation of the responsibility, these companies face the risk to prevent the satisfactorily delivery of business services and that their image is seriously altered and jeopardised. Hence, among the many challenges related to these new governance requirements is the modelling of the concept of responsibility in a unique and expressive model usable in concrete business situations. Unfortunately, in this domain, we have observed that no (meta)model exists and integrates these new needs yet. The second important requirement is to provide the appropriate rights to the employees following their responsibilities to perform specific tasks. Up to date, no solution, model or method addresses the rights provisioning following this perspective. In this context, the paper proposes firstly to define an expressive Responsibility metamodel in UML, named ReMMo, which allows representing the existing responsibilities at the business layer of the enterprise. Afterwards this Responsibility metamodel is integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. This integration allows strengthening the semantic of the concepts and relations among concepts from the business layer of the enterprise, and more specially the assignment of rights on business objects to the employees

    Improving Responsibility modelling in Enterprise Architecture, Case Study in the Healthcare Sector

    Get PDF
    Economy relies on companies evolving in an increasingly highly regulated environment, having their operations strongly formalised and controlled, and being often organised following a bureaucratic approach. In such a context, new and paramount governance requirements advocate for having the responsibility for business processes and tasks formally defined and assigned to the employees. Without efficient formalisation of the responsibility, these companies face the risk to prevent the satisfactorily delivery of business services and that their image is seriously altered and jeopardised. Hence, among the many challenges related to these new governance requirements is the modelling of the concept of responsibility in a unique and expressive model usable in concrete business situations. Unfortunately, in this domain, we have observed that no (meta)model exists and integrates these new needs yet. The second important requirement is to provide the appropriate rights to the employees following their responsibilities to perform specific tasks. Up to date, no solution, model or method addresses the rights provisioning following this perspective. In this context, the paper proposes firstly to define an expressive Responsibility metamodel in UML, named ReMMo, which allows representing the existing responsibilities at the business layer of the enterprise. Afterwards this Responsibility metamodel is integrated with ArchiMate to enhance its usability and benefits from the enterprise architecture formalism. This integration allows strengthening the semantic of the concepts and relations among concepts from the business layer of the enterprise, and more specially the assignment of rights on business objects to the employees
    corecore