273 research outputs found

    Using ArchiMate to Assess COBIT 5 and ITIL Implementations

    Get PDF
    The assessment of Enterprise Governance of IT (EGIT) mechanisms, such as COBIT and ITIL, is considered highly complex and implies a duplication of resources. The main goal of this research is to reduce the complexity of EGIT mechanisms by facilitating the assessment of these mechanisms when used simultaneously. Organisational stakeholders should be able to easily understand the impact of implementing ITIL on COBIT 5 Processes Performance without being COBIT experts. On the other hand, they should know their organisation’s positioning according to ITIL, even if they just follow COBIT and do not master ITIL. In order to fulfil our goal, we propose a model that uses TIPA for ITIL, COBIT PAM and ArchiMate to analyse the impact of ITIL implementation on COBIT processes performance, and vice-versa. We demonstrate our proposal by analysing the impact of the Incident Management and Request Fulfilment ITIL processes on the COBIT 5 related process

    Comparison of STS and ArchiMate Risk and Security Overlay

    Get PDF
    ArchiMate'i kasutatakse tĂ€napĂ€eval laialdaselt erinevates Ă€rivaldkondades ettevĂ”ttesĂŒsteemide arhitektuuri modelleerimiseks ning seda vĂ”ib iseloomustada modelleerimise tööriistana, mis ĂŒhendab endas UML'i ja BPMN'i. STS keskendub aga sotsiotehnilisele perspektiivile ja tegijatevahelistele sotsiaalsetele vastastikmĂ”judele. Kuigi neil on palju ĂŒhist, on tegemist siiski erinevate lĂ€henemistega, mistĂ”ttu rÀÀgitakse tĂ€napĂ€eval ArchiMate'st ja Secure Socio-Technical Systems'ist valdavalt kui eraldiseisvatest sĂŒsteemidest. Sellise olukorra tĂ”ttu on tekkinud puudujÀÀk tööriistadest ja lĂ€henemistest, mis ĂŒhendaks kaks sĂŒsteemi ĂŒheks uueks, mis vĂ”taks arvesse nii modelleerimise arhitektuurseid kui ka sotsiotehnilisi aspekte. Selline kombinatsioon vĂ”ib osutuda kasulikuks, kuna ArchiMate'ga saab modelleerida riskijuhtimist ja STS abil saab modelleerida erinevate sĂŒsteemi kaasatud tegijate omavahelist suhtlemist sotsiaalsest vaatevinklist ja turvalisuse inimfaktorit. Seega nende kahe sĂŒsteemi ĂŒhendamise teel vĂ”ib luua turvalisuse modelleerimise lĂ€henemise, mis katab nii arhitektuurilised kui sotsiaalsed vaatevinklid. Ideaalselt kasutaks selline lĂ€henemine mĂ”lema sĂŒsteemi tugevamaid kĂŒlgi ja lahendaks mĂ”ned kitsaskohad. LĂ€henemise terviklikust hinnatakse ISSRM'i suhtes. Selles lĂ”putöös kirjeldatakse ĂŒlalmainitud kombineeritud lĂ€henemist turvalisuse modelleerimisele.Nowadays ArchiMate is widely used in enterprise architecture modelling of the various business domains and briefly could be described as something in between UML and BPMN with main focus in architectural perspective. STS in its turn is focusing on socio-technical perspective and taking into consideration social interactions betwen actors. Current state of the art is talking about Secure Socio-Technical Systems and ArchiMate separately. This is perfectly fine because this two approaches are quite different. Still, they have a lot in common. Based on the state described above problem could be identified as an absence of tools or approaches which will combine these two approaches into a new one, which will take into consideration both architectural and socio-technical perspectives of modelling. This combination could be beneficial because ArchiMate risk and security overlay models risk management and STS models how actors involved in this system interact with each other from social point of view and highlights “human factor” in security. Thus, combination of them could potentially result in security modelling approach which will cover both architecture and social points of view. Ideally, this approach will create some workarounds over weak places in both initial approaches and heavily use their best parts. We will also validate this approach in terms of completeness with respect to ISSRM. In this paper we will describe this combined approach

    Enterprise Architecture Approach for Project Management and Project-Based Organizations: A Review

    Get PDF
    Project-based organizations (PBOs) derive income from conducting projects for their clients. Maintaining the most effective and efficient project governance style is an ongoing process for these organizations as the context continuously changes. Enterprise architecture (EA) is a systemic approach that supports organizations in modeling and describing themselves in different layers, such as strategy, business, application, and technology. This literature review describes the current state of EA usage in improving and quickly revising project management governance in PBOs to benefit practitioners and researchers for an integrated view of EA, PM, and PBO, and identification of future research gaps. This review used an EA model composed of layers as an analytical framework. The extracted bibliometric and content data from selected articles were processed using the VOSviewer tool for identifying and understanding the relationships between main concepts through network mapping. The selected articles are oriented to internal organization projects, mainly in information technology (IT). The need to align projects with business is highlighted, with EA positioned as a governance tool. It was found that application of EA in PBOs is rare. A trend toward using popular PM and EA frameworks, such as PMBOK and ArchiMate, was observed

    Combining goal-oriented and model-driven approaches to solve the Payment Problem Scenario

    Get PDF
    Motivated by the objective to provide an improved participation of business domain experts in the design of service-oriented integration solutions, we extend our previous work on using the COSMO methodology for service mediation by introducing a goal-oriented approach to requirements engineering. With this approach, business requirements including the motivations behind the mediation solution are better understood, specified, and aligned with their technical implementations. We use the Payment Problem Scenario of the SWS Challenge to illustrate the extension

    A Comparison of Security Risk Analysis in the In-house IT Infrastructure and Cloud Infrastructure for the Payment Gateway System

    Get PDF
    Infrastruktuuri lahendused viiakse pilve tĂ€nu paremale juhtimisvĂ”imekusele, seadmete tehnilisele arengule ning pilve lahenduste paindlikkusele ja kuluefektiivsetele vĂ”imalustele. SeetĂ”ttu muutub ettevĂ”tte arhitektuur, kui sĂŒsteemid viiakse uude infrastruktuuri. Selliste muutuste tĂ”ttu vĂ”ivad turvariskid suureneda vĂ”i vĂ€heneda, avalduda uued riskid vĂ”i suudetakse kĂ”rvaldada mĂ”ned olemasolevad riskid. Ainult Ă€riprotsesside modelleerimisele tugineva riskianalĂŒĂŒsi puhul, kus tuvastatakse ettevĂ”tte varade vÀÀrtus, puudub IT-infrastruktuuri ja Ă€riprotsesside omavahelise seose esindamine. Seega vĂ”ib riskianalĂŒĂŒsis teatud infosĂŒsteemi (IS) varasid hoopis eirata. Kahe infrastruktuuri turvariskide analĂŒĂŒsimisel tuleb arvestada ettevĂ”tte arhitektuurilisi erinevusi, sest identifitseerimata IS varad vĂ”ivad olla haavatavad ja kujutada ohtu kĂ€sitletavale organisatsioonile. KĂ€esolevas töös tuvastatakse arhitektuuri modelleerimise kaudu varad, mis on vajalikud riskianalĂŒĂŒsi tegemiseks. Koostatud mudelid nĂ€itavad erinevusi, mis on seotud IS varadega organisatsiooni sisemise infrastruktuuri ja pilves vahel. Organisatsiooni arhitektuurist tulenevate IS varadega seotud turvariskide kindlaksmÀÀramisel kasutatakse STRIDE taksonoomia pĂ”hist ohu modelleerimist.Selles uurimistöös esitletakse protseduuri, mis aitab organisatsioonidel tuvastada kahe infrastruktuuri IS varade muutusi ja mĂ”ista turvariskide erinevusi. KĂ€esolevas uurimistöös kasutatud arhitektuuri modelleerimine illustreerib IS varade erinevusi ja nĂ€itab, kuidas Ă€riprotsesse saab kaardistada tehnoloogia komponentidega. SeejĂ€rel vĂ”imaldab ohu modelleerimine struktuurselt mÀÀrata sĂŒsteemi ohtusid. Vastavad turvariskid kategoriseeritakse pĂ”hinedes uue infrastruktuuri olemasolule. Riskidega seotud muutused toovad esile ettevĂ”tte sisemise infrastruktuuri ja pilve infrastruktuuri vahe. Selline lĂ€henemisviis on kinnitatud ekspertide poolt. KĂ€esolev uurimistöö pĂ”hineb juhtumiuuringul, mis kĂ€sitleb PĂ”hja-Euroopas kasutatavat maksekanali sĂŒsteemi.In-house infrastructures are migrated to the cloud owing to the enhanced technical management capabilities, technical advancement as well as the flexibility and cost-effective options offered by the cloud. Moreover, an enterprise architecture changes when the sys-tems are moved into a different infrastructure. Due to such infrastructural changes, secu-rity risks can increase or decrease, while new risks can be introduced and some risks can be eliminated. Asset identification for risk analysis based only on business process mod-elling lacks the integration and representation of the interrelationship between IT infra-structure and business processes. Hence, certain information system (IS) assets can be neglected in the risk analysis. When analysing the security risk of two infrastructures, enterprise architectural differences need to be captured, since unidentified IS assets could be vulnerable and pose a security risk to the concerned organisation.In this thesis, assets are identified via architectural modelling to perform risk analysis. Furthermore, models present the differences pertaining to IS assets within in-house infra-structure and cloud infrastructure, in addition to the mapping to corresponding business processes. The STRIDE-based threat modelling is employed to determine the security risks concerning IS assets derived from enterprise architecture.To elaborate, this study will introduce a procedure that will help organisations identify IS asset changes of two different infrastructures and capture security risk changes. Moreover, architectural modelling applied in this research will illustrate the differences regard-ing IS assets and present the way in which business processes are mapped to technology components. Subsequently, a threat modelling method employed will provide a structural way to identify threats to the systems. The changes incorporated concerning the security risks will further present the security risk gap regarding in-house infrastructure and cloud infrastructure. Additionally, the validation of this approach is performed by domain experts. The enterprise architecture modelled in this thesis is based on a case study dealing with a payment gateway system used in North Europe

    A standards-based ICT framework to enable a service-oriented approach to clinical decision support

    Get PDF
    This research provides evidence that standards based Clinical Decision Support (CDS) at the point of care is an essential ingredient of electronic healthcare service delivery. A Service Oriented Architecture (SOA) based solution is explored, that serves as a task management system to coordinate complex distributed and disparate IT systems, processes and resources (human and computer) to provide standards based CDS. This research offers a solution to the challenges in implementing computerised CDS such as integration with heterogeneous legacy systems. Reuse of components and services to reduce costs and save time. The benefits of a sharable CDS service that can be reused by different healthcare practitioners to provide collaborative patient care is demonstrated. This solution provides orchestration among different services by extracting data from sources like patient databases, clinical knowledge bases and evidence-based clinical guidelines (CGs) in order to facilitate multiple CDS requests coming from different healthcare settings. This architecture aims to aid users at different levels of Healthcare Delivery Organizations (HCOs) to maintain a CDS repository, along with monitoring and managing services, thus enabling transparency. The research employs the Design Science research methodology (DSRM) combined with The Open Group Architecture Framework (TOGAF), an open source group initiative for Enterprise Architecture Framework (EAF). DSRM’s iterative capability addresses the rapidly evolving nature of workflows in healthcare. This SOA based solution uses standards-based open source technologies and platforms, the latest healthcare standards by HL7 and OMG, Decision Support Service (DSS) and Retrieve, Update Locate Service (RLUS) standard. Combining business process management (BPM) technologies, business rules with SOA ensures the HCO’s capability to manage its processes. This architectural solution is evaluated by successfully implementing evidence based CGs at the point of care in areas such as; a) Diagnostics (Chronic Obstructive Disease), b) Urgent Referral (Lung Cancer), c) Genome testing and integration with CDS in screening (Lynch’s syndrome). In addition to medical care, the CDS solution can benefit organizational processes for collaborative care delivery by connecting patients, physicians and other associated members. This framework facilitates integration of different types of CDS ideal for the different healthcare processes, enabling sharable CDS capabilities within and across organizations

    Management of Security Risks in the Enterprise Architecture using ArchiMate and Mal-activities

    Get PDF
    Turvalisuse tase on ettevĂ”tte ĂŒks peamisi elemente, mida tuleb organisatsioonis kontrollida. Kui ettevĂ”tte Ă€ri arengut modelleeritakse on eesmĂ€rgiks katkematu ettevĂ”tlus, aga tihti ei vĂ”eta sellega arvesse turvanĂ”udeid. Selliselt on aga infosĂŒsteemi kĂ”rget turvalisuse taset vĂ€ga raske sĂ€ilitada. Selles dokumendis kĂ€sitletakse lĂ€henemisviisi, mis parandab julgeoleku vastumeetmeid, et sellelĂ€bi aidata ettevĂ”tte arhitektuuri turvalisemaks muuta. EttevĂ”tte arhitektuurimudeli ja turvariski juhtimise vaheliste soeste leidmine toimub lĂ€bi InfosĂŒsteemi turvariskide juhtimise domeeni mudeli (ISSRM). EttevĂ”tte arhitektuuri modelleerimiseks on kasutatud ArchiMate modelleerimiskeelt. Paljudest riskide kirjeldamise keeltest on sobilikum mal-activity (pahatahtlikute tegevuste) diagrammid, sest see aitab julgeoleku riskide juhtimist kĂ”ige paremini visualiseerida. Struktureeritud joondus aitab ĂŒlalnimetatud keelte vahelisi seoseid nĂ€idata ning annab informatsiooni kĂ”ige haavatavamate punktide kohta sĂŒsteemis. Turvalisuse taseme sĂ€ilitamine aitab ettevĂ”ttel Ă€ritegevust viia sĂ”ltumatuks infosĂŒsteemist. Selle dokumendi tulemuseks on ArchiMate ja Mal-activity diagrammide vahelised seostetabelid ja reeglid. Nende kahe keele vaheliseks seoseks on ISSRM. Kirjeldatud lĂ€henemise valideerimine on lĂ€bi viidud ĂŒhe nĂ€ite pĂ”hjal, mis on vĂ”etud CoCoME juhtumiuuringust. NĂ€ite pĂ”hjal on loodud mitmeid illustreerivaid pilte valideerimise kohta. KĂ”ige viimasena on kirjeldatud meetodiga saadud tulemust vĂ”rreldud Grandy et.al. (2013) poolt arendatud lĂ€henemisega. VĂ”tmesĂ”nad: InfosĂŒsteem, InfosĂŒsteemi turvariskide juhtimine, ettevĂ”tte arhitektuur, ettevĂ”tte arhitektuuri mudel, julgeoleku vastumeetmed, turvariskide juhtimine, riskidele orjenteeritud modelleerimiskeeled, ArchiMate, mal-activity diagrammid.Security level of the enterprise is one of the main elements that should be taken under control in the organization. It is difficult to maintain high security level of Information System. Since development of enterprise architecture is targeted on continues business flow modeling, it sometimes does not take into account security requirements. The paper provides an approach to improve security countermeasures to contribute with secure Enterprise Architecture. Filling the gap between Enterprise Architecture model and Security Risk Management is done through Information System Security Risk Management domain model (ISSRM). To build the Enterprise Architecture model, ArchiMate modelling language is being used. Among different risk-oriented languages, selection was done in favor of Mal-activity diagrams, which help to provide visual concept of Security Risk Management. Structured alignment can show the mapping between aforementioned terms and provide the information about most vulnerable points of the system. The maintenance of security level will help to make business flow independent from the state of Information System. The outcome of this paper is an alignment tables and rules between ArchiMate and Mal-activity diagrams. The mapping link between these two languages is ISSRM. Validation of our approach is done on the example, which is taken from CoCoME case study. It is shown on number of illustrative pictures. After getting the results, there is a comparison of the output between presented method and approach developed by Grandry et.al. (2013). Keywords: Information System, Information System Security Risk Management, Enterprise Architecture, Enterprise Architecture model, security countermeasures, Security Risk Management, risk-oriented modelling languages, ArchiMate, Mal-activity diagrams

    A Health-care Application of Goal-driven Software Design

    Get PDF
    In this paper we focus on goal engineering by addressing issues such as goal elicitation, specification, structuring and operationalisation. Specification of business goals is regarded as a means to raise the level of abstraction (and automation) at which business logic is incorporated in model driven software design in the context of service oriented architectures. More specifically, the proposed goal modelling approach consists of an abstract syntax (metamodel) and a concrete syntax (graphical notation) for the specification of business goals. We also proposed a framework for the goal-driven design of service-oriented software applications. In particular, we illustrate our approach by means of a case study carried out in the healthcare sector and we explain the role business goals (operationalised in the form of business rules) can play in software design. This research also outlines a number of areas that have significant research potential
    • 

    corecore