Dynamic real-time risk analytics of uncontrollable states in complex internet of things systems, cyber risk at the edge

The Internet of Things (IoT) triggers new types of cyber risks. Therefore, the integration of new IoT devices and services requires a self-assessment of IoT cyber security posture. By security posture this article refers to the cybersecurity strength of an organisation to predict, prevent and respond to cyberthreats. At present, there is a gap in the state of the art, because there are no self-assessment methods for quantifying IoT cyber risk posture. To address this gap, an empirical analysis is performed of 12 cyber risk assessment approaches. The results and the main findings from the analysis is presented as the current and a target risk state for IoT systems, followed by conclusions and recommendations on a transformation roadmap, describing how IoT systems can achieve the target state with a new goal-oriented dependency model. By target state, we refer to the cyber security target that matches the generic security requirements of an organisation. The research paper studies and adapts four alternatives for IoT risk assessment and identifies the goal-oriented dependency modelling as a dominant approach among the risk assessment models studied. The new goal-oriented dependency model in this article enables the assessment of uncontrollable risk states in complex IoT systems and can be used for a quantitative self-assessment of IoT cyber risk posture

Unleashing the Effectiveness of Process-oriented Information Systems: Problem Analysis, Critical Success Factors, Implications

Process-oriented information systems (IS) aim at the computerized support of business processes. So far, contemporary IS have often fail to meet this goal. To better understand this drawback, to systematically identify its rationales, and to derive critical success factors for business process support, we conducted three empirical studies: an exploratory case study in the automotive domain, an online survey among 79 IT professionals, and another online survey among 70 business process management (BPM) experts. This paper summarizes the findings of these studies, puts them in relation with each other, and uses them to show that "process-orientation" is scarce and "process-awareness" is needed in IS engineering

Learning more from crossing levels: Investigating agility at three levels of the organization

Scholars have tried to explain how organizations can build agile teams by only looking at one level of analysis. We argue in this short paper that lessons can be learned from organizational science results explaining variance on three different abstraction levels of organizations. We suggest agility needs to be explained from organizational (macro), the team (meso), and individual (micro) levels to provide useful and actionable guidelines to practitioners. We are currently designing such studies and hope that they will eventually result in validated measurements that can be used to prevent companies from investing in the wrong areas when trying to move towards more agility

Software process improvement behavior of small and medium organizations in Argentina

Este artículo reporta el trabajo de investigación realizado en base a datos extraídos de la Encuesta Anual realizada por la CESSI durante el año 2007 entre organizaciones dedicadas al desarrollo de Software en Argentina. Si bien la temática de mejora de procesos de software há sido investigada previamente muy pocos datos existen sobe el comportamiento de organizaciones en Argentina. El análisis realizado contribuye a la comprensión del perfil de las organizaciones en cuanto a las tendencias de Mejora de Procesos de Software, las motivaciones que las movilizan y los facilitadores de estas iniciativas. Las conclusiones pueden ser utilizadas para entender que facilitadores mejoran la adopción de iniciativas de mejora por parte de organizaciones PyME de forma que incrementen su competitividad en los mercados domésticos y off-shoreThis paper reports on a research work performed on data extracted from the 2007 Annual CESSI survey among Argentina software development organizations. Although SPI has been researched before little data exists about the behavior of organizations in Argentina. The analysis provides insights on the profile of the companies regarding Software Process Improvement (SPI) trends, their motivations and drivers. The conclusions can be used to understand what drivers facilitate SPI adoption by SME organizations in order to increase their competitiveness in domestic and off-shore markets.Workshop de Ingeniería de Software y Bases de Datos (WISBD)Red de Universidades con Carreras en Informática (RedUNCI

Tailoring PMI and OGC frameworks for IT project portfolio management

Tese de Doutoramento - Programa Doutoral em Tecnologias e Sistemas de InformaçãoPrivate non-profit organizations that are dedicated to developing research and development (R&D) projects with the University, through a context of interface between Universities and companies, are currently recognized in Portugal as Technological Interface Centres. These organizations develop applied research projects between TRL 4 and 8 for companies in close collaboration with the research units of the Universities. As with any organization with no budget coming from the state, its main strategy is to efficiently and effectively manage the project portfolio to ensure control of execution costs as well as the expected quality of projects delivered to customers and partners. The currently available project portfolio management frameworks are not sufficiently clear as to how processes or practices suggested to practitioners should effectively be applied. In the specific field of Information Technology (IT), there is at least one framework for supporting portfolios management, but the level of detail in the adoption of the practices is (insufficiently) generic. This thesis intends to configure an IT project portfolios management framework, based on the coordinated (extended subsets) adaptation of the two main frameworks currently in the area: PMI and OGC. This configuration required the alignment between PMI and OGC frameworks, through a map of dependencies between processes, as well as the mapping between artefacts and processes. As a case study to test this framework, a Portuguese organization was chosen, formally recognized as a Technological Interface Centre, where two portfolios of IT projects in R&D contexts were characterized and analysed in light of the framework's techniques.As organizações privadas sem fins lucrativos que se dedicam a desenvolver projetos de investigação e desenvolvimento junto das Universidades, através de um contexto de interface entre Universidades e empresas, são atualmente reconhecidas em Portugal, como Centros de Interface Tecnológicos. Estas organizações desenvolvem projetos de investigação aplicada entre TRL 4 e 8 para as empresas, em colaboração estreita com as Unidades de Investigação das Universidades. Como em qualquer organização, sem orçamento proveniente do Estado, a sua estratégia principal é gerir com eficiência e eficácia o portfólio de projetos, de modo a garantir o controlo dos custos de execução, bem como a expetativa de qualidade dos projetos entregues aos clientes e parceiros. As frameworks de gestão de portfólio de projetos atualmente disponíveis não são suficientemente claras em relação à forma como processos ou práticas sugeridas aos profissionais devem efetivamente ser aplicados. No domínio específico das Tecnologias da Informação (TI) existe, pelo menos, uma framework de suporte à gestão de portfólios, mas o nível de detalhe na adoção das práticas é (insuficientemente) genérico. Com esta tese pretende-se configurar uma framework de gestão de portfólios de projetos de TI, a partir da adaptação coordenada (extended subsets) das duas principais frameworks atualmente existentes na área: a do PMI e a do OGC. A referida configuração exigiu o alinhamento entre frameworks do PMI e OGC através dum mapa de dependências entre processos, bem como o mapeamento entre artefactos e processos. Como estudo de caso para experimentar a referida framework, foi selecionada uma organização portuguesa, formalmente reconhecida como Centro de Interface Tecnológico, onde dois portfólios de projetos de TI em contextos de I&D foram caracterizados e analisados à luz das técnicas da referida framework.Este trabalho foi desenvolvido com o apoio financeiro da Associação CCG/ZGDV – Centro de Computação Gráfica

The Forgotten Practices of Subcontracting.

For many software projects the complexity of the final product has increased to a level where it is impossible to build the whole application from the scratch. So, many organizations consider subcontracting as an option for software development. This paper shows generic problems related to software subcontracting. Also, an analysis of CMMI-DEV subcontracting practices to solve these problems is presented. The review also highlights that there are many critical management practices related to outsourcing to ensure a successful overall project

Linking benefits to maturity models

Many organizations today need to deliver more complex products and services in a better, faster, and cheaper way. The business problems that some companies address require enterprise-wide solutions that call for an integrated approach and an effective management of organizational resources to achieve business objectives with an acceptable level of risk. A maturity model is a process improvement approach that provides organizations with the essential elements of effective change. It can be used to guide process improvement across a project, a division, or an entire organization. Maturity models help integrate traditionally separate organizational functions, set process improvement goals and priorities, provide guidance for quality processes, and provide benchmark for appraising current processes outcomes. The benefits management approach emerges as a complement to traditional management practices and proposes a continuous mapping of benefits, implementing and monitoring intermediate results. Benefits management reinforces the distinction between project results and business benefits. Based on a case study the authors show how a set of business objectives can be obtained from identifying, structuring and monitoring business benefits, supported by information technology enablers and organizational transformations, and as a result of a certain maturity level. The authors also state that the main focus of an investment success lies not only in technology implementation, but mainly in changes in organizational performance and business efficiency by means of improved processes and modifications in the way the work is done. We emphasize that the integration between a Maturity Model and a Benefits Management approach can increase the effectiveness of projects, programs or portfolios outcomes. Besides, this linkage can also improve decision-makers confidence that the investments done match the desired maturity stages and will then, with more probability, collect more value for businessesinfo:eu-repo/semantics/publishedVersio