Report from GI-Dagstuhl Seminar 16394: Software Performance Engineering in the DevOps World

This report documents the program and the outcomes of GI-Dagstuhl Seminar 16394 "Software Performance Engineering in the DevOps World". The seminar addressed the problem of performance-aware DevOps. Both, DevOps and performance engineering have been growing trends over the past one to two years, in no small part due to the rise in importance of identifying performance anomalies in the operations (Ops) of cloud and big data systems and feeding these back to the development (Dev). However, so far, the research community has treated software engineering, performance engineering, and cloud computing mostly as individual research areas. We aimed to identify cross-community collaboration, and to set the path for long-lasting collaborations towards performance-aware DevOps. The main goal of the seminar was to bring together young researchers (PhD students in a later stage of their PhD, as well as PostDocs or Junior Professors) in the areas of (i) software engineering, (ii) performance engineering, and (iii) cloud computing and big data to present their current research projects, to exchange experience and expertise, to discuss research challenges, and to develop ideas for future collaborations

Requirements Problem and Solution Concepts for Adaptive Systems Engineering, and their Relationship to Mathematical Optimisation, Decision Analysis, and Expected Utility Theory

Requirements Engineering (RE) focuses on eliciting, modelling, and analyzing the requirements and environment of a system-to-be in order to design its specification. The design of the specification, usually called the Requirements Problem (RP), is a complex problem solving task, as it involves, for each new system-to-be, the discovery and exploration of, and decision making in, new and ill-defined problem and solution spaces. The default RP in RE is to design a specification of the system-to-be which (i) is consistent with given requirements and conditions of its environment, and (ii) together with environment conditions satisfies requirements. This paper (i) shows that the Requirements Problem for Adaptive Systems (RPAS) is different from, and is not a subclass of the default RP, (ii) gives a formal definition of RPAS, and (iii) discusses implications for future research

Introducing the STAMP method in road tunnel safety assessment

After the tremendous accidents in European road tunnels over the past decade, many risk assessment methods have been proposed worldwide, most of them based on Quantitative Risk Assessment (QRA). Although QRAs are helpful to address physical aspects and facilities of tunnels, current approaches in the road tunnel field have limitations to model organizational aspects, software behavior and the adaptation of the tunnel system over time. This paper reviews the aforementioned limitations and highlights the need to enhance the safety assessment process of these critical infrastructures with a complementary approach that links the organizational factors to the operational and technical issues, analyze software behavior and models the dynamics of the tunnel system. To achieve this objective, this paper examines the scope for introducing a safety assessment method which is based on the systems thinking paradigm and draws upon the STAMP model. The method proposed is demonstrated through a case study of a tunnel ventilation system and the results show that it has the potential to identify scenarios that encompass both the technical system and the organizational structure. However, since the method does not provide quantitative estimations of risk, it is recommended to be used as a complementary approach to the traditional risk assessments rather than as an alternative. (C) 2012 Elsevier Ltd. All rights reserved

Gap analysis of ISO/SAE 21434 – Improving the automotive cybersecurity engineering life cycle

Due to the ongoing legislative shift towards mandatedcybersecurity for road vehicles, the automotive cybersecurityengineering standard ISO/SAE 21434 is seeing fastadoption throughout the industry. Early efforts are focusing onthreat analysis and risk assessment (TARA) in the concept anddevelopment phases, exposing the challenge of managing TARAresults coherently throughout the supply chain and life cycle.While the industry focuses on TARA, other aspects such asvulnerability or incident handling are receiving less attention.However, the increasing threat landscape makes these processesincreasingly important, posing another industry challenge.In order to better address these two challenges, we analyzethe cybersecurity engineering framework of ISO/SAE 21434for gaps or deficiencies regarding TARA management andvulnerability and incident handling, as well as similar processesfor incident handling in IT security. The result is a proposalfor modifications and augmentations of the ISO/SAE 21434cybersecurity engineering framework. In particular, we proposea TARA management process to facilitate the coordination andinformation exchange between different systems and life cyclephases, and we propose improvements to the vulnerability andincident handling processes in ISO/SAE 21434 so that they aremore aligned with established standards. This amounts to 13new terminology definitions, 4 new process steps, 2 modifiedprocess steps and 1 entirely new process

High Value Assets (HVA) Lessons Learned for Small Government Agencies and Small to Mid-sized Organizations

Cyberattacks are a persistent threat to organizations across all sectors, and over the past decade, attackers have increasingly been targeting municipalities. Protecting the most critical information and systems or high value assets (HVAs) from a cyberattack is essential to reduce the risk of impacting critical services that make day-to-day activities possible. Identifying HVAs is a process that assists organizations in recognizing which assets are most critical and therefore require the most significant protective measures. An HVA process was developed for State, Local, Tribe, and Territory (SLTT) jurisdictions of any size, capability, and cybersecurity maturity to assist them in identifying assets that are vital to community operations. The SLTT HVA Process aligns with the Federal HVA Program developed by the Cybersecurity and Infrastructure Security Agency (CISA). Four jurisdictions are piloting the SLTT HVA Process and, through this initiative, are generating vital lessons learned to successfully incorporate the process into their cybersecurity program

An Analysis of Information Asset Valuation (IAV) Quantification Methodology for Application with Cyber Information Mission Impact Assessment (CIMIA)

The purpose of this research is to develop a standardized Information Asset Valuation (IAV) methodology. The IAV methodology proposes that accurate valuation for an Information Asset (InfoA) is the convergence of information tangible, intangible, and flow attributes to form a functional entity that enhances mission capability. The IAV model attempts to quantify an InfoA to a single value through the summation of weighted criteria. Standardizing the InfoA value criteria will enable decision makers to comparatively analyze dissimilar InfoAs across the tactical, operational, and strategic domains. This research develops the IAV methodology through a review of existing military and non-military valuation methodologies. IAV provides the Air Force (AF) and Department of Defense (DoD) with a standardized methodology that may be utilized enterprise wide when conducting risk and damage assessment and risk management. The IAV methodology is one of the key functions necessary for the Cyber Incident Mission Impact Assessment (CIMIA) program to operationalize a scalable, semi-automated Decision Support System (DSS) tool. The CIMIA DSS intends to provide decision makers with near real-time cyber awareness prior to, during, and post cyber incident situations through documentation of relationships, interdependencies, and criticalities among information assets, the communications infrastructure, and the operations mission impact

Safety culture in the nuclear power industry : attributes for regulatory assessment

Thesis (S.B.)--Massachusetts Institute of Technology, Dept. of Nuclear Engineering, 2004.Includes bibliographical references (leaves 32-35).Safety culture refers to the attitudes, behaviors, and conditions that affect safety performance and often arises in discussions following incidents at nuclear power plants. As it involves both operational and management issues, safety culture is a sensitive topic for regulators whose role is to ensure compliance with safety requirements and not to intervene in management decisions. This report provides an overview of proposed safety culture attributes and worldwide approaches to safety culture assessment and identifies those attributes that should be of high priority to a regulator deciding to assess safety culture.by Erin L. Alexander.S.B

Using the strategic relative alignment index for the selection of portfolio projects application to a public Venezuelan Power Corporation

In this paper a new approach that uses the alignment of projects with corporate strategic objectives to prioritize project portfolio in an efficient and reliable way is presented. For this purpose, corporate strategic objectives will be used as prioritization criteria to obtain the Relative Alignment Index (RAI) of each project which indicates how close or far each project is from the strategic objectives of the company. The approach presented uses the Analytic Network Process. This technique allows considering the influences among all the elements within the network, that means, the strategic objectives, and specially the projects within a portfolio. The proposed RAI index helps to select the best strategically aligned projects for the organization. The proposed RAI index and its form of evaluation have not previously been considered in the project portfolio literature until now. The research methodology for the development of RAI is based on a combination of a synthesis of the literature across the diverse fields of project management, project alignment, multicriteria decision methods and a parallel analysis of an industrial case study. The use of the proposed RAI index is demonstrated using a rigorous methodology with acceptable complexity which seeks to assist managers of the National Electricity Corporation of Venezuela, recently founded and composed by 13 merging old companies, both public and private, in their yearly resources' assignment on their projects portfolio. The aim being to determine a projects 'ranking based on their degree of alignment to corporate strategy and on the judgments of a group of experts, such as the management board. The new corporation assumed the challenge of setting strategic directions (Mission, Vision, Values, Strategic objectives, Plans, Programs, etc.) common to all merging companies. This approach with multi-stakeholders support allows managers to strategically allocate resources to each project in a consensual way.García-Melón, M.; Poveda Bautista, R.; Del Valle, JL. (2015). Using the strategic relative alignment index for the selection of portfolio projects application to a public Venezuelan Power Corporation. International Journal of Production Economics. 170:54-66. doi:10.1016/j.ijpe.2015.08.023S546617

Parameterization, Analysis, and Risk Management in a Comprehensive Management System with Emphasis on Energy and Performance (ISO 50001: 2018)

[EN] The future of business development relies on the effective management of risks, opportunities, and energy and water resources. Here, we evaluate the application of best practices to identify, analyze, address, monitor, and control risks and opportunities (R/O) according to ISO 31000 and 50000. Furthermore, we shed light on tools, templates, ISO guides, and international documents that contribute to classifying, identifying, formulating control, and managing R/O parameterization in a comprehensive management system model, namely CMS QHSE3+, which consists of quality (Q), health and safety (HS), environmental management (E), energy efficiency (E2), and other risk components (+) that include comprehensive biosecurity and biosafety. By focusing on the deployment of R/O-based thinking (ROBT) at strategic and operational levels, we show vulnerability reduction in CMS QHSE3+ by managing energy, efficiency, and sustainability.We express our gratitude for the support from Cajacopi Atlantico, QUARA Technology, ASTEQ Technology, Universidad Simon Bolivar, Universitat Politecnica de Valencia and to all the personnel and companies who offered us their contributions and their valuable points of view.Poveda-Orjuela, PP.; García-Díaz, JC.; Pulido-Rojano, A.; Cañón-Zabala, G. (2020). Parameterization, Analysis, and Risk Management in a Comprehensive Management System with Emphasis on Energy and Performance (ISO 50001: 2018). Energies. 13(21):1-44. https://doi.org/10.3390/en13215579S1441321SDBS Business Demography Indicatorshttps://stats.oecd.org/index.aspx?queryid=70734The World Economy on a Tightrope. OECD Economic Outlook, June 2020http://www.oecd.org/economic-outlook/Strategic Plan 2016–2020www.https://trade.ec.europa.eu/doclib/docs/2016/august/tradoc_154919.pdfSMEs, and Their Business Problems. Case Analysishttps://www.redalyc.org/pdf/206/20605209.pdfMuñoz, P. (2013). The Distinctive Importance of Sustainable Entrepreneurship. Current Opinion in Creativity, Innovation and Entrepreneurship, 2(1). doi:10.11565/cuocient.v2i1.26Parrish, B. D. (2010). Sustainability-driven entrepreneurship: Principles of organization design. Journal of Business Venturing, 25(5), 510-523. doi:10.1016/j.jbusvent.2009.05.005Chaos Report 2015http://www.laboratorioti.com/2016/05/16/informe-del-caos-2015-chaos-report-2015/Dirección de Marketing. Ciudad de México: Pearson and Prentice Hall, 12a Ediciónhttp://biblio.econ.uba.ar/opac-tmpl/bootstrap/tc/148262_TC.pdfPoveda-Orjuela, P. P., García-Díaz, J. C., Pulido-Rojano, A., & Cañón-Zabala, G. (2019). ISO 50001: 2018 and Its Application in a Comprehensive Management System with an Energy-Performance Focus. Energies, 12(24), 4700. doi:10.3390/en12244700Continuity Planning for Your Businesshttps://www.westpac.com.au/content/dam/public/wbc/documents/pdf/help/disaster/WBC_business_continuity_planning_covid-19_checklist.pdfCOVID-19: Five Ways to Maintain Continuity and Reshape for Resiliencehttps://www.ey.com/en_be/transactions/companies-can-reshape-results-and-plan-forcovid-19-recoveryAven, T. (2012). The risk concept—historical and recent development trends. Reliability Engineering & System Safety, 99, 33-44. doi:10.1016/j.ress.2011.11.006Oliva, F. L. (2016). A maturity model for enterprise risk management. International Journal of Production Economics, 173, 66-79. doi:10.1016/j.ijpe.2015.12.007Aven, T., & Zio, E. (2011). Some considerations on the treatment of uncertainties in risk assessment for practical decision making. Reliability Engineering & System Safety, 96(1), 64-74. doi:10.1016/j.ress.2010.06.001The ISO 27k Forumhttps://www.iso27001security.com/html/iso27000.htmlKaya, İ. (2017). Perspectives on Internal Control and Enterprise Risk Management. Eurasian Studies in Business and Economics, 379-389. doi:10.1007/978-3-319-67913-6_26Barafort, B., Mesquida, A.-L., & Mas, A. (2017). Integrating risk management in IT settings from ISO standards and management systems perspectives. Computer Standards & Interfaces, 54, 176-185. doi:10.1016/j.csi.2016.11.010Aven, T. (2016). Risk assessment and risk management: Review of recent advances on their foundation. European Journal of Operational Research, 253(1), 1-13. doi:10.1016/j.ejor.2015.12.023Thekdi, S., & Aven, T. (2016). An enhanced data-analytic framework for integrating risk management and performance management. Reliability Engineering & System Safety, 156, 277-287. doi:10.1016/j.ress.2016.07.010Aven, T., & Zio, E. (2013). Foundational Issues in Risk Assessment and Risk Management. Risk Analysis, 34(7), 1164-1172. doi:10.1111/risa.12132Labodová, A. (2004). Implementing integrated management systems using a risk analysis based approach. Journal of Cleaner Production, 12(6), 571-580. doi:10.1016/j.jclepro.2003.08.008World trends and the future of Latin America; ECLAC UNIDO, 2016–Public Management Series, No 85. ISSN 1680-8827, LC/L.4246 LC/IP/L.348https://repositorio.cepal.org/bitstream/handle/11362/40788/S1600740_es.pdf?sequence=1&isAllowed=yBudhi, M. K. S., Lestari, N. P. N. E., Suasih, N. N. R., & Wijaya, P. Y. (2020). Strategies and policies for developing SMEs based on creative economy. Management Science Letters, 2301-2310. doi:10.5267/j.msl.2020.3.005Melly, D., & Hanrahan, J. (2020). Tourism biosecurity risk management and planning: an international comparative analysis and implications for Ireland. Tourism Review, 76(1), 88-102. doi:10.1108/tr-07-2019-0312Guide for Business Continuity during COVID-19http://www.andi.com.co/Uploads.pdfLa Danse, 1910. Musee de l’Hermitage, Saint-Pétersbourg, Russie. Consulté le 28 Juillet 2020https://www.hermitagemuseum.org/wps/portal/hermitage/Uriarte-Romero, R., Gil-Samaniego, M., Valenzuela-Mondaca, E., & Ceballos-Corral, J. (2017). Methodology for the Successful Integration of an Energy Management System to an Operational Environmental System. Sustainability, 9(8), 1304. doi:10.3390/su9081304Cosgrove, J., Littlewood, J., & Wilgeroth, P. (2017). Development of a framework of key performance indicators to identify reductions in energy consumption in a medical devices production facility. International Journal of Ambient Energy, 39(2), 202-210. doi:10.1080/01430750.2017.1278718Wu, J., Cheng, B., Wang, M., & Chen, J. (2017). Quality-Aware Energy Optimization in Wireless Video Communication With Multipath TCP. IEEE/ACM Transactions on Networking, 25(5), 2701-2718. doi:10.1109/tnet.2017.2701153Biosecurity. Madridhttps://www.insst.es/-/bioseguridadArvanitis, S., Loukis, E., & Diamantopoulou, V. (2013). The effect of soft ICT capital on innovation performance of Greek firms. Journal of Enterprise Information Management, 26(6), 679-701. doi:10.1108/jeim-07-2013-0048ICT in small firms: Factors affecting the adoption and use of ICT in Southeast England SMEshttps://aisel.aisnet.org/ecis2008/167Legg, S. J., Olsen, K. B., Laird, I. S., & Hasle, P. (2015). Managing safety in small and medium enterprises. Safety Science, 71, 189-196. doi:10.1016/j.ssci.2014.11.007Podgórski, D. (2015). Measuring operational performance of OSH management system – A demonstration of AHP-based selection of leading key performance indicators. Safety Science, 73, 146-166. doi:10.1016/j.ssci.2014.11.018Cagno, E., Micheli, G. J. L., Masi, D., & Jacinto, C. (2013). Economic evaluation of OSH and its way to SMEs: A constructive review. Safety Science, 53, 134-152. doi:10.1016/j.ssci.2012.08.016Badri, A., Gbodossou, A., & Nadeau, S. (2012). Occupational health and safety risks: Towards the integration into project management. Safety Science, 50(2), 190-198. doi:10.1016/j.ssci.2011.08.008Carlson, R., Erixon, M., Forsberg, P., & Pålsson, A.-C. (2001). System for integrated business environmental information management. Advances in Environmental Research, 5(4), 369-375. doi:10.1016/s1093-0191(01)00088-0Florio, C., & Leoni, G. (2017). Enterprise risk management and firm performance: The Italian case. The British Accounting Review, 49(1), 56-74. doi:10.1016/j.bar.2016.08.003Aven, T., & Ylönen, M. (2018). A risk interpretation of sociotechnical safety perspectives. Reliability Engineering & System Safety, 175, 13-18. doi:10.1016/j.ress.2018.03.004Skorupinska, A., & Torrent-Sellens, J. (2017). ICT, Innovation and Productivity: Evidence Based on Eastern European Manufacturing Companies. Journal of the Knowledge Economy, 8(2), 768-788. doi:10.1007/s13132-016-0441-1Benitez‐Amado, J., Llorens‐Montes, F. J., & Nieves Perez‐Arostegui, M. (2010). Information technology‐enabled intrapreneurship culture and firm performance. Industrial Management & Data Systems, 110(4), 550-566. doi:10.1108/02635571011039025González-Posada, D. M., & Reyes-Bedoya, N. (2019). Herramientas de gestión al alcance: caso red de hostales de la ciudad de Medellín. Revista CEA, 5(9), 113-129. doi:10.22430/24223182.1261Hernandis Ortuño, B., & Briede Westermeyer, J. C. (2009). AN EDUCATIONAL APPLICATION FOR A PRODUCT DESIGN AND ENGINEERING SYSTEMS USING INTEGRATED CONCEPTUAL MODELS. Ingeniare. Revista chilena de ingeniería, 17(3). doi:10.4067/s0718-3305200900030001

A Wearable Platform for Patient Monitoring during Mass Casualty Incidents

Based on physiological data, intelligent algorithms can assist with the classification and recognition of the most severely impaired victims. This dissertation presents a new sensorbased triage platform with the main proposal to join different sensor and communications technologies into a portable device. This new device must be able to assist the rescue units along with the tactical planning of the operation. This dissertation discusses the implementation and the evaluation of the platform