Using agreements as an abstraction for access control administration

The last couple of decades saw lots of changes in the business world. Not only did technology change at a rapid pace, but businesses' views with respect to the role that information plays also changed drastically. Information is now seen as a strategic resource. This change paved the way for the so-called knowledge worker that not only consumes information, but actively participates in creating new knowledge from information. Employees must therefore be empowered to fulfill their new role as knowledge workers. Empowerment happens through job redefinition and by ensuring that the appropriate information is at hand. Although information is more readily available to employees, appropriate access controls must still be implemented. However, there is conflict between the need to share information and the need to keep information confidential. These conflicting needs must be reflected in the administration of access control. In order to resolve these conflicts, a finer granularity of access controls must be implemented. However, to implement a finer granularity of access control, an increase in the number of access controls and, therefore, the administrative burden is inevitable. Access control administrators must cater for a potentially large number of systems. These systems can not only be heterogenous as far as architecture and technology are concerned, but also with respect to access control paradigms. Vendors have realized that human involvement must be minimized, giving birth to so-called "provisioning systems". Provisioning systems, in principle, automate certain parts of access control administration. However, currently implementations are done in an ad hoc manner, that is, without a systematic process of identifying the real access control needs. This study aims to address this problem by proposing the "agreement abstraction" as a possible vehicle for systematically analyzing the access control requirements in a business. In essence, the agreement abstraction allows us to identify opportunities where access control can be automated. A specific methodological approach is suggested whereby the business is analysed in terms of business processes, as opposed to the more traditional resource perspective. Various business processes are used as examples to explain and motivate the proposed agreement abstraction further. This dissertation therefore contributes to the field of discourse by presenting a new abstraction that can be used systematically to analyse access control administration requirements

Meeting global business information requirements with ERP systems for improved business performance

This thesis explores global business performance outcomes as a result of aligning ERP systems capabilities to global business information requirements. Global business is a network of interconnected organizations that have multinational operations and exchange finished goods, raw materials, services, information, knowledge, skills and capital across national boundaries. It is a new business trend in which organisations from all industry sectors capitalize on cheap labour, low cost capital, unique resources and new market opportunities in the global economy. Global business management entails unique information requirements from strategic business units (SBSs) operating in different parts of the world. Global business information requirements include: 1) multi-level and multi-purpose information from global SBUs; 2) accurate and timely information; 3) consolidated information; 4) global business process information; 5) global supply chain information; and 6) secure information. The first three information requirements are important for supporting management decisions while the other three are important for supporting global businesses’ operating decisions. Enterprise Resource Planning (ERP) systems have been increasingly adopted to meet global business information requirements. ERP systems capabilities that support global business information management include multi-level and multi-purpose information management; delivering accurate, timely and consolidated information; integrating global business process information; managing global supply chain information and transmitting secure information. Using structural equation modelling (SEM) technique this research established that if two variables (global business information requirements and ERP systems capabilities) co-align, this resulted in improved business performance. The co-alignment in this research is adopted from Venkatraman’s explanation of “fit as co-variation/co-alignment” perspective. Performance outcomes of global business as a result of co-aligning ERP systems capabilities and global business information requirements are measured using four perspectives: financial performance; customer performance; learning and growth performance; and internal business process performance. Findings of this research supported the conceptualisation of fit from the co-alignment/co-variation perspective, confirming that the co-alignment of global business information requirements and ERP systems capabilities leads to better business performance of global organizations. The findings also confirmed that global organisations have unique information requirements that are somewhat different to local businesses. ERP systems are able to support global business information requirements. Findings also confirmed that the financial, customer, learning and growth and internal business process performance of global organizations are moderated by the organization size and the globalization history. Not only does this research fill the void in global business literature by investigating the important role information plays in global business management, but it extends the ERP literature and IT/IS alignment theories to the co-alignment of IS capabilities with global business information requirements for improved performance outcomes. The major contribution to knowledge this research makes is the development and validation of a co-alignment model, extending theories of IT/IS alignment to the alignment of a specific information system (ERP system) to a specific type of business (global business)

Metodología de implantación de modelos de gestión de la información dentro de los sistemas de planificación de recursos empresariales. Aplicación en la pequeña y mediana empresa

La Siguiente Generación de Sistemas de Fabricación (SGSF) trata de dar respuesta a los requerimientos de los nuevos modelos de empresas, en contextos de inteligencia, agilidad y adaptabilidad en un entono global y virtual. La Planificación de Recursos Empresariales (ERP) con soportes de gestión del producto (PDM) y el ciclo de vida del producto (PLM) proporciona soluciones de gestión empresarial sobre la base de un uso coherente de tecnologías de la información para la implantación en sistemas CIM (Computer-Integrated Manufacturing), con un alto grado de adaptabilidad a la estnictura organizativa deseada. En general, esta implementación se lleva desarrollando hace tiempo en grandes empresas, siendo menor (casi nula) su extensión a PYMEs. La presente Tesis Doctoral, define y desarrolla una nueva metodología de implementación pan la generación automática de la información en los procesos de negocio que se verifican en empresas con requerimientos adaptados a las necesidades de la SGSF, dentro de los sistemas de gestión de los recursos empresariales (ERP), atendiendo a la influencia del factor humano. La validez del modelo teórico de la metodología mencionada se ha comprobado al implementarlo en una empresa del tipo PYME, del sector de Ingeniería. Para el establecimiento del Estado del Arte de este tema se ha diseñado y aplicado una metodología específica basada en el ciclo de mejora continua de Shewhart/Deming, aplicando las herramientas de búsqueda y análisis bibliográfico disponibles en la red con acceso a las correspondientes bases de datos