Prioritizing Strategic IT Projects with Tropos

One of the daily tasks of an enterprise architect is to prioritize strategic IT projects. To achieve a business-IT alignment, this prioritization needs to be based on business strategies and goals. Therefore, business goals and their traceability to strategic IT projects are relevant for the enterprise architect. However, surpris-ingly little formalisations and reasoning techniques have been developed in the enterprise architecture domain. In this paper we show that the popular goal modelling technique Tropos together with its formal reasoning techniques can support the enterprise architect when prioritizing strategic IT projects. We prove the feasibility of our work with a tool implementation of the proposed modelling language and its corresponding algorithms; and demon-strate their usefulness with the help of an example taken from the enterprise architecture literature

Identifying Implicit Vulnerabilities through Personas as Goal Models

When used in requirements processes and tools, personas have the potential to identify vulnerabilities resulting from misalignment between user expectations and system goals. Typically, however, this potential is unfulfilled as personas and system goals are captured with different mindsets, by different teams, and for different purposes. If personas are visualised as goal models, it may be easier for stakeholders to see implications of their goals being satisfied or denied, and designers to incorporate the creation and analysis of such models into the broader RE tool-chain. This paper outlines a tool-supported approach for finding implicit vulnerabilities from user and system goals by reframing personas as social goal models. We illustrate this approach with a case study where previously hidden vulnerabilities based on human behaviour were identified

BFO and DOLCE: So Far, So Close…

A survey of the similarities and differences between BFO and DOLCE, and of the mutual interactions between Nicola Guarino and Barry Smit

Conceptual modeling for the design of intelligent and emergent information systems

A key requirement to today's fast changing economic environment is the ability of organizations to adapt dynamically in an effective and efficient manner. Information and Communication Technologies play a crucially important role in addressing such adaptation requirements. The notion of `intelligent software' has emerged as a means by which enterprises can respond to changes in a reactive manner but also to explore, in a pro-active manner, possibilities for new business models. The development of such software systems demands analysis, design and implementation paradigms that recognize the need for ‘co-development’ of these systems with enterprise goals, processes and capabilities. The work presented in this paper is motivated by this need and to this end it proposes a paradigm that recognizes co-development as a knowledge-based activity. The proposed solution is based on a multi-perspective modeling approach that involves (i) modeling key aspects of the enterprise, (ii) reasoning about design choices and (iii) supporting strategic decision-making through simulations. The utility of the approach is demonstrated though a case study in the field of marketing for a start-up company

ATLAS FRAMEWORK FOR INTEGRAL ENTERPRISE MODELLING - INSTANTIATION FOR DYNAMIC CAPABILITIES MODELLING

We argue that enterprise modelling should also include the human aspects of the organisation in order to develop a faithful representation of the total relevant system. Faithful representations contribute to practical implementation of management and organisational concepts like dynamic capabilities. Currently, there is a lack of enterprise modelling frameworks for modelling the organisation as a socio-technical system. We propose the Atlas Meta Framework for integral enterprise modelling and explain its elements: facets, levels, stakeholders, maps, atlas and roadmap. We demonstrate how the Atlas Meta Framework can be instantiated to the Atlas Capability Governance Framework and an online tool that can be used by managers for orchestrating the second-order dynamic capabilities of an organisation

Privacy Enhanced Secure Tropos: A Privacy Modeling Language for GDPR Compliance

Euroopa Liidu isikuandmete kaitse üldmäärusele (GDPR) vastavuse tagamine saab õiguslikult hädavajalikuks kõigis tarkvarasüsteemides, mis töötlevad ja haldavad isikuandmeid. Sellest tulenevalt tuleb GDPR vastavuse ja privaatsuse komponentidega arvestada arendusprotsessi varajastes etappides ning tarkvarainsenerid peaksid analüüsima mitte ainult süsteemi, vaid ka selle keskkonda. Käesolev uuring keskendub viimasel ajal tähepepanu pälvinud modelleerimiskeelele Privacy Enhanced Secure Tropos (PESTOS), mis põhineb Tropos metoodikal, hõlmates eesmärkide ja reeglite vaatenurka, mis aitab tarkvarainseneridel hinnata erinevaid Privacy-enhancing Technologies (PET-e) kandidaate, arendades samas privaatsustundlikke süsteeme, et need oleksid GDPR-iga kooskõlas.Kuigi GDPR artikli 5 lõikes 2 sätestatakse, et vastutuse põhimõtte kohaselt peavad organisatsioonid suutma näidata vastavust GDPR põhimõtetele (meie teadmiste kohaselt ei ole praegu veel ühtegi teist privaatsuse modelleerimise keelt, mis keskendub eelkõige GDPR nõuetele ja mis põhineb Security Risk-Aware Secure Tropos metoodikal), ei olnud saadaval ühtegi praktilist modelleerimise keelt, mis rahuldaks tööstus- ja ärivajadusi. See on Euroopa Liidu piirkonna avalikele asutustele ja erasektorile tõsine probleem, kuna GDPR toob vastutavatele ja volitatud töötlejatele kaasa väga tõsiseid trahve. Organisatsioonid ei oma piisavat kindlustunnet regulatsioonide täitmise osas ja tarkvarainseneridel puuduvad meetodid saamaks ülevaadet infosüsteemide muutmistaotlustest. Käesolevas lõputöös rakendatakse struktureeritud privaatsuse modelleerimise keelt, mida nimetatakse PESTOS-iks. Selle eesmärk on tagada kõrgetasemeline vastavus GDPR nõuetele kattes PET-e eesmärk-tegija-reegel perspektiivis hindamiseks ka lõimitud andmekaitse põhimõtted. GDPR 99-st artiklist 21 artiklit saab identifitseerida tehniliste nõudmistena, mile osas PESTOS suudab ettvõtetel aidata GDPR-ist tulenevaid kohustusi täita. Identiteedi- ja turvaekspertide seas läbiviidud uuring kinnitab, et kavandatud mudelil on piisav õigsus, täielikkus, tootlikkus ja kasutusmugavus.The European Union General Data Protection Regulation (GDPR) compliance is becoming a legal necessity for software systems that process and manage personal data. As a result of that fact, GDPR compliance and privacy components need to be considered from the early stages of the development process and software engineers should analyze not only the system but also its environment. Hereby with this study, Privacy Enhanced Secure Tropos (PESTOS) is emerging as a privacy modeling language based on Tropos methodology, which covers the goal and rule perspective, for helping software engineers by assessing candidate PETs, while designing privacy-aware systems, in order to make them compatible with GDPR. Although in Article 5(2) of the GDPR, the accountability principle requires organizations to show compliance with the principles of the GDPR, (To the best of our knowledge, currently there is no other privacy modeling language especially focuses on the GDPR compliance and enhanced based on Security Risk-Aware Secure Tropos methodology) there were not any practical social modeling languages supply the demand driven by industrial and commercial needs. This is a serious issue for public institutions and private sector in EU-zone because GDPR brings very serious charges for data controllers and data processors, therefore organizations do not feel themselves ready to face with those regulations and software engineers have a lack of methods for capturing change requests of the information systems. This paper applies a structured privacy modeling language that is called as PESTOS which has a goal-oriented solution domain that aims to bring a high compatibility with GDPR by covering Privacy by Design strategies for assessing proper privacy-enhancing technologies(PETs) in a respect of the goal-actor-rule perspective. Among the 99 articles of GDPR, 21 articles can be identified as technical level of requirements that PESTOS is able to transform them into GDPR goals needs to be fulfilled in order to support business assets. A survey conducted by identity and security experts validates that proposed model has a sufficient level of correctness, completeness, productivity and ease of use