Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

The uses of process modeling : a framework for understanding modeling formalisms

There is wide-spread recognition of the urgent need to improve software processes in order to improve the performance of software organizations. Process models are essential in achieving understanding and visibility of processes and are important for other uses including the analysis of processes for improvement. It has been increasingly difficult to compare and evaluate the variety of process modeling formalisms that have appeared in recent years without a clear understanding of precisely for what they will be used. The contribution of this paper is to provide an understanding and a fairly comprehensive catalog of the applications of process modeling for which formalisms may be used. The primary mechanism for doing this is a guided tour of the literature on process modeling supplemented by recent industrial experience. In the paper, basic definitions concerning processes, process descriptions and process modeling are reviewed and then uses of process modeling are surveyed under the following headings: communication among process participants, construction of new processes, control of processes, process· analysis, and process support by automation. Comments are offered on paradigms for process modeling formalisms and directions for future work to permit evolution of a discipline of process engineering are given

Business Process Management Education in Academia: Status, challenges, and Recommendations

In response to the growing proliferation of Business Process Management (BPM) in industry and the demand this creates for BPM expertise, universities across the globe are at various stages of incorporating knowledge and skills in their teaching offerings. However, there are still only a handful of institutions that offer specialized education in BPM in a systematic and in-depth manner. This article is based on a global educators’ panel discussion held at the 2009 European Conference on Information Systems in Verona, Italy. The article presents the BPM programs of five universities from Australia, Europe, Africa, and North America, describing the BPM content covered, program and course structures, and challenges and lessons learned. The article also provides a comparative content analysis of BPM education programs illustrating a heterogeneous view of BPM. The examples presented demonstrate how different courses and programs can be developed to meet the educational goals of a university department, program, or school. This article contributes insights on how best to continuously sustain and reshape BPM education to ensure it remains dynamic, responsive, and sustainable in light of the evolving and ever-changing marketplace demands for BPM expertise

Assessing and enhancing quality using toolkits

“Toolkits” are decision-making frameworks based on expert models. This paper outlines one toolkit, which provides support for practitioners involved in the process of embedding Learning Technology into their courses. Although the toolkit was created as a design tool, feedback from evaluations identified its value as a means of assessing Quality. This paper outlines the background of the creation and scope of the toolkit, examines how it can be used to assess and enhance the quality of courses and concludes by summarising how toolkits can be used as part of Quality procedures in other areas

Quality Assessment for E-learning: a Benchmarking Approach (Third edition)

The primary purpose of this manual is to provide a set of benchmarks, quality criteria and notes for guidance against which e-learning programmes and their support systems may be judged. The manual should therefore be seen primarily as a reference tool for the assessment or review of e-learning programmes and the systems which support them. However, the manual should also prove to be useful to staff in institutions concerned with the design, development, teaching, assessment and support of e-learning programmes. It is hoped that course developers, teachers and other stakeholders will see the manual as a useful development and/or improvement tool for incorporation in their own institutional systems of monitoring, evaluation and enhancement

Case study : The University of Strathclyde in Glasgow

Describes the Millennium Student Initiative which equipped students in the business school with laptops. Curricular redesign made these an essential part of the pedagogic proces