38,351 research outputs found

    Building in web application security at the requirements stage : a tool for visualizing and evaluating security trade-offs : a thesis presented in partial fulfilment of the requirements for the degree of Master of Information Science in Information Systems at Massey University, Albany, New Zealand

    Get PDF
    One dimension of Internet security is web application security. The purpose of this Design-science study was to design, build and evaluate a computer-based tool to support security vulnerability and risk assessment in the early stages of web application design. The tool facilitates risk assessment by managers and helps developers to model security requirements using an interactive tree diagram. The tool calculates residual risk for each component of a web application and for the application overall so developers are provided with better information for making decisions about which countermeasures to implement given limited resources tor doing so. The tool supports taking a proactive approach to building in web application security at the requirements stage as opposed to the more common reactive approach of putting countermeasures in place after an attack and loss have been incurred. The primary contribution of the proposed tool is its ability to make known security-related information (e.g. known vulnerabilities, attacks and countermeasures) more accessible to developers who are not security experts and to translate lack of security measures into an understandable measure of relative residual risk. The latter is useful for managers who need to prioritize security spending. Keywords: web application security, security requirements modelling, attack trees, threat trees, risk assessment

    Business Process Management Education in Academia: Status, challenges, and Recommendations

    Get PDF
    In response to the growing proliferation of Business Process Management (BPM) in industry and the demand this creates for BPM expertise, universities across the globe are at various stages of incorporating knowledge and skills in their teaching offerings. However, there are still only a handful of institutions that offer specialized education in BPM in a systematic and in-depth manner. This article is based on a global educators’ panel discussion held at the 2009 European Conference on Information Systems in Verona, Italy. The article presents the BPM programs of five universities from Australia, Europe, Africa, and North America, describing the BPM content covered, program and course structures, and challenges and lessons learned. The article also provides a comparative content analysis of BPM education programs illustrating a heterogeneous view of BPM. The examples presented demonstrate how different courses and programs can be developed to meet the educational goals of a university department, program, or school. This article contributes insights on how best to continuously sustain and reshape BPM education to ensure it remains dynamic, responsive, and sustainable in light of the evolving and ever-changing marketplace demands for BPM expertise

    Assessing and enhancing quality using toolkits

    Get PDF
    “Toolkits” are decision-making frameworks based on expert models. This paper outlines one toolkit, which provides support for practitioners involved in the process of embedding Learning Technology into their courses. Although the toolkit was created as a design tool, feedback from evaluations identified its value as a means of assessing Quality. This paper outlines the background of the creation and scope of the toolkit, examines how it can be used to assess and enhance the quality of courses and concludes by summarising how toolkits can be used as part of Quality procedures in other areas

    Case study : The University of Strathclyde in Glasgow

    Get PDF
    Describes the Millennium Student Initiative which equipped students in the business school with laptops. Curricular redesign made these an essential part of the pedagogic proces
    • 

    corecore