An Approach to Transform Public Administration into SOA-based Organizations

Nowadays, Service-Oriented Architectures (SOA) is widely spread in private organizations. However, when transferring this knowledge to Public Administration, it is realized that it has not been transformed in terms of its legal nature into organizations capable to operate under the SOA paradigm. This fact prevents public administration bodies from offering the efficient services they have been provided by different boards of governments. A high-level framework to perform this transformation is proposed. Taking it as starting point, an instance of a SOA Target Meta-Model can be obtained by means of an iterative and incremental process based on the analysis of imperatives and focused on the particular business context of each local public administration. This paper briefly presents a practical experience consisting in applying this process to a Spanish regional public administration.Junta de Andalucía TIC-578

Designing a consulting services architecture model

textDuring my years of experience in the technology industry, it has become obvious that standard processes and methodologies within the engineering discipline are at a mature state. The realization though is that software engineering specifically lags behind. Most software engineering methodologies that I have studied focus on the mission of software development. It is this realization and the need for structure that led me to review existing methodologies used within my company's software services organization. The definition of what a successful software services methodology entails is rather limited. This report will provide a history of existing software engineering methodologies that I have studied, describe an initial services method that was being developed within my organization, develop a new model that addresses previous shortcomings and identify additional components required to further define a strong software services-oriented delivery methodology.Electrical and Computer Engineerin

How the logic and pragmatics of sinking funds play a part in corporate governance

This paper sets forth that sinking funds foster corporate governance, either when they intend to build up the principal of bonds and financial hybrids to be repaid at maturity date, or to plan ahead the purchase of fixed assets in the future. To lay foundations, firstly we expand on the logic of sinking funds, by reviewing the standard model of capital formation. Proven drawbacks of this model, however, pave the way for our proposal of undertaking a portfolio management approach for which we furnish an iterative resetting program that deals with unavoidable imbalances of the underlying portfolio. Secondly, we develop the pragmatics of sinking funds, which focus on the choice problem attached to sinking funds and the fiduciary role expected from an appointed portfolio manager. Lastly, we move on to a protocol with suitable covenants to be embedded in a bond placement, so as to enhance the governance of those organizations that dare to avail themselves of sinking funds.sinking fund, corporate governance, bonds placement, financial hybrids, fixed assets, capital formation, portfolio management.

Designing a Tool for Measuring IT Process Maturity in an Agile Development Context

This paper presents the design of a tool for recurring quantitative self-assessment of IT Service Management (ITSM) process maturity in an agile environment. Continual improvement of ITSM processes can be measured by performing a process maturity assessment, comparing the organization’s process performance against a best-practice reference set of processes. In this paper we report a project that has developed a quantitative measuring survey-based tool. The specific context for the research is a financial institution that has adopted agile development. This change brought on an increased need to monitor ITSM process performance, and a Design Science Research (DSR) project was launched to create an ITSM maturity assessment tool. The results show that a company-wide ITSM process maturity assessment can be established as a survey-based self-assessment, and that the aggregate scores from this self-assessment present a good indicator of the organization’s process performance, especially when complemented by a reference score. A key learning from the study is that the iterative DSR methodology made it possible to create a system that in good way measure ITSM process maturity

Designing the Extended Zero Trust Maturity Model A Holistic Approach to Assessing and Improving an Organization’s Maturity Within the Technology, Processes and People Domains of Information Security

Zero Trust is an approach to security where implicit trust is removed, forcing applications, workloads, servers and users to verify themselves every time a request is made. Furthermore, Zero Trust means assuming anything can be compromised, and designing networks, identities and systems with this in mind and following the principle of least privilege. This approach to information security has been coined as the solution to the weaknesses of traditional perimeter-based information security models, and adoption is starting to increase. However, the principles of Zero Trust are only applied within the technical domain to aspects such as networks, data and identities in past research. This indicates a knowledge gap, as the principles of Zero Trust could be applied to organizational domains such as people and processes to further strengthen information security, resulting in a holistic approach. To fill this gap, we employed design science research to develop a holistic maturity model for Zero Trust maturity based on these principles: The EZTMM. We performed two systematic literature reviews on Zero Trust and Maturity Model theory respectively and collaborated closely with experts and practitioners on the operational, tactical and strategic levels of six different organizations. The resulting maturity model was anchored in prior Zero Trust and maturity model literature, as well as practitioner and expert experiences and knowledge. The EZTMM was evaluated by our respondent organizations through two rounds of interviews before being used by one respondent organization to perform a maturity assessment of their own organization as a part of our case study evaluation. Each interview round resulted in ample feedback and learning, while the case study allowed us to evaluate and improve on the model in a real-world setting. Our contribution is twofold: A fully functional, holistic Zero Trust maturity model with an accompanying maturity assessment spreadsheet (the artifact), and our reflections and suggestions regarding further development of the EZTMM and research on the holistic application of Zero Trust principles for improved information security

Designing the Extended Zero Trust Maturity Model A Holistic Approach to Assessing and Improving an Organization’s Maturity Within the Technology, Processes and People Domains of Information Security

Zero Trust is an approach to security where implicit trust is removed, forcing applications, workloads, servers and users to verify themselves every time a request is made. Furthermore, Zero Trust means assuming anything can be compromised, and designing networks, identities and systems with this in mind and following the principle of least privilege. This approach to information security has been coined as the solution to the weaknesses of traditional perimeter-based information security models, and adoption is starting to increase. However, the principles of Zero Trust are only applied within the technical domain to aspects such as networks, data and identities in past research. This indicates a knowledge gap, as the principles of Zero Trust could be applied to organizational domains such as people and processes to further strengthen information security, resulting in a holistic approach. To fill this gap, we employed design science research to develop a holistic maturity model for Zero Trust maturity based on these principles: The EZTMM. We performed two systematic literature reviews on Zero Trust and Maturity Model theory respectively and collaborated closely with experts and practitioners on the operational, tactical and strategic levels of six different organizations. The resulting maturity model was anchored in prior Zero Trust and maturity model literature, as well as practitioner and expert experiences and knowledge. The EZTMM was evaluated by our respondent organizations through two rounds of interviews before being used by one respondent organization to perform a maturity assessment of their own organization as a part of our case study evaluation. Each interview round resulted in ample feedback and learning, while the case study allowed us to evaluate and improve on the model in a real-world setting. Our contribution is twofold: A fully functional, holistic Zero Trust maturity model with an accompanying maturity assessment spreadsheet (the artifact), and our reflections and suggestions regarding further development of the EZTMM and research on the holistic application of Zero Trust principles for improved information security

Designing Extended Zero Trust Maturity Model – From Technical to Socio-Technical

Recent successful cybersecurity attacks have exploited trust to compromise organizational information systems. Scholars and practitioners agree that the issue originates from the organizational perimeter security approach, within which perimeter trust is assumed. To improve the situation, building security principles on the idea that trust is not inherent but earned has been proposed, coined as Zero Trust. However, the current discussions spearheaded by technology-minded practitioners have focused mostly on trust at the network security and architecture levels, largely omitting the organizational aspects of security. To address this gap, we build on socio-technical approach and maturity models to develop a novel artifact with security experts, addressing the need for organizational Zero Trust through the Extended Zero Trust Maturity Model. Our research contributes to discussions on holistic information security management by extending the principles of Zero Trust from technical into socio-technical approach and responds to calls to reconsider foundational assumptions of IS security