Human system modelling in support of manufacturing enterprise design and change

Organisations comprise human and technical systems that typically perform a variety of business, engineering and production roles. Human systems comprise individuals, people groups and teams that work systematically to conceive, implement, develop and manage the purposes of any enterprise in response to customer requirements. Recently attention has been paid to modelling aspects of people working within production systems, with a view to improving: production performance, effective resource allocation and optimum resource management. In the research reported, graphical and computer executable models of people have been conceived and used in support of human systems engineering. The approach taken has been to systematically decompose and represent processes so that elemental production and management activities can be modelled as explicit descriptions of roles that human systems can occupy as role holders. First of all, a preliminary modelling method (MM1) was proposed for modelling human systems in support of engineering enterprise; then MM1 was implemented and tested in a case study company 1. Based on findings of this exploratory research study an improved modelling method (MM2) was conceived and instrumented. Here characterising customer related product dynamic impacts extended MM1 modelling concepts and methods and related work system changes. MM2 was then tested in case study company 2 to observe dynamic behaviours of selected system models derived from actual company knowledge and data. Case study 2 findings enabled MM2 to be further improved leading to MM3. MM3 improvements stem from the incorporation of so-called DPU (Dynamic Producer Unit) concepts, related to the modelling of human and technical resource system components . Case study 4 models a human system for targeted users i.e. production managers etc to facilitate analysis of human configuration and also cost modelling. Modelling approaches MM2, MM3 and also Case Study 4 add to knowledge about ways of facilitating quantitative analysis and comparison between different human system configurations. These new modelling methods allow resource system behaviours to be matched to specific, explicitly defined, process-oriented requirements drawn from manufacturing workplaces currently operating in general engineering, commercial furniture and white goods industry sectors

Requirements engineering for computer integrated environments in construction

A Computer Integrated Environment (CIE) is the type of innovative integrated information system that helps to reduce fragmentation and enables the stakeholders to collaborate together in business. Researchers have observed that the concept of CIE has been the subject of research for many years but the uptake of this technology has been very limited because of the development of the technology and its effective implementation. Although CIE is very much valued by both industrialists and academics, the answers to the question of how to develop and how to implement it are still not clear. The industrialists and researchers conveyed that networking, collaboration, information sharing and communication will become popular and critical issues in the future, which can be managed through CIE systems. In order for successful development of the technology, successful delivery, and effective implementation of user and industry-oriented CIE systems, requirements engineering seems a key parameter. Therefore, through experiences and lessons learnt in various case studies of CIE systems developments, this book explains the development of a requirements engineering framework specific to the CIE system. The requirements engineering process that has been developed in the research is targeted at computer integrated environments with a particular interest in the construction industry as the implementation field. The key features of the requirements engineering framework are the following: (1) ready-to-use, (2) simple, (3) domain specific, (4) adaptable and (5) systematic, (6) integrated with the legacy systems. The method has three key constructs: i) techniques for requirements development, which includes the requirement elicitation, requirements analysis/modelling and requirements validation, ii) requirements documentation and iii) facilitating the requirements management. It focuses on system development methodologies for the human driven ICT solutions that provide communication, collaboration, information sharing and exchange through computer integrated environments for professionals situated in discrete locations but working in a multidisciplinary and interdisciplinary environment. The overview for each chapter of the book is as follows; Chapter 1 provides an overview by setting the scene and presents the issues involved in requirements engineering and CIE (Computer Integrated Environments). Furthermore, it makes an introduction to the necessity for requirements engineering for CIE system development, experiences and lessons learnt cumulatively from CIE systems developments that the authors have been involved in, and the process of the development of an ideal requirements engineering framework for CIE systems development, based on the experiences and lessons learnt from the multi-case studies. Chapter 2 aims at building up contextual knowledge to acquire a deeper understanding of the topic area. This includes a detailed definition of the requirements engineering discipline and the importance and principles of requirements engineering and its process. In addition, state of the art techniques and approaches, including contextual design approach, the use case modelling, and the agile requirements engineering processes, are explained to provide contextual knowledge and understanding about requirements engineering to the readers. After building contextual knowledge and understanding about requirements engineering in chapter 2, chapter 3 attempts to identify a scope and contextual knowledge and understanding about computer integrated environments and Building Information Modelling (BIM). In doing so, previous experiences of the authors about systems developments for computer integrated environments are explained in detail as the CIE/BIM case studies. In the light of contextual knowledge gained about requirements engineering in chapter 2, in order to realize the critical necessity of requirements engineering to combine technology, process and people issues in the right balance, chapter 4 will critically evaluate the requirements engineering activities of CIE systems developments that are explained in chapter 3. Furthermore, to support the necessity of requirements engineering for human centred CIE systems development, the findings from semi-structured interviews are shown in a concept map that is also explained in this chapter. In chapter 5, requirements engineering is investigated from different angles to pick up the key issues from discrete research studies and practice such as traceability through process and product modelling, goal-oriented requirements engineering, the essential and incidental complexities in requirements models, the measurability of quality requirements, the fundamentals of requirements engineering, identifying and involving the stakeholders, reconciling software requirements and system architectures and barriers to the industrial uptake of requirements engineering. In addition, a comprehensive research study measuring the success of requirements engineering processes through a set of evaluation criteria is introduced. Finally, the key issues and the criteria are comparatively analyzed and evaluated in order to match each other and confirm the validity of the criteria for the evaluation and assessment of the requirements engineering implementation in the CIE case study projects in chapter 7 and the key issues will be used in chapter 9 to support the CMM (Capability Maturity Model) for acceptance and wider implications of the requirements engineering framework to be proposed in chapter 8. Chapter 6 explains and particularly focuses on how the requirements engineering activities in the case study projects were handled by highlighting strengths and weaknesses. This will also include the experiences and lessons learnt from these system development practices. The findings from these developments will also be utilized to support the justification of the necessity of a requirements engineering framework for the CIE systems developments. In particular, the following are addressed. • common and shared understanding in requirements engineering efforts, • continuous improvement, • outputs of requirement engineering • reflections and the critical analysis of the requirements engineering approaches in these practices. The premise of chapter 7 is to evaluate and assess the requirements engineering approaches in the CIE case study developments from multiple viewpoints in order to find out the strengths and the weaknesses in these requirements engineering processes. This evaluation will be mainly based on the set of criteria developed by the researchers and developers in the requirements engineering community in order to measure the success rate of the requirements engineering techniques after their implementation in the various system development projects. This set of criteria has already been introduced in chapter 5. This critical assessment includes conducting a questionnaire based survey and descriptive statistical analysis. In chapter 8, the requirements engineering techniques tested in the CIE case study developments are composed and compiled into a requirements engineering process in the light of the strengths and the weaknesses identified in the previous chapter through benchmarking with a Capability Maturity Model (CMM) to ensure that it has the required level of maturity for implementation in the CIE systems developments. As a result of this chapter, a framework for a generic requirements engineering process for CIE systems development will be proposed. In chapter 9, the authors will discuss the acceptance and the wider implications of the proposed framework of requirements engineering process using the CMM from chapter 8 and the key issues from chapter 5. Chapter 10 is the concluding chapter and it summarizes the findings and brings the book to a close with recommendations for the implementation of the Proposed RE framework and also prescribes a guideline as a way forward for better implementation of requirements engineering for successful developments of the CIE systems in the future

Integrating macro and micro hierarchical task analyses to embed new medical devices in complex systems

The introduction of new medical devices (technologies) into complex systems usually includes usability evaluation (formative and summative) using Human Factors (Engineering) methods. This paper outlines the use of Hierarchical Task Analysis (HTA) to not only look at usability but also consider implementation in a complex system. Firstly, the macro system is mapped as a process model for a complex field exercise (simulation) for prehospital care following a chemical incident; and secondly the individual human-medical device interface is analyzed. This allows the two outputs to be integrated by combining the macro systems modelling and micro product interactions. It provides an example of using HTA to support implementation of new devices and technologies in complex healthcare systems

Requirements engineering for business workflow systems: a scenario-based approach

Workflow implementations require a deep understanding of business and human cooperation. Several approaches have been proposed to address this need for understanding, but largely in a descriptive way. Attempts to use them in software development have had mixed results. The work reported here proposes that these approaches can be used in a generative way, as part of the requirement engineering process, by (a) extending requirements engineering modelling techniques with underlying cooperation properties, (b) integrating these techniques through the use of a derivation modelling approach, and (c) providing pragmatic heuristics and guidelines that support the real-world requirements engineering practitioner to ensure a high probability of success for the business workflow system to be developed. This thesis develops and evaluates a derivation modelling approach that is based on scenario modelling. It supports clear and structured views of cooperation properties, and allows the derivation of articulation protocols from business workflow models in a scenario-driven manner. This enables requirements engineering to define how the expectations of the cooperative situation are to be fulfilled by the system to be built - a statement of requirements for business workflow systems that reflects the richness of these systems, but also acts as a feasible starting point for development. The work is evaluated through a real-world case study of business workflow management. The main contribution of this work is a demonstration that the above problems in modelling requirements for business workflow systems can be addressed by scenario-based derivation modelling approach. The method transforms models through a series of properties involving cooperation, which can be addressed by using what are effectively extensions of current requirements engineering methods

Assessing system of systems information security risk with OASoSIS.

The term System of Systems (SoS) is used to describe the coming together of independent systems, collaborating to achieve a new or higher purpose. However, the SoS concept is often misunderstood within operational environments, providing challenges towards the secure design and operation of SoSs. Limitations in existing literature indicates a need for discovery towards identifying a combination of concepts, models, and techniques suitable for assessing SoS security risk and related human factor concerns for SoS Requirements Engineering. In this article, we present OASoSIS, representing an information security risk assessment and modelling process to assist risk-based decision making in SoS Requirements Engineering. A characterisation process is introduced to capture the SoS context, supporting a SoS security risk assessment process that extends OCTAVE Allegro towards a SoS context. Resulting risk data provides a focused means to assess and model the SoS information security risk and related human factors, integrating tool-support using CAIRIS. A medical evacuation SoS case study scenario was used to test, illustrate, and validate the alignment of concepts, models, and techniques for assessing SoS information security risks with OASoSIS, where findings provide a positive basis for future work

An investigation into inductive parameter learning in complex hierarchical knowledge structures representing clinical expertise

This dissertation investigates the very important and current problem of modelling human expertise. This is an apparent issue in any computer system emulating human decision making. It is prominent in Clinical Decision Support Systems (CDSS) due to the complexity of the induction process and the vast number of parameters in most cases. Other issues such as human error and missing or incomplete data present further challenges. In this thesis, the Galatean Risk Screening Tool (GRiST) is used as an example of modelling clinical expertise and parameter elicitation. The tool is a mental health clinical record management system with a top layer of decision support capabilities. It is currently being deployed by several NHS mental health trusts across the UK. The aim of the research is to investigate the problem of parameter elicitation by inducing them from real clinical data rather than from the human experts who provided the decision model. The induced parameters provide an insight into both the data relationships and how experts make decisions themselves. The outcomes help further understand human decision making and, in particular, help GRiST provide more accurate emulations of risk judgements. Although the algorithms and methods presented in this dissertation are applied to GRiST, they can be adopted for other human knowledge engineering domains

Modelling Socio-Technical Aspects of Organisational Security

Identification of threats to organisations and risk assessment often take into consideration the pure technical aspects, overlooking the vulnerabilities originating from attacks on a social level, for example social engineering, and abstracting away the physical infrastructure. However, attacks on organisations are far from being purely technical. After all, organisations consist of employees. Often the human factor appears to be the weakest point in the security of organisations. It may be easier to break through a system using a social engineering attack rather than a pure technological one. The StuxNet attack is only one of the many examples showing that vulnerabilities of organisations are increasingly exploited on different levels including the human factor. There is an urgent need for integration between the technical and social aspects of systems in assessing their security. Such an integration would close this gap, however, it would also result in complicating the formal treatment and automatic identification of attacks. This dissertation shows that applying a system modelling approach to sociotechnical systems can be used for identifying attacks on organisations, which exploit various levels of the vulnerabilities of the systems. In support of this claim we present a modelling framework, which combines many features. Based on a graph, the framework presents the physical infrastructure of an organisation, where actors and data are modelled as nodes in this graph. Based on the semantics of the underlying process calculus, we develop a formal analytical approach that generates attack trees from the model. The overall goal of the framework is to predict, prioritise and minimise the vulnerabilities in organisations by prohibiting the overall attack or at least increasing the difficulty and cost of fulfilling it. We validate our approach using scenarios from IPTV and Cloud Infrastructure case studies

Teaching Systems Thinking and System Dynamics in Engineering, Ecology and Environmental Sciences: A Concise Course Based on the Water Management and Population Dynamics Models

Systems Thinking and adequate modelling skills related to System Dynamics (SD) are essential for sustainable functioning of human society. The process of learning these skills can be considerably facilitated through hands-on experience with modern interactive tools in a play-like activity. Here we present a concise hands-on course on SD Modelling and Systems Thinking, give a brief description of its teaching materials (available online for free download), and discuss its potential developments, overall relevance and further implications. The course contains a session on ‘Systems Thinking’, and two hands-on sessions aiming to provide basic and more advanced modelling skills. Central to the latter are the examples of structural modifications for the Ebbsfleet Garden City water management model. The model represents complex processes associated with a multitude of interconnected social, technical and environmental issues. This publication provides both an important update of this model incorporating a dimensional analysis and the hands-on teaching support designed to aid knowledge transfer. It is envisaged that, with modifications, this freely downloadable course could be of use for modules related to a wide range of fundamental and applied disciplines, including e.g., Ecology, Geography, Engineering, Social and Environmental Sciences. It is expected that University students and other users will not only benefit from enhancing their understanding of the complexity of the specific problems considered by the examples used, but will also gain valuable basic system modelling skills through ‘learning by doing’. The teaching materials presented here may be particularly useful for environmental projects involving participatory approaches

An information security risk-driven investment model for analysing human factors

Modern organisational structure and risk management model are characterised by a wide range of forces including the role of human factors which combine to create an unprecedented level of uncertainty and exposure to information security risk, investment and decision making process. Developing a risk-driven investment model for information security systems with consideration of subjective nature of critical human factors, is a challenging task. The overall success of an information security system depends on analysis of the risks and threats so that appropriate protection mechanism can be in place to protect them. However, lack of appropriate analysis of such dependencies and understanding potentially results in information security systems to fail or to fully achieve their that depend on them. Existing literature does not provide adequate guidelines for a systematic process or an appropriate modelling language to support such analysis. This paper fills this gap by introducing a process that allows information security managers to capture possible riskinvestment relationships and to reason about them. The process is supported by a modelling language based on a set of concepts relating to trust and control and secure tropos and requirements engineering. In order to demonstrate the applicability and usefulness of the approach a descriptive example from an UK organisation is used. Keywords: Information Security (IS), Information Security Risk-Driven Investment Model (RIDIM), Risk, Social Engineering Attacks (SEAs), Security Investment (SI), Return On Investment in Information Security (ROISI)