A Design Theory for Secure Semantic E-Business Processes (SSEBP)

This dissertation develops and evaluates a Design theory. We follow the design science approach (Hevener, et al., 2004) to answer the following research question: "How can we formulate a design theory to guide the analysis and design of Secure Semantic eBusiness processes (SSeBP)?" Goals of SSeBP design theory include (i) unambiguously represent information and knowledge resources involved in eBusiness processes to solve semantic conflicts and integrate heterogeneous information systems; (ii) analyze and model business processes that include access control mechanisms to prevent unauthorized access to resources; and (iii) facilitate the coordination of eBusiness process activities-resources by modeling their dependencies. Business processes modeling techniques such as Business Process Modeling Notation (BPMN) (BPMI, 2004) and UML Activity Diagrams (OMG, 2003) lack theoretical foundations and are difficult to verify for correctness and completeness (Soffer and Wand, 2007). Current literature on secure information systems design methods are theoretically underdeveloped and consider security as a non-functional requirement and as an afterthought (Siponen et al. 2006, Mouratidis et al., 2005). SSeBP design theory is one of the first attempts at providing theoretically grounded guidance to design richer secure eBusiness processes for secure and coordinated seamless knowledge exchange among business partners in a value chain. SSeBP design theory allows for the inclusion of non-repudiation mechanisms into the analysis and design of eBusiness processes which lays the foundations for auditing and compliance with regulations such as Sarbanes-Oxley. SSeBP design theory is evaluated through a rigorous multi-method evaluation approach including descriptive, observational, and experimental evaluation. First, SSeBP design theory is validated by modeling business processes of an industry standard named Collaborative Planning, Forecasting, and Replenishment (CPFR) approach. Our model enhances CPFR by incorporating security requirements in the process model, which is critically lacking in the current CPFR technical guidelines. Secondly, we model the demand forecasting and capacity planning business processes for two large organizations to evaluate the efficacy and utility of SSeBP design theory to capture the realistic requirements and complex nuances of real inter-organizational business processes. Finally, we empirically evaluate SSeBP, against enhanced Use Cases (Siponen et al., 2006) and UML activity diagrams, for informational equivalence (Larkin and Simon, 1987) and its utility in generating situational awareness (Endsley, 1995) of the security and coordination requirements of a business process. Specific contributions of this dissertation are to develop a design theory (SSeBP) that presents a novel and holistic approach that contributes to the IS knowledge base by filling an existing research gap in the area of design of information systems to support secure and coordinated business processes. The proposed design theory provides practitioners with the meta-design and the design process, including the system components and principles to guide the analysis and design of secure eBusiness processes that are secure and coordinated

Back to practice, a decade of research in E-government

E-government is a multidisciplinary field of research based initially on empirical insights from practice. Efforts to theoretically found the field have opened perspectives from multiple research domains. The goal of this chapter is to review evolution of the e-government field from an institutional and an academic point of view. Our position is that e-government is an emergent multidisciplinary field of research in which focus on practice is a prominent characteristic. Each chapter of the book is then briefly presented and is positioned according to a vision of the e-government domain of research.E-government, Case study, E-administration, Public domain

How actors move from primary agency to institutional agency: A conceptual framework and empirical application

This article contributes to the understanding of actors and agency in the theorization of institutional work. We analyse institutional work as a specific kind of social action that involves exercising institutional agency (with an articulate awareness of institutions) as opposed to primary agency (taking institutions for granted). We propose a conceptual framework for combining a view of actors, who have agency and may engage in institutional work, with a view of actors as socially constructed, in line with critical-realist ontology. Applying this framework to the empirical case of the Spanish social movement 15M, we examine how actors moved from having primary agency to having institutional agency and how organization mattered for this process. We find that organizing by experienced organizers, the founding of new organizations and prefigurative organization were of crucial importance for the increase in institutional agency

A characteristics framework for Semantic Information Systems Standards

Semantic Information Systems (IS) Standards play a critical role in the development of the networked economy. While their importance is undoubted by all stakeholders—such as businesses, policy makers, researchers, developers—the current state of research leaves a number of questions unaddressed. Terminological confusion exists around the notions of “business semantics”, “business-to-business interoperability”, and “interoperability standards” amongst others. And, moreover, a comprehensive understanding about the characteristics of Semantic IS Standards is missing. The paper addresses this gap in literature by developing a characteristics framework for Semantic IS Standards. Two case studies are used to check the applicability of the framework in a “real-life” context. The framework lays the foundation for future research in an important field of the IS discipline and supports practitioners in their efforts to analyze, compare, and evaluate Semantic IS Standard

Ontology in Information Security

The past several years we have witnessed that information has become the most precious asset, while protection and security of information is becoming an ever greater challenge due to the large amount of knowledge necessary for organizations to successfully withstand external threats and attacks. This knowledge collected from the domain of information security can be formally described by security ontologies. A large number of researchers during the last decade have dealt with this issue, and in this paper we have tried to identify, analyze and systematize the relevant papers published in scientific journals indexed in selected scientific databases, in period from 2004 to 2014. This paper gives a review of literature in the field of information security ontology and identifies a total of 52 papers systematized in three groups: general security ontologies (12 papers), specific security ontologies (32 papers) and theoretical works (8 papers). The papers were of different quality and level of detail and varied from presentations of simple conceptual ideas to sophisticated frameworks based on ontology

Ontology in modernity risks

Master's thesis in Risk management and societal safetySocietal security is a concept of increasing significance. It is tightly connected to risk, since both concepts deal with the future. The understanding of risk is crucial in risk assessment, because it constitute the basis for legislation, control and regulation. Ontology is essential, because different ontological foundations will be materialized in different understandings of risk, risk assessment, risk management and thus appear as different ontological foundation for societal risk governance. Thus my research questions are “What is the significance of ontological foundation in risk science? How does relational ontology impact risk assessment and risk management?” In socio-technical research, objective or subjective ontology dominates. Relational ontology often is absent, which contributes to reductionistic risk assessment. Modernity risks are, however, a relational phenomenon, and must be understood accordingly. Analysis of the theory of the Risk Society illustrates how different ontologies capture different aspects of modernity risks. Clearly the relational aspect is “visible” by revealing the structuration between the structure and actor; where the structure is internalized in the actor, while the actors produce and maintain the structure. Modernity risks are the products of structuration. This has implications for risk assessment and risk management by connotations to risks. Connotations are a product of structuration and constitute different building blocks with patterns of thoughts about risks which are established by objective physical and social structures, subjective preferences and relational structuration. The size and content of the building blocks connotations consist of depend on what risks are involved and constitute a pattern which is socially constructed and appear as implicit guidelines for how to assess and manage risks. Connotations are thus important to make explicit and understand the constructions of societal regulation and control and to understand the production of modernity risks, which can appear as a result of inadequate connotations of risk. The interesting processes are therefore elements that lie behind and beyond the explicit expressed. These elements are relational and thus have to be assessed in a relational ontology to capture the structuration. Research which catches the structuration can elaborate and make visible the structuration and thus increase the consciousness for how risk appears, as well as the construction of risk assessment and risk management. Of special interest are connotations for important decision-makers in society, which influences the societal risk governance. Connotations as a relational phenomenon are thus essential in risk science. In brief, ontological foundations in risk science are crucial guidelines for how to understand risk, develop risk assessments, and advance risk management. The relational ontology can capture the structuration between the structure and the actor, and uncover connotations of risks. This can extend the knowledge of how certain risk assessments are constructed and how they affect risk management. For further research there is a need to empirical investigate the significance of connotations in risk assessment, and to develop methods of uncovering these connotations

Intelligent IT Governance Platform: Strategic level

The objective of this work is the implementation of a new IT governance platform adaptable to any type of Information system architecture and any kind of business. The proposed platform is intelligent and independent to understand the business needs continuously changing, is distributed to involve all stakeholders and heterogeneous components, and scalable to accumulate the know-how of the company's IT Governance through a learning asset

Semantic discovery and reuse of business process patterns

Patterns currently play an important role in modern information systems (IS) development and their use has mainly been restricted to the design and implementation phases of the development lifecycle. Given the increasing significance of business modelling in IS development, patterns have the potential of providing a viable solution for promoting reusability of recurrent generalized models in the very early stages of development. As a statement of research-in-progress this paper focuses on business process patterns and proposes an initial methodological framework for the discovery and reuse of business process patterns within the IS development lifecycle. The framework borrows ideas from the domain engineering literature and proposes the use of semantics to drive both the discovery of patterns as well as their reuse