Architecture-based Qualitative Risk Analysis for Availability of IT Infrastructures

An IT risk assessment must deliver the best possible quality of results in a time-effective way. Organisations are used to customise the general-purpose standard risk assessment methods in a way that can satisfy their requirements. In this paper we present the QualTD Model and method, which is meant to be employed together with standard risk assessment methods for the qualitative assessment of availability risks of IT architectures, or parts of them. The QualTD Model is based on our previous quantitative model, but geared to industrial practice since it does not require quantitative data which is often too costly to acquire. We validate the model and method in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results w.r.t. the goals of the stakeholders of the system. We also perform a review of the most popular standard risk assessment methods and an analysis of which one can be actually integrated with our QualTD Model

A decision support methodology to enhance the competitiveness of the Turkish automotive industry

This is the post-print (final draft post-refereeing) version of the article. Copyright @ 2013 Elsevier B.V. All rights reserved.Three levels of competitiveness affect the success of business enterprises in a globally competitive environment: the competitiveness of the company, the competitiveness of the industry in which the company operates and the competitiveness of the country where the business is located. This study analyses the competitiveness of the automotive industry in association with the national competitiveness perspective using a methodology based on Bayesian Causal Networks. First, we structure the competitiveness problem of the automotive industry through a synthesis of expert knowledge in the light of the World Economic Forum’s competitiveness indicators. Second, we model the relationships among the variables identified in the problem structuring stage and analyse these relationships using a Bayesian Causal Network. Third, we develop policy suggestions under various scenarios to enhance the national competitive advantages of the automotive industry. We present an analysis of the Turkish automotive industry as a case study. It is possible to generalise the policy suggestions developed for the case of Turkish automotive industry to the automotive industries in other developing countries where country and industry competitiveness levels are similar to those of Turkey

Collaborative support for distributed design

A number of large integrated projects have been funded by the European Commission within both FP5 and FP6 that have aimed to develop distributed design solutions within the shipbuilding industry. VRShips-ROPAX was funded within FP5 and aimed to develop a platform to support distributed through-life design of a ROPAX (roll-on passenger) ferry. VIRTUE is an FP6 funded project that aims to integrate distributed virtual basins within a platform that allows a holistic Computational Fluid Dynamics (CFD) analysis of a ship to be undertaken. Finally, SAFEDOR is also an FP6 funded project that allows designers to perform distributed Risk-Based Design (RBD) and simulation of different types of vessels. The projects have a number of commonalities: the designers are either organisationally or geographically distributed; a large amount of the design and analysis work requires the use of computers, and the designers are expected to collaborate - sharing design tasks and data. In each case a Virtual Integration Platform (VIP) has been developed, building on and sharing ideas between the projects with the aim of providing collaborative support for distributed design. In each of these projects the University of Strathclyde has been primarily responsible for the development of the associated VIP. This paper describes each project in terms of their differing collaborative support requirements, and discusses the associated VIP in terms of the manner that collaborative support has been provided

Evaluating the Provision of Botnet Defences using Translational Research Concepts.

Botnet research frequently draws on concepts from other fields. An example is the use of epidemiological models when studying botnet propagation, which facilitate an understanding of bot spread dynamics and the exploration of behavioural theory. Whilst the literature is rich with these models, it is lacking in work aimed at connecting the insights of theoretical research with day-to-day practice. To address this, we look at botnets through the lens of implementation science, a discipline from the field of translational research in health care, which is designed to evaluate the implementation process. In this paper, we explore key concepts of implementation science, and propose a framework-based approach to improve the provision of security measures to network entities. We demonstrate the approach using existing propagation models, and discuss the role of implementation science in malware defence

Using ERP as a basis for Enterprise application integration

Architecting and implementing e-Business supply chain solutions across and within the modern day enterprise, is now becoming a necessity in order to maintain competitive and be adaptable to market needs. As such, the integration of information and processes is a vital step, using technologies such as using Enterprise Resource Planning (ERP), Supply Chain Management (SCM) and enterprise portal platforms. The effective sharing of resource planning and other enterprise related data across and within the enterprise is typically seen as a facet of a business to business (B2B) platform. However, such infrastructures typically involve a tight integration across intra and inter-organisational systems. This paper examines an Enterprise Application Integration (EAI) initiative taken by a global manufacturer of industrial automation products, which attempted to utilise ERP as an integration tool across its internal B2B infrastructure, to achieve such an aim. This paper discusses those integration considerations and complexities, experienced by the case company upon embarking on an EAI integration programme through the adoption of a core ERP as a catalyst for organizational change. In doing so the authors present an analysis of the inherent risks and limitations of this approach in terms of previously published literature in the field, relating to technology-driven organizational change and EAI impact and adoption frameworks

Quantify resilience enhancement of UTS through exploiting connect community and internet of everything emerging technologies

This work aims at investigating and quantifying the Urban Transport System (UTS) resilience enhancement enabled by the adoption of emerging technology such as Internet of Everything (IoE) and the new trend of the Connected Community (CC). A conceptual extension of Functional Resonance Analysis Method (FRAM) and its formalization have been proposed and used to model UTS complexity. The scope is to identify the system functions and their interdependencies with a particular focus on those that have a relation and impact on people and communities. Network analysis techniques have been applied to the FRAM model to identify and estimate the most critical community-related functions. The notion of Variability Rate (VR) has been defined as the amount of output variability generated by an upstream function that can be tolerated/absorbed by a downstream function, without significantly increasing of its subsequent output variability. A fuzzy based quantification of the VR on expert judgment has been developed when quantitative data are not available. Our approach has been applied to a critical scenario (water bomb/flash flooding) considering two cases: when UTS has CC and IoE implemented or not. The results show a remarkable VR enhancement if CC and IoE are deploye

SafeWeb: A Middleware for Securing Ruby-Based Web Applications

Web applications in many domains such as healthcare and finance must process sensitive data, while complying with legal policies regarding the release of different classes of data to different parties. Currently, software bugs may lead to irreversible disclosure of confidential data in multi-tier web applications. An open challenge is how developers can guarantee these web applications only ever release sensitive data to authorised users without costly, recurring security audits. Our solution is to provide a trusted middleware that acts as a “safety net” to event-based enterprise web applications by preventing harmful data disclosure before it happens. We describe the design and implementation of SafeWeb, a Ruby-based middleware that associates data with security labels and transparently tracks their propagation at different granularities across a multi-tier web architecture with storage and complex event processing. For efficiency, maintainability and ease-of-use, SafeWeb exploits the dynamic features of the Ruby programming language to achieve label propagation and data flow enforcement. We evaluate SafeWeb by reporting our experience of implementing a web-based cancer treatment application and deploying it as part of the UK National Health Service (NHS)

Crisis in Indian microfinance and a way forward: governance reforms and the Tamil Nadu model

In recent months, microfinance practitioners worldwide have been holding their breath over events unfolding in India. Beginning in summer 2010 with controversies surrounding the IPO of SKS, a large microfinance institution (MFI) and a major player in the market, the crisis subsequently exacerbated in the state of Andhra Pradesh, with borrowers defaulting on payments and taking their lives. Echoed by the media, hostility to microfinance rose to unprecedented levels and some politicians even encouraged borrowers not to pay back their micro-loans. In fear of deterioration of MFIs’ financial solidity, numerous banks suspended flows of funds to them, leaving them severely cash-strapped. Yet until recently, Indian MFIs were widely praised for their contribution to the fight against poverty. By providing financial services to low-income clients, particularly women who would otherwise have limited or no access to them, microfinance has enabled them to develop small businesses and to reduce the volatility of their incomes. Even tiny loans have often been sufficient to empower the Indian poor. How, then, can the current turbulence be explained? Our study of microfinance in India, now at the end of its second year, addresses these concerns in a twofold way. First, it has extended from the study of a single, focal partner institution to a more global picture of the whole set of inter-organisational partnerships that relate MFIs to relevant stakeholders and regulators; as such, it is best positioned to bring to light systemic issues and to identify suitable policy responses. Second, our analysis focuses on the state of Tamil Nadu, geographically close to Andhra Pradesh and similar to it in terms of size and maturity of the microfinance market, but where the crisis has not spread. It thus enables to identify differences in the operations of MFIs in the two states which, despite a common landscape, may explain their differential capacity to achieve financial and social performance. On this basis, our analysis aims to contribute to the definition of a more sustainable model of microfinance, possibly to be extended to other parts of India