The Sox Compliant Sap Security Implementation

The reality of the Sarbanes-Oxley Act, is that it is among the most visible and farreaching regulations that organizations face today. Failure to comply can result in significant loss of market capitalization and shareholder trust, as well as criminal liability for corporate executives. In this thesis the author focused on the implementation of SAP security software including the development of several ongoing production environments that will have a formalized security strategy to achieve SOX compliance. Spacely Chemicals, just as many other SAP customers understands the importance of SOX compliance. In the past Spacely Chemicals has not implemented the appropriate policies to enforce procedures within the business that would easily allow for IT controls and audit of the existing SAP R/3 application. This thesis includes the SPACELY Chemicals implementation of the latest suite of SAP applications. SAP is complex software that offers many levels of security design and control options. It will also cover procedures for securing SAP systems and their external interfaces, focusing primarily on scenarios for user and role maintenance. It discusses user maintenance procedures and documented for issues relative to requesting changes to user access because of job change, project responsibility change and employee or contractor terminations. In addition, role maintenance procedures are documented including the security architectural role strategy, naming conventions and procedures for identifying ownership and approvals for all security components. Both user maintenance and role maintenance procedures pay particular attention to ensuring the requirement for segregation of duties (SOD) and SOX compliance is not jeopardized. The application security implementation will be outlined and defined through appropriate controls such as policies and procedures. The procedures for managing the level of access granted to users and managing the level of access in job roles must be outlined through policies as well. By following the guidelines and recommendations from the Control Objectives for Information and Related Technologies (COBIT), the SAP applications discussed in this thesis will help SAP customers meet and maintain SOX compliance

Adaptive decision support for suggesting a machine tool maintenance strategy: from reactive to preventative

Purpose -- To produce a decision support aid for machine tool owners to utilise while deciding upon a maintenance strategy. Furthermore, the decision support tool is adaptive and capable of suggesting different strategies by monitoring for any change in machine tool manufacturing accuracy. Design/methodology/approach -- A maintenance cost estimation model is utilised within the research and development of this decision support system. An empirical-based methodology is pursued and validated through case study analysis. Findings -- A case study is provided where a schedule of preventative maintenance actions is produced to reduce the need for the future occurrences of reactive maintenance actions based on historical machine tool accuracy information. In the case-study, a 28% reduction in predicted accuracy-related expenditure is presented, equating to a saving of £14k per machine over a five year period. Research limitations/implications -- The emphasis on improving machine tool accuracy and reducing production costs is increasing. The presented research is pioneering in the development of a software-based tool to help reduce the requirement on domain-specific expert knowledge. Originality/value -- The paper presents an adaptive decision support system to assist with maintenance strategy selection. This is the first of its kind and is able to suggest a preventative strategy for those undertaking only reactive maintenance. This is of value for both manufacturers and researchers alike. Manufacturers will benefit from reducing maintenance costs, and researchers will benefit from the development and application of a novel decision support technique

Preserving the Quality of Architectural Tactics in Source Code

In any complex software system, strong interdependencies exist between requirements and software architecture. Requirements drive architectural choices while also being constrained by the existing architecture and by what is economically feasible. This makes it advisable to concurrently specify the requirements, to devise and compare alternative architectural design solutions, and ultimately to make a series of design decisions in order to satisfy each of the quality concerns. Unfortunately, anecdotal evidence has shown that architectural knowledge tends to be tacit in nature, stored in the heads of people, and lost over time. Therefore, developers often lack comprehensive knowledge of underlying architectural design decisions and inadvertently degrade the quality of the architecture while performing maintenance activities. In practice, this problem can be addressed through preserving the relationships between the requirements, architectural design decisions and their implementations in the source code, and then using this information to keep developers aware of critical architectural aspects of the code. This dissertation presents a novel approach that utilizes machine learning techniques to recover and preserve the relationships between architecturally significant requirements, architectural decisions and their realizations in the implemented code. Our approach for recovering architectural decisions includes the two primary stages of training and classification. In the first stage, the classifier is trained using code snippets of different architectural decisions collected from various software systems. During this phase, the classifier learns the terms that developers typically use to implement each architectural decision. These ``indicator terms\u27\u27 represent method names, variable names, comments, or the development APIs that developers inevitably use to implement various architectural decisions. A probabilistic weight is then computed for each potential indicator term with respect to each type of architectural decision. The weight estimates how strongly an indicator term represents a specific architectural tactics/decisions. For example, a term such as \emph{pulse} is highly representative of the heartbeat tactic but occurs infrequently in the authentication. After learning the indicator terms, the classifier can compute the likelihood that any given source file implements a specific architectural decision. The classifier was evaluated through several different experiments including classical cross-validation over code snippets of 50 open source projects and on the entire source code of a large scale software system. Results showed that classifier can reliably recognize a wide range of architectural decisions. The technique introduced in this dissertation is used to develop the Archie tool suite. Archie is a plug-in for Eclipse and is designed to detect wide range of architectural design decisions in the code and to protect them from potential degradation during maintenance activities. It has several features for performing change impact analysis of architectural concerns at both the code and design level and proactively keep developers informed of underlying architectural decisions during maintenance activities. Archie is at the stage of technology transfer at the US Department of Homeland Security where it is purely used to detect and monitor security choices. Furthermore, this outcome is integrated into the Department of Homeland Security\u27s Software Assurance Market Place (SWAMP) to advance research and development of secure software systems

Improving the Functionality of Water Investments in the Drylands: Learning from Kenya’s County Climate Change Fund

Kenya’s County Climate Change Fund (CCCF) is financing public good investments focused on the water sector to increase the resilience of communities to climate change. In the drylands, investments in water are critical for water and food security, yet ensuring the functionality and sustainability of water investments remains an ongoing challenge. This paper assesses the functionality and sustainability of 62 CCCF water investments in five dryland counties (Isiolo, Wajir, Garissa, Kitui and Makueni) in Kenya through a functionality survey and stakeholder workshops. The survey was designed based on a review of studies assessing the functionality of water supply systems. Across the five counties, 62.9% of investments were functional compared to 37.1% non- or partially-functional. The main factors that contributed to non- and partially functional investments were poor siting, poor design and workmanship, damage due to vandalisation, and lack of repairs and maintenance. Exploring the underlying causes of poor functionality revealed a complex mixture of technical, social, institutional, environmental and governance deficiencies. To improve the functionality and sustainability of water investments, especially as the CCCF is scaled out further in Kenya, emphasis on the ‘hardware’ aspects and establishing new water points, should shift towards operation and maintenance (O&M), rehabilitation of existing water points, improved governance, monitoring and evaluation (M&E), and other ‘software’ aspects

A reference architecture for flexibly integrating machine vision within manufacturing

A reference architecture provides an overall framework that may embrace models, methodologies and mechanisms which can support the lifecycle of their target domain. The work described in this thesis makes a contribution to establishing such a generally applicable reference architecture for supporting the lifecycIe of a new generation of integrated machine vision systems. Contemporary machine vision systems consist of a complex combination of mechanical engineering, the hardware and software of an electronic processor, plus optical, sensory and lighting components. "This thesis is concerned with the structure of the software which characterises the system application. The machine vision systems which are currently used within manufacturing industry are difficult to integrate within the information systems required within modem manufacturing enterprises. They are inflexible in all but the execution of a range of similar operations, and their design and implementation is often such that they are difficult to update in the face of the required change inherent within modem manufacturing. The proposed reference architecture provides an overall framework within which a number of supporting models, design methodologies, and implementation mechanisms can combine to provide support for the rapid creation and maintenance of highly structured machine vision applications. These applications comprise modules which can be considered as building blocks of CIM systems. Their integrated interoperation can be enabled by the emerging infrastructural tools which will be required to underpin the next generation of flexibly integrated manufacturing systems. The work described in this thesis concludes that the issues of machine vision applications and the issues of integration of these applications within manufacturing systems are entirely separate. This separation is reflected in the structure of the thesis. PART B details vision application issues while PAIIT C deals with integration. The criteria for next generation integrated machine vision systems, derived in PART A of the thesis, are extensive. In order to address these criteria and propose a complete architecture, a "thin slice" is taken through the areas of vision application, and integration at the lifecycle stages of design, implementation, runtime and maintenance. The thesis describes the reference architecture, demonstrates its use though a proof of concept implementation and evaluates the support offered by the architecture for easing the problems of software change

Adaptive development and maintenance of user-centric software systems

A software system cannot be developed without considering the various facets of its environment. Stakeholders – including the users that play a central role – have their needs, expectations, and perceptions of a system. Organisational and technical aspects of the environment are constantly changing. The ability to adapt a software system and its requirements to its environment throughout its full lifecycle is of paramount importance in a constantly changing environment. The continuous involvement of users is as important as the constant evaluation of the system and the observation of evolving environments. We present a methodology for adaptive software systems development and maintenance. We draw upon a diverse range of accepted methods including participatory design, software architecture, and evolutionary design. Our focus is on user-centred software systems

Preliminary design of eddy current brake to improve sustainable mobility

In recent years, the need to reduce CO2 emissions has developed a change in the transport sector. E-mobility is emerging as a zero-emissions way of travel, but not only the combustion engine produces emission. In fact, a significant part of the vehicle's total pollution is produced by tires and conventional brakes. The eddy current brake is a possible alternative to the well-known mechanical brake to obtain zero-emissions braking with low maintenance. This type of brake converts the vehicle's kinetic energy into thermal energy through the magnetic generation of the eddy currents, which generate Lorentz braking forces. This paper proposes a preliminary design of a zero-emission eddy current brake with a first geometry variation to increase the brake performance, that has been evaluated with an analytical approach and EMS by EMWorks, a 3D finite element method magnetic software able to calculate brake torque and electromagnetic effects

Designing and Documenting the Behavior of Software

The development and maintenance of today's software systems is an increasingly effort-consuming and error-prone task. A major cause of this problem is the lack of formal and human-readable documentation of software design. In practice, software design is often informally documented (e.g. texts in a natural language, `boxes-and-arrows' diagrams without well-defined syntax and semantics, etc.), or not documented at all. Therefore, the design cannot be properly communicated between software engineers, it cannot be formally analyzed, and the conformance of an implementation to the design cannot be formally verified.\ud \ud In this chapter, we address this problem for the design and documentation of the behavior implemented in procedural programs. We introduce a solution that consists of three components: The first component is a graphical language called VisuaL, which enables engineers to specify constraints on the possible sequences of function calls from a given program. Since the specifications may be inconsistent with each other, the second component of our solution is a tool called CheckDesign, which automatically\ud verifies the consistency between multiple specifications written in VisuaL. The third component is a tool called CheckSource, which automatically verifies that a given implementation conforms to the corresponding specifications written in VisuaL.\ud \ud This solution has been evaluated empirically through controlled experiments with 71 participants: 23 professional developers of ASML, and 49 Computer Science M.Sc. students. These experiments showed that, with statistical significance of 0.01, the solution reduced the effort of typical maintenance tasks by 75% and\ud prevented one error per 140 lines of source code