Actor perception in business use case modeling

Mainstream literature recognizes the validity and effectiveness of use cases as a technique for gathering and capturing system requirements. Use cases represent the driver of various modern development methods, mainly of object-oriented extraction, such as the Unified Process. Although the adoption of use cases proliferated in the context of software systems development, they are not as extensively employed in business modeling . The concept of business use case is not a novelty, but only recently did it begin to re-circulate in the literature and in case tools. This paper examines the issues involved in adopting business use cases for capturing the functionality of an organization and proposes guidelines for their identification, packaging, and mapping to system use cases. The proposed guidelines are based on the principle of actor perception described in the paper. The application of this principle is exemplified with a worked example aimed at demonstrating the utility of the proposed guidelines and at clarifying the application of the principle of actor perception. The worked example is based on a series of workshops run at a major UK financial institution

A taxonomy of asymmetric requirements aspects

The early aspects community has received increasing attention among researchers and practitioners, and has grown a set of meaningful terminology and concepts in recent years, including the notion of requirements aspects. Aspects at the requirements level present stakeholder concerns that crosscut the problem domain, with the potential for a broad impact on questions of scoping, prioritization, and architectural design. Although many existing requirements engineering approaches advocate and advertise an integral support of early aspects analysis, one challenge is that the notion of a requirements aspect is not yet well established to efficaciously serve the community. Instead of defining the term once and for all in a normally arduous and unproductive conceptual unification stage, we present a preliminary taxonomy based on the literature survey to show the different features of an asymmetric requirements aspect. Existing approaches that handle requirements aspects are compared and classified according to the proposed taxonomy. In addition,we study crosscutting security requirements to exemplify the taxonomy's use, substantiate its value, and explore its future directions

Assessment framework for a methodology under development – Application to the PDA methodology

This paper presents an assessment framework for methodologies under development. It is adapted from the evaluation framework for the design of an engineering model developed by Ben Ahmed and colleagues [1]. The assessment framework allows to take into account in a systematic way characteristics (that is, main categories or classes of potential requirements) that are of importance for the assessment of the quality a methodology, beyond effectiveness and efficiency. The framework is intended to be employed similarly to engineering design requirements checklists: ensuring first that no important characteristics are left out; deriving from these characteristics more specific requirements when necessary; using these characteristics or the derived requirements both to drive the development of the methodology and as evaluation criteria to assess the elements of the developed methodology. These characteristics can then be screened again as the methodology is improved. As the methodology is being developed, the assessments can go from wide and qualitative to more stringent. The framework is applied to assess the predictive design analysis (PDA) methodology.[1] Ben Ahmed, W., Mekhilef, M., Yannou, B., and Bigand, M., (2010), "Evaluation framework for the design of an engineering model", Artificial Intelligence for Engineering Design, Analysis and Manufacturing, 24(1), pp. 107-125

The functions of visual management

Visual Management has been evolving and effectively employed in some manufacturing and service organisations for a long time. In order to facilitate a cross-industrial learning process and to advance in detailed research the understanding of how the Visual Management concept may serve in an organisation is necessary. The aim of this paper is to identify Visual Management functions and the theoretical base for the construction industry. A detailed literature review and an analysis of the findings were performed accordingly. The necessity of a holistic approach in order to make more use of the Visual Management process and some research opportunities were identified

Towards an Intellectual Property Rights Strategy for Innovation in Europe

On October 13, 2009 the Science and Technology Options Assessment Panel (STOA) together with Knowledge4Innovation/The Lisbon Forum, supported by Technopolis Consulting Group and TNO, organised a half-day workshop entitled ‘Towards an Intellectual Property Rights Strategy for Innovation in Europe’. This workshop was part of the 1st European Innovation Summit at the European Parliament which took place on 13 October and 14 October 2009. It addressed the topics of the evolution and current issues concerning the European Patent System as well as International Protection and Enforcement of IPR (with special consideration of issues pertaining to IP enforcement in the Digital Environment). Conclusions drawn point to the benefits of a comprehensive European IPR strategy, covering a broad range of IP instruments and topics

A Tool-based Semantic Framework for Security Requirements Specification

Attaining high quality in security requirements specification requires first-rate professional expertise, which is scarce. In fact, most organisations do not include core security experts in their software team. This scenario motivates the need for adequate tool support for security requirements specification so that the human requirements analyst can be assisted to specify security requirements of acceptable quality with minimum effort. This paper presents a tool-based semantic framework that uses ontology and requirements boilerplates to facilitate the formulation and specification of security requirements. A two-phased evaluation of the semantic framework suggests that it is usable, leads to reduction of effort, aids the quick discovery of hidden security threats, and improves the quality of security requirements

Ontology-Based Support for Security Requirements Specification Process

The security requirements specification (SRS) is an integral aspect of the development of secured information systems and entails the formal documentation of the security needs of a system in a correct and consistent way. However, in many cases there is lack of sufficiently experienced security experts or security requirements (SR) engineer within an organization, which limits the quality of SR that are specified. This paper presents an approach that leverages ontologies and requirements boilerplates in order to alleviate the effect of lack of highly experienced personnel for SRS. It also offers a credible starting point for the SRS process. A preliminary evaluation of the tool prototype – ReqSec tool - was used to demonstrate the approach and to confirm its usability to support the SRS process. The tool helps to reduce the amount of effort required, stimulate discovery of latent security threats, and enables the specification of good quality SR

Model Driven Information Security Management - Evaluating and Applying the Meta Model of ISO 27001

Information technology has had a significant impact on business operations and allowed the emergence of new business models. These IT-enabled processes and businesses however depend on secure information systems which need to be managed. The management of information systems security (ISS) is a highly dynamic and complex task due to constant change in the information technology domain. In this paper we propose the use of a meta model to aid ISS managers in setting up a holistic information security management system (ISMS). For this we describe how an adapted meta model of ISO 27001, a security standard for ISMS, can be used to aid with general phases of ISS management. We demonstrate how models can support ISS managers in their endeavors. The paper concludes with a pragmatic evaluation by providing an example of how such a meta model can be operationalized for vulnerability identification, before discussing potential future research