Regulatory Compliance-oriented Impediments and Associated Effort Estimation Metrics in Requirements Engineering for Contractual Systems Engineering Projects

Large-scale contractual systems engineering projects often need to comply with a myriad of government regulations and standards as part of contractual fulfillment. A key activity in the requirements engineering (RE) process for such a project is to elicit appropriate requirements from the regulations and standards that apply to the target system. However, there are impediments in achieving compliance due to such factors as: the voluminous contract and its high-level specifications, large number of regulatory documents, and multiple domains of the system. Little empirical research has been conducted on developing a shared understanding of the compliance-oriented complexities involved in such projects, and identifying and developing RE support (such as processes, tools, metrics, and methods) to improve overall performance for compliance projects. Through three studies on an industrial RE project, we investigated a number of issues in RE concerning compliance, leading to the following novel results:(i) a meta-model that captures artefacts-types and their compliance-oriented inter-relationships that exist in RE for contractual systems engineering projects; (ii) discovery of key impediments to requirements-compliance due to: (a) contractual complexities (e.g., regulatory requirements specified non-contiguously with non-regulatory requirements in the contract at the ratio of 1:19), (b) complexities in regulatory documents (e.g., over 300 regulatory documents being relevant to the subject system), and (c) large and complex system (e.g., 40% of the contractual regulatory requirements are cross-cutting); (iii) a method for deriving base metrics for estimating the effort needed to do compliance work during RE and demonstrate how a set of derived metrics can be used to create an effort estimation model for such work; (iv) a framework for structuring diverse regulatory documents and requirements for global product developments. These results lay a foundation in RE research on compliance issues with anticipation for its impact in real-world projects and in RE research

Information Security Governance Simplified

Security practitioners must be able to build cost-effective security programs while also complying with government regulations. Information Security Governance Simplified: From the Boardroom to the Keyboard lays out these regulations in simple terms and explains how to use control frameworks to build an air-tight information security (IS) program and governance structure. Defining the leadership skills required by IS officers, the book examines the pros and cons of different reporting structures and highlights the various control frameworks available. It details the functions of the security department and considers the control areas, including physical, network, application, business continuity/disaster recover, and identity management. Todd Fitzgerald explains how to establish a solid foundation for building your security program and shares time-tested insights about what works and what doesn’t when building an IS program. Highlighting security considerations for managerial, technical, and operational controls, it provides helpful tips for selling your program to management. It also includes tools to help you create a workable IS charter and your own IS policies. Based on proven experience rather than theory, the book gives you the tools and real-world insight needed to secure your information while ensuring compliance with government regulations

Enterprise reference architectures for higher education institutions: Analysis, comparison and practical uses

Enterprise Architecture (EA) is currently accepted as one on the major instruments for enabling organisations in their transformation processes to achieve business-technology alignment. Despite that over the last years EA has been successfully adopted in many industries, Higher Education still represents one of the sectors with lower levels of adoption and maturity of EA practices. The present thesis puts the emphasis particularly on the study Enterprise Reference Architectures (ERAs), as a particular type of EA artefact, in Higher Education Institutions (HEIs). After formally clarifying the concept of ERAs and giving a panoramic view of the current state-of-the-art of existing HEI-oriented ERAs, the thesis proposes an artefact framework build through a Design Science Research (DSR) approach aimed to facilitate practitioners their (re-)use or application in their own real practical settings. The purpose of the constructed artefact is to support practitioners when conducting the necessary adjustments to exiting HEI-oriented ERAs in order to be successfully applied for their specific needs.La Arquitectura Empresarial (AE) es actualmente reconocida como una disciplina que permite configurar procesos de trasformación organizativa a objeto de alinear el negocio con la tecnología. A pesar de que en los últimos años la AE se ha ido adoptando progresivamente de forma exitosa en diversas industrias, la educación superior representa todavía hoy en día uno de los sectores con menores niveles de adopción y de madurez en lo que se refiere a las prácticas de AE. La presente tesis hace especial hincapié en el estudio de las Arquitecturas de Referencia Empresariales (AREs), entendidas como un artefacto específico de AE, en Instituciones de Educación Superior (IES). Así, después de clarificar formalmente el concepto de ARE y de ofrecer una visión panorámica del estado del arte relativo a las AREs para IES existentes, la tesis propone un framework de trabajo construido a través de un enfoque de investigación basado en la Ciencia del diseño destinado a facilitar su (re-)utilización o aplicación práctica en dominios de trabajo reales. El objetivo del artefacto es proporcionar soporte práctico a los profesionales para realizar los ajustes necesarios a las AREs para IES existentes para que puedan aplicarlas con éxito a sus necesidades específicas.L'Arquitectura Empresarial (AE) és actualment reconeguda com una disciplina que permet configurar processos de transformació organitzatius a fi d'alinear el negoci amb la tecnologia. Tot i que en els darrers anys l'AE s'ha anat adoptant progressivament amb èxit en diverses indústries, l'educació superior representa encara avui dia un dels sectors amb menors nivells d'adopció i de maduresa pel que fa a pràctiques d'AE. Aquesta tesi posa especial èmfasi en l'estudi de les Arquitectures de Referència Empresarials (AREs), enteses com un artefacte concret d'AE, a Institucions d'Educació Superior (IES). Així, després d'aclarir formalment el concepte d'ARE i oferir una visió panoràmica de l'estat de l'art relatiu a les ARE per a IES existents, la tesi proposa un framework de treball construït a través d'un enfocament de recerca basat en la ciència del disseny destinat a facilitar-ne la seva (re-)utilització o aplicació pràctica en dominis de treball reals. L'objectiu de l'artefacte és proporcionar suport pràctic als professionals per realitzar els ajustaments necessaris a les AREs per a IES existents de forma que les puguin aplicar amb èxit a les seves necessitats específiques.Tecnologies de la informació i de xarxe

A method for developing Reference Enterprise Architectures

Industrial change forces enterprises to constantly adjust their organizational structures in order to stay competitive. In this regard, research acknowledges the potential of Reference Enterprise Architectures (REA). This thesis proposes REAM - a method for developing REAs. After contrasting organizations' needs with approaches available in the current knowledge base, this work identifies the absence of method support for REA development. Proposing REAM, the author aims to close this research gap and evaluates the method's utility by applying REAM in different naturalistic settings

Model driven validation approach for enterprise architecture and motivation extensions

As the endorsement of Enterprise Architecture (EA) modelling continues to grow in diversity and complexity, management of its schema, artefacts, semantics and relationships has become an important business concern. To maintain agility and flexibility within competitive markets, organizations have also been compelled to explore ways of adjusting proactively to innovations, changes and complex events also by use of EA concepts to model business processes and strategies. Thus the need to ensure appropriate validation of EA taxonomies has been considered severally as an essential requirement for these processes in order to exert business motivation; relate information systems to technological infrastructure. However, since many taxonomies deployed today use widespread and disparate modelling methodologies, the possibility to adopt a generic validation approach remains a challenge. The proliferation of EA methodologies and perspectives has also led to intricacies in the formalization and validation of EA constructs as models often times have variant schematic interpretations. Thus, disparate implementations and inconsistent simulation of alignment between business architectures and heterogeneous application systems is common within the EA domain (Jonkers et al., 2003). In this research, the Model Driven Validation Approach (MDVA) is introduced. MDVA allows modelling of EA with validation attributes, formalization of the validation concepts and transformation of model artefacts to ontologies. The transformation simplifies querying based on motivation and constraints. As the extended methodology is grounded on the semiotics of existing tools, validation is executed using ubiquitous query language. The major contributions of this work are the extension of a metamodel of Business Layer of an EAF with Validation Element and the development of EAF model to ontology transformation Approach. With this innovation, domain-driven design and object-oriented analysis concepts are applied to achieve EAF model’s validation using ontology querying methodology. Additionally, the MDVA facilitates the traceability of EA artefacts using ontology graph patterns

D7.5 FIRST consolidated project results

The FIRST project commenced in January 2017 and concluded in December 2022, including a 24-month suspension period due to the COVID-19 pandemic. Throughout the project, we successfully delivered seven technical reports, conducted three workshops on Key Enabling Technologies for Digital Factories in conjunction with CAiSE (in 2019, 2020, and 2022), produced a number of PhD theses, and published over 56 papers (and numbers of summitted journal papers). The purpose of this deliverable is to provide an updated account of the findings from our previous deliverables and publications. It involves compiling the original deliverables with necessary revisions to accurately reflect the final scientific outcomes of the project

JURI SAYS:An Automatic Judgement Prediction System for the European Court of Human Rights

In this paper we present the web platform JURI SAYS that automatically predicts decisions of the European Court of Human Rights based on communicated cases, which are published by the court early in the proceedings and are often available many years before the final decision is made. Our system therefore predicts future judgements of the court. The platform is available at jurisays.com and shows the predictions compared to the actual decisions of the court. It is automatically updated every month by including the prediction for the new cases. Additionally, the system highlights the sentences and paragraphs that are most important for the prediction (i.e. violation vs. no violation of human rights)