A coordination protocol for user-customisable cloud policy monitoring

Cloud computing will see a increasing demand for end-user customisation and personalisation of multi-tenant cloud service offerings. Combined with an identified need to address QoS and governance aspects in cloud computing, a need to provide user-customised QoS and governance policy management and monitoring as part of an SLA management infrastructure for clouds arises. We propose a user-customisable policy definition solution that can be enforced in multi-tenant cloud offerings through an automated instrumentation and monitoring technique. We in particular allow service processes that are run by cloud and SaaS providers to be made policy-aware in a transparent way

Designing a consulting services architecture model

textDuring my years of experience in the technology industry, it has become obvious that standard processes and methodologies within the engineering discipline are at a mature state. The realization though is that software engineering specifically lags behind. Most software engineering methodologies that I have studied focus on the mission of software development. It is this realization and the need for structure that led me to review existing methodologies used within my company's software services organization. The definition of what a successful software services methodology entails is rather limited. This report will provide a history of existing software engineering methodologies that I have studied, describe an initial services method that was being developed within my organization, develop a new model that addresses previous shortcomings and identify additional components required to further define a strong software services-oriented delivery methodology.Electrical and Computer Engineerin

Dialectic tensions in the financial markets: a longitudinal study of pre- and post-crisis regulatory technology

This article presents the findings from a longitudinal research study on regulatory technology in the UK financial services industry. The financial crisis with serious corporate and mutual fund scandals raised the profile of compliance as governmental bodies, institutional and private investors introduced a ‘tsunami’ of financial regulations. Adopting a multi-level analysis, this study examines how regulatory technology was used by financial firms to meet their compliance obligations, pre- and post-crisis. Empirical data collected over 12 years examine the deployment of an investment management system in eight financial firms. Interviews with public regulatory bodies, financial institutions and technology providers reveal a culture of compliance with increased transparency, surveillance and accountability. Findings show that dialectic tensions arise as the pursuit of transparency, surveillance and accountability in compliance mandates is simultaneously rationalized, facilitated and obscured by regulatory technology. Responding to these challenges, regulatory bodies continue to impose revised compliance mandates on financial firms to force them to adapt their financial technologies in an ever-changing multi-jurisdictional regulatory landscape

Implementing section 404 of the sarbanes oxley act: Recommendations for information systems organizations

Section 404 of the Sarbanes Oxley (SOX) Act addresses the effectiveness of internal controls, which in most organizations are either fully or partially automated due to the pervasiveness and ubiquity of information technologies. Significant or material control deficiencies have to be reported publicly. The adverse impact on organizations declaring deficiencies can be severe, for example, damage to reputation and/or market value. While there are many practitioner-led manuals and methods for dealing with 404, there has been little published in the academic research literature investigating the role of Information Systems organizations in implementing Section 404. The paper addresses this gap in knowledge. We used institutional theory as the lens through which to examine the experiences of Section 404 implementation in three global organizations. We used the case study method and an abductive strategy to gather and analyze data respectively. Our findings are summarized in six recommendations. We found that institutional pressures play a critical role in the implementation of Section 404. In particular, organizations face coercive pressure to achieve Section 404 compliance, without which punitive sanctions can be imposed by regulators. Organizations tend to imitate one another in the methods they use so that each is perceived to be in line with their competitive environment. Organizations face normative pressures to act in ways that are socially acceptable, which is to achieve compliance. Failure to do so would be a signal to the market that the organization does not take controls seriously. We expand these findings in terms of power and influence tactics that IS organizations can use when implementing Section 404. Our findings provide directions for practice and lines of enquiry for further research

Whirlpool Delivery Methods: A Case Study

Many organizations face the challenge of deploying a consistent project methodology. The challenge becomes more significant for global organizations such as Whirlpool Corporation which have a large number of IS projects cutting across business units, geographies and functional areas. In 2010, Whirlpool Corporation, a global leader in the appliance industry, deployed a new waterfall-based IS project management methodology - Whirlpool Delivery Methods (WDM) - as part of a strategic IS transformation initiative. This paper examines Whirlpool’s journey over the past 2 years including the key levers used to drive adoption and diffusion such as the role of IS leadership and project tools. The findings from the Case Study, including Survey feedback from 176 respondents, indicate the need to balance project rigor with speed and flexibility and the importance of tools to support project governance. The paper contributes a practical perspective to large-scale IS project methodology deployment

Building an Emulation Environment for Cyber Security Analyses of Complex Networked Systems

Computer networks are undergoing a phenomenal growth, driven by the rapidly increasing number of nodes constituting the networks. At the same time, the number of security threats on Internet and intranet networks is constantly growing, and the testing and experimentation of cyber defense solutions requires the availability of separate, test environments that best emulate the complexity of a real system. Such environments support the deployment and monitoring of complex mission-driven network scenarios, thus enabling the study of cyber defense strategies under real and controllable traffic and attack scenarios. In this paper, we propose a methodology that makes use of a combination of techniques of network and security assessment, and the use of cloud technologies to build an emulation environment with adjustable degree of affinity with respect to actual reference networks or planned systems. As a byproduct, starting from a specific study case, we collected a dataset consisting of complete network traces comprising benign and malicious traffic, which is feature-rich and publicly available

The Strategic Balance of Centralized Control and Localized Flexibility in Two-Tier ERP Systems

Two-tier ERP systems are an increasingly popular technology strategy for large, multinational enterprises. This paper examines how two-tier ERP enables organizations to balance centralized control and coordination at the corporate level with localized flexibility and responsiveness at the division/subsidiary level. The tier 1 ERP system handles core tasks like HR, finance, and IT using highly customized solutions tailored to the large corporate entity's needs, scale, and sophistication. This promotes enterprise-wide process standardization and centralized control. Meanwhile, the tier 2 ERP systems utilized by smaller subsidiaries and regional offices are less resource intensive and more configurable to address localized requirements. Tier 2 gives local divisions more control over their ERP to enable flexibility and responsiveness. This research analyzes the key drivers pushing large multinationals towards two-tier ERP, including managing complexity across global operations, enabling centralized coordination while allowing localization, integrating dispersed IT infrastructures, and controlling implementation costs. The paper explores the unique characteristics and benefits of tier 1 and tier 2 ERP systems in depth, providing concrete examples. Critical considerations for successfully deploying two-tier ERP are also examined, such as integration, change management, and striking the right balance between standardization and localization. The conclusion reached is that two-tier ERP delivers important synergistic benefits for large enterprises through its centralized/decentralized dual structure. The tier 1/tier 2 approach balances the key needs for coordination and control at the center with flexibility at the edges. However, careful planning is required for effective two-tier ERP implementation. The optimal balance between standardization and localization must be struck to fully realize the strategic potential. This research provides important insights for both academic study and real-world application of two-tier ERP systems

Approaches Regarding Business Logic Modeling in Service Oriented Architecture

As part of the Service Oriented Computing (SOC), Service Oriented Architecture (SOA) is a technology that has been developing for almost a decade and during this time there have been published many studies, papers and surveys that are referring to the advantages of projects using it. In this article we discuss some ways of using SOA in the business environment, as a result of the need to reengineer the internal business processes with the scope of moving forward towards providing and using standardized services and achieving enterprise interoperability.Business Rules, Business Processes, SOA, BPM, BRM, Semantic Web, Semantic Interoperability