16,962 research outputs found
Intangible trust requirements - how to fill the requirements trust "gap"?
Previous research efforts have been expended in terms of the capture and subsequent instantiation of "soft" trust requirements that relate to HCI usability concerns or in relation to "hard" tangible security requirements that primarily relate to security a ssurance and security protocols. Little direct focus has been paid to managing intangible trust related requirements
per se. This 'gap' is perhaps most evident in the public B2C (Business to Consumer) E- Systems we all use on a daily basis. Some speculative suggestions are made as to how to fill the 'gap'.
Visual card sorting is suggested as a suitable evaluative tool; whilst deontic logic trust norms
and UML extended notation are the suggested (methodologically invariant) means by which software development teams can perhaps more fully capture hence visualize intangible trust requirements
Rethinking Security Incident Response: The Integration of Agile Principles
In today's globally networked environment, information security incidents can
inflict staggering financial losses on organizations. Industry reports indicate
that fundamental problems exist with the application of current linear
plan-driven security incident response approaches being applied in many
organizations. Researchers argue that traditional approaches value containment
and eradication over incident learning. While previous security incident
response research focused on best practice development, linear plan-driven
approaches and the technical aspects of security incident response, very little
research investigates the integration of agile principles and practices into
the security incident response process. This paper proposes that the
integration of disciplined agile principles and practices into the security
incident response process is a practical solution to strengthening an
organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information
Systems (AMCIS 2014), Savannah, Georgi
Service Level Agreement-based GDPR Compliance and Security assurance in (multi)Cloud-based systems
Compliance with the new European General Data Protection Regulation (Regulation (EU) 2016/679) and security
assurance are currently two major challenges of Cloud-based systems. GDPR compliance implies both privacy and security
mechanisms definition, enforcement and control, including evidence collection. This paper presents a novel DevOps
framework aimed at supporting Cloud consumers in designing, deploying and operating (multi)Cloud systems that include
the necessary privacy and security controls for ensuring transparency to end-users, third parties in service provision (if any)
and law enforcement authorities. The framework relies on the risk-driven specification at design time of privacy and security
level objectives in the system Service Level Agreement (SLA) and in their continuous monitoring and enforcement at runtime.The research leading to these results has received
funding from the European Union’s Horizon 2020 research
and innovation programme under grant agreement No 644429
and No 780351, MUSA project and ENACT project,
respectively. We would also like to acknowledge all the
members of the MUSA Consortium and ENACT Consortium
for their valuable help
Safety-Critical Systems and Agile Development: A Mapping Study
In the last decades, agile methods had a huge impact on how software is
developed. In many cases, this has led to significant benefits, such as quality
and speed of software deliveries to customers. However, safety-critical systems
have widely been dismissed from benefiting from agile methods. Products that
include safety critical aspects are therefore faced with a situation in which
the development of safety-critical parts can significantly limit the potential
speed-up through agile methods, for the full product, but also in the
non-safety critical parts. For such products, the ability to develop
safety-critical software in an agile way will generate a competitive advantage.
In order to enable future research in this important area, we present in this
paper a mapping of the current state of practice based on {a mixed method
approach}. Starting from a workshop with experts from six large Swedish product
development companies we develop a lens for our analysis. We then present a
systematic mapping study on safety-critical systems and agile development
through this lens in order to map potential benefits, challenges, and solution
candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced
Applications 2018, Prague, Czech Republi
Enhancing security incident response follow-up efforts with lightweight agile retrospectives
Security incidents detected by organizations are escalating in both scale and complexity. As a result, security incident response has become a critical mechanism for organizations in an effort to minimize the damage from security incidents. The final phase within many security incident response approaches is the feedback/follow-up phase. It is within this phase that an organization is expected to use information collected during an investigation in order to learn from an incident, improve its security incident response process and positively impact the wider security environment. However, recent research and security incident reports argue that organizations find it difficult to learn from incidents.
A contributing factor to this learning deficiency is that industry focused security incident response approaches, typically, provide very little practical information about tools or techniques that can be used to extract lessons learned from an investigation. As a result, organizations focus on improving technical security controls and not examining or reassessing the effectiveness or efficiency of internal policies and procedures. An additional hindrance, to encouraging improvement assessments, is the absence of tools and/or techniques that organizations can implement to evaluate the impact of implemented enhancements in the wider organization. Hence, this research investigates the integration of lightweight agile retrospectives and meta-retrospectives, in a security incident response process, to enhance feedback and/or follow-up efforts. The research contribution of this paper is twofold. First, it presents an approach based on lightweight retrospectives as a means of enhancing security incident response follow-up efforts. Second, it presents an empirical evaluation of this lightweight approach in a Fortune 500 Financial organization's security incident response team
Agile, Web Engineering and Capability Maturity ModelI ntegration : A systematic literature review
Context
Agile approaches are an alternative for organizations developing software, particularly for those who develop Web applications. Besides, CMMI (Capability Maturity Model Integration) models are well-established approaches focused on assessing the maturity of an organization that develops software. Web Engineering is the field of Software Engineering responsible for analyzing and studying the specific characteristics of the Web. The suitability of an Agile approach to help organizations reach a certain CMMI maturity level in Web environments will be very interesting, as they will be able to keep the ability to quickly react and adapt to changes as long as their development processes get mature.
Objective
This paper responds to whether it is feasible or not, for an organization developing Web systems, to achieve a certain maturity level of the CMMI-DEV model using Agile methods.
Method
The proposal is analyzed by means of a systematic literature review of the relevant approaches in the field, defining a characterization schema in order to compare them to introduce the current state-of-the-art.
Results
The results achieved after the systematic literature review are presented, analyzed and compared against the defined schema, extracting relevant conclusions for the different dimensions of the problem: compatibility, compliance, experience, maturity and Web.
Conclusion
It is concluded that although the definition of an Agile approach to meet the different CMMI maturity levels goals could be possible for an organization developing Web systems, there is still a lack of detailed studies and analysis on the field
Integration of BPM systems
New technologies have emerged to support the global economy where for instance suppliers, manufactures and retailers are working together in order to minimise the cost and
maximise efficiency. One of the technologies that has become a buzz word for many businesses is business process management or BPM. A business process comprises activities
and tasks, the resources required to perform each task, and the business rules linking these activities and tasks. The tasks may be performed by human and/or machine actors.
Workflow provides a way of describing the order of execution and the dependent relationships between the constituting activities of short or long running processes.
Workflow allows businesses to capture not only the information but also the processes that transform the information - the process asset (Koulopoulos, T. M., 1995). Applications which involve automated, human-centric and collaborative processes across organisations are
inherently different from one organisation to another. Even within the same organisation but over time, applications are adapted as ongoing change to the business processes is seen as the norm in today’s dynamic business environment. The major difference lies in the specifics of business processes which are changing rapidly in order to match the way in which businesses operate. In this chapter we introduce and discuss Business Process Management (BPM) with a focus on the integration of heterogeneous BPM systems across multiple organisations. We identify the problems and the main challenges not only with regards to technologies but also in the social and cultural context. We also discuss the issues that have arisen in our bid to find the solutions
Recommended from our members
Disruptive Innovations and Disruptive Assurance: Assuring Machine Learning and Autonomy
Autonomous and machine learning-based systems are disruptive innovations and thus require a corresponding disruptive assurance strategy. We offer an overview of a framework based on claims, arguments, and evidence aimed at addressing these systems and use it to identify specific gaps, challenges, and potential solutions
Owner challenges on major projects: The case of UK government
Many studies agree that owner organisations are important for successful project organising, but they tend to focus on particular aspects of project organising rather than providing a holistic analysis of owners as organisations. Our objective is to collect evidence of the full range of challenges public sector owners face in managing their major projects. After reviewing the literature on owner organisations, we carry out a case survey of 26 major projects to identify the principal challenges using a content analysis of UK National Audit Office Value for Money reports. Our original contribution is that the findings provide the first comprehensive picture of the full range of challenges of project organising faced by owner organisations. These findings push us theoretically to extend the scope of research in project organising to identify an extended core set of dynamic capabilities for project owner organisations to address these challenges
- …