Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Managing Global Training Utilizing Distance Learning Technologies and Techniques: The United States Army Readiness Training

Distance learning (e-learning) is expanding at a very rapid pace as organizations throughout the world search for economical, responsive, and effective means to train workers to meet the challenges of the information age workplace. The Army Distance Learning Program (TADLP) model is discussed in the context of the global e-learning environment. Both e-learning infrastructure and management issues are identified, with emphasis on: (1) developing policy, (2) measuring performance, (3) managing resources, (4) maintaining standards, and (5) satisfying users. The TADLP program is challenging to manage effectively, and difficult to accurately assess program outcomes. The TADLP program is shown to have a well-executed infrastructure plan, quality management of both facilities and services by contractor-supplied staff, and well-designed classrooms. However, the program suffers from limited courseware, creating a bottleneck for full program utilization. A discussion follows relating the Army program to public and private e-learning programs and expectations.

Maintenance Knowledge Management with Fusion of CMMS and CM

Abstract- Maintenance can be considered as an information, knowledge processing and management system. The management of knowledge resources in maintenance is a relatively new issue compared to Computerized Maintenance Management Systems (CMMS) and Condition Monitoring (CM) approaches and systems. Information Communication technologies (ICT) systems including CMMS, CM and enterprise administrative systems amongst others are effective in supplying data and in some cases information. In order to be effective the availability of high-quality knowledge, skills and expertise are needed for effective analysis and decision-making based on the supplied information and data. Information and data are not by themselves enough, knowledge, experience and skills are the key factors when maximizing the usability of the collected data and information. Thus, effective knowledge management (KM) is growing in importance, especially in advanced processes and management of advanced and expensive assets. Therefore efforts to successfully integrate maintenance knowledge management processes with accurate information from CMMSs and CM systems will be vital due to the increasing complexities of the overall systems. Low maintenance effectiveness costs money and resources since normal and stable production cannot be upheld and maintained over time, lowered maintenance effectiveness can have a substantial impact on the organizations ability to obtain stable flows of income and control costs in the overall process. Ineffective maintenance is often dependent on faulty decisions, mistakes due to lack of experience and lack of functional systems for effective information exchange [10]. Thus, access to knowledge, experience and skills resources in combination with functional collaboration structures can be regarded as vital components for a high maintenance effectiveness solution. Maintenance effectiveness depends in part on the quality, timeliness, accuracy and completeness of information related to machine degradation state, based on which decisions are made. Maintenance effectiveness, to a large extent, also depends on the quality of the knowledge of the managers and maintenance operators and the effectiveness of the internal & external collaborative environments. With emergence of intelligent sensors to measure and monitor the health state of the component and gradual implementation of ICT) in organizations, the conceptualization and implementation of E-Maintenance is turning into a reality. Unfortunately, even though knowledge management aspects are important in maintenance, the integration of KM aspects has still to find its place in E-Maintenance and in the overall information flows of larger-scale maintenance solutions. Nowadays, two main systems are implemented in most maintenance departments: Firstly, Computer Maintenance Management Systems (CMMS), the core of traditional maintenance record-keeping practices that often facilitate the usage of textual descriptions of faults and actions performed on an asset. Secondly, condition monitoring systems (CMS). Recently developed (CMS) are capable of directly monitoring asset components parameters; however, attempts to link observed CMMS events to CM sensor measurements have been limited in their approach and scalability. In this article we present one approach for addressing this challenge. We argue that understanding the requirements and constraints in conjunction - from maintenance, knowledge management and ICT perspectives - is necessary. We identify the issues that need be addressed for achieving successful integration of such disparate data types and processes (also integrating knowledge management into the “data types” and processes)

Improving SPAWAR PEO C4I organizational alignment to better enable enterprise technical risk management

This thesis examined how the Navy's Program Executive Office Command, Control, Communications, Computers and Intelligence (PEO C4I) has performed enterprise risk management (ERM). Based on ERM literature, the study developed an analytical framework to assess PEO C4I's ERM practices against documented ERM best practices, including evaluating a new risk in terms of its impact on existing risks and ensuring risks are managed at the most detailed level possible. The thesis also utilized organizational alignment literature to include organizational alignment principles in the evaluation. Key principles include 1) every employee has the responsibility to manage risk and 2) multiple teams are able to manage a single risk. The resultant analytical framework was applied to PEO C4I and documented for application to other organizations. PEO C4I performed well in the areas of 1) evaluating risks in areas other than the originating program office and 2) providing the framework to elevate risks to leadership. PEO C4I could use improvement in cross-team risk coordination and development of enterprise models to provide context for enterprise risks. Recommended interventions focus on having more functional areas involved in risk mitigation and developing a common enterprise architecture to improve understanding of potential areas of risk.http://archive.org/details/improvingspawarp1094552965Civilian, Department of the NavyApproved for public release; distribution is unlimited

Managing the Risk of Stranded Assets in Agriculture and Forestry

To date, much of the research into stranded assets – broadly defined as assets incurring significant unanticipated or premature write-downs or devaluations – has focused on the fossil fuel sector. However, not least in the context of the 2015 Paris Agreement, and with growing understanding that climate change may become a major factor in the creation of stranded assets, it has become clear that it is not just the energy sector that will be affected. Assets in agriculture and forestry may also be at risk of stranding, because of physical impacts such as drought and desertification as well as through regulatory and technological change.The risk of stranding is particularly high in production regions where natural forests are being cleared for agricultural use. Other regions at high risk are those where climate change is predicted to have impacts that will severely disrupt production cycles or shift production patterns. In addition, strong low-carbon development plans can affect the regulatory frameworks that govern the agriculture and forestry sectors, bringing further risks of stranding.Stranding risks have a potential impact on the various actors positioned along the supply chain for agriculture and forest commodities. They include the land- or rights-owners, the owners of infrastructure related to the transport and processing of commodities, consumer companies and investors.The faster the pace of decarbonization, or the more pronounced the impacts of climate change, the greater the chance of asset stranding and the higher the likelihood of economic, social and political impacts. The prospect of asset stranding could be sufficient to cause potentially affected groups to impede efforts towards low-carbon development, but this possibility has not been sufficiently accounted for in the national low-carbon development plans of either developed or developing economies. As a result, there is a potential risk to the implementation of such plans.This paper includes case studies of stranding risk in Brazil, Malaysia and Liberia. In these countries, there are potentially significant risks of stranding, both from regulation and climate change impacts. However, there has been very little consideration of these risks by policymakers, and there are significant information gaps.Further research is necessary in the following areas: analysing the outlook for biofuels to assess the risk of stranding and the possible impacts of new technology; assessing the physical impacts of extreme weather events on investments, taking into account the role of the insurance industry and price fluctuations; and determining whether growing consumer preferences for 'sustainable' products contribute to the risk of stranding in agriculture and forestry.Such research could be used to initiate discussions within producer countries about the risk of stranded assets given their national strategies and policies, and in light of the available evidence of the physical impacts of climate change, in order to identify the options for both mitigating and managing that risk

A Survey on Usage and Diffusion of Project Risk Management Techniques and Software Tools in the Construction Industry

The area of Project Risk Management (PRM) has been extensively researched, and the utilization of various tools and techniques for managing risk in several industries has been sufficiently reported. Formal and systematic PRM practices have been made available for the construction industry. Based on such body of knowledge, this paper tries to find out the global picture of PRM practices and approaches with the help of a survey to look into the usage of PRM techniques and diffusion of software tools, their level of maturity, and their usefulness in the construction sector. Results show that, despite existing techniques and tools, their usage is limited: software tools are used only by a minority of respondents and their cost is one of the largest hurdles in adoption. Finally, the paper provides some important guidelines for future research regarding quantitative risk analysis techniques and suggestions for PRM software tools development and improvemen

Exploring Enterprise-Wide Risk Management System in Higher Education

The purpose of this case study research paper is to provide unique and in-depth data and understanding of Enterprise-Wide Risk Management within the real-world context of a private HEI. The research presented adoption of risk management practices within a UK higher education (HE) setting that demonstrates the evolution of processes towards enterprise-wide educational governance in support of a sustainable HE sector. Effectively managing enterprise wide risk ensures sustainability is on the governance agenda.  Within this research paper a wide spectrum of risk management practices and theories is assessed and a case study review shows a mature adoption, over time, of a holistic approach to managing risk. This research paper therefore, provides valuable lessons learned and gives practical guidance for policy makers, governors and senior management in Higher Education Institutions (HEIs).  The case study organisation provides a best practice view of enterprise-wide risk management system taking guidance from global standards, national regulatory bodies, universities, colleges and experts in risk management from all levels.  The main gap in current published knowledge presented is that the drivers for successfully implementing sustainable risk management in the HE sector are not known. The research questions have led the inquiry to provide three contributions to a better understanding of adopting Enterprise-Wide Risk Management in HE with a new roadmap for implementation; thematic direction for governance; and six drivers for successfully implementing sustainable risk strategies