Contextualisation of Data Flow Diagrams for security analysis

Data flow diagrams (DFDs) are popular for sketching systems for subsequent threat modelling. Their limited semantics make reasoning about them difficult, but enriching them endangers their simplicity and subsequent ease of take up. We present an approach for reasoning about tainted data flows in design-level DFDs by putting them in context with other complementary usability and requirements models. We illustrate our approach using a pilot study, where tainted data flows were identified without any augmentations to either the DFD or its complementary models

Moving from a Product-Based Economy to a Service-Based Economy for a More Sustainable Future

Traditionally, economic growth and prosperity have been linked with the availability, production and distribution of tangible goods as well as the ability of consumers to acquire such goods. Early evidence regarding this connection dates back to Adam Smith's Wealth of Nations (1776), in which any activity not resulting in the production of a tangible good is characterized as unproductive of any value." Since then, this coupling of economic value and material production has been prevalent in both developed and developing economies throughout the world. One unintended consequence of this coupling has been the exponential increase in the amount of solid waste being generated. The reason is that any production and consumption of material goods eventually generates the equivalent amount of (or even more) waste. Exacerbating this problem is the fact that, with today's manufacturing and supply chain management technologies, it has become cheaper to dispose and replace most products rather than to repair and reuse them. This has given rise to what some call a disposable society." To put things in perspective: In 2012 households in the U.K. generated approximately 22 thousand tons of waste, which amounted to 411 kg of waste generated per person (Department for Environment, Food & Rural Affairs, 2015). During the same time period, households in the U.S. generated 251 million tons of waste, which is equivalent to a person generating approximately 2 kg of waste every day (U.S. Environmental Protection Agency, 2012). Out of these 251 million tons of total waste generated, approximately 20% of the discarded items were categorized as durable goods. The disposal of durable goods is particularly worrisome because they are typically produced using material from non- renewable resources such as iron, minerals, and petroleum-based raw materials

Interventions for Long Term Software Security:Creating a Lightweight Program of Assurance Techniques for Developers

Though some software development teams are highly effective at delivering security, others either do not care or do not have access to security experts to teach them how. Unfortunately, these latter teams are still responsible for the security of the systems they build: systems that are ever more important to ever more people. We propose that a series of lightweight interventions, six hours of facilitated workshops delivered over three months, can improve a team’s motivation to consider security and awareness of assurance techniques, changing its security culture even when no security experts are involved. The interventions were developed after an Appreciative Inquiry and Grounded Theory survey of security professionals to find out what approaches work best. We tested the interventions in a Participatory Action Research field study where we delivered the workshops to three soft- ware development organizations, and evaluated their effectiveness through interviews be- forehand, immediately afterwards, and after twelve months. We found that the interventions can be effective with teams with limited or no security experience, and that improvement is long lasting. This approach and the learning points arising from the work here have the potential to be applied in many development teams, improving the security of software worldwide

Co-Design of Business and IT Services – a Tool-Supported Approach

Service modeling is an important step in designing service-oriented systems. There are multiple levels of design because service sci-ence includes both the business rationale and the IT implementation ofthe services. As business and IT perspectives differ, the modeling tech-niques are different, and often the respective modeling languages aredisconnected or ad-hoc. We propose a new service-modeling approachfor connecting the business modeling and the web service modeling bypresenting these two perspectives in a single model. We present a multi-stage modeling process for capturing different perspectives and creatingmodels iteratively by working with levels of abstraction from higher tolower. The model is then used as an input in order to generate a RESTAPI specification in the OpenAPI format to feed the next stages of theservice life-cycle

SMEs' purchasing habits : A procurement maturity model for stakeholders

Although micro companies overpower the small and medium enterprise (SME) segment, generalizations are often with medium size companies, and therefore, there are many unknowns, especially when it comes to its buying behavior. Conformist studies and industry practices assume SMEs to be “normative” or “conservative” buyers; however, this hypothesis is untested. This article aims to scrutinize the reality, and proposes a unified model that rejects pre-containerization in buying behavior typologies, as well as selectiveness in terms of audience type, whether it is corporate, SME, or consumer. While replacing researchers’ perceptions with the audience’s, the model yields actual knowledge that can lead to audience’s beliefs in lieu of the opposite, which is used to mislead stakeholders. The study shows that SMEs also buy like individuals and spend in a similar way to consumers’, including not only “normative” and “conservative” but also “negligent” and “impulse” zones. From the research-implications perspective, future studies by behaviorists can explore why SMEs purchase in this way. Marketers may benefit from the finding that SMEs buy like individuals. In addition, SMEs may want to be conscious of their purchasing habits, and—utilizing the newly introduced “risk score” frontier—policymakers should assess the consequences of these habits at the macro level

Enterprise transformation: Why are we interested, what is it, and what are the challenges?

© IIE, INCOSE. The concept of enterprise transformation has become increasingly popular as companies recognize the need to achieve an integrated perspective within and across organizational boundaries to address complex challenges. Yet, there is little clarity concerning what constitutes an “enterprise” or indeed “enterprise transformation.” This article is conceived as an initial step along the journey towards this clarity. There is considerable work to be done in delineating this area of interest and this article is offered as a stimulus for debate on what constitutes enterprise transformation. Drawing on themes from the management and systems engineering disciplines, the article will propose four characteristics of “enterprise” as a unit for transformation and look at why this holistic unit of analysis has become critical to businesses. The article will also ask what constitutes transformation, and offer characterizing criteria to distinguish this magnitude of change from more incremental changes. A recent empirical case study will be examined to further elucidate challenges faced in defining, leading, and transforming multi-organizational enterprises. Finally, a near-term research agenda is outlined for the evolving discipline of enterprise transformation

An assessment of technology-based service encounters & network security on the e-health care systems of medical centers in Taiwan

<p>Abstract</p> <p>Background</p> <p>Enhancing service efficiency and quality has always been one of the most important factors to heighten competitiveness in the health care service industry. Thus, how to utilize information technology to reduce work load for staff and expeditiously improve work efficiency and healthcare service quality is presently the top priority for every healthcare institution. In this fast changing modern society, e-health care systems are currently the best possible way to achieve enhanced service efficiency and quality under the restraint of healthcare cost control. The electronic medical record system and the online appointment system are the core features in employing e-health care systems in the technology-based service encounters.</p> <p>Methods</p> <p>This study implemented the Service Encounters Evaluation Model, the European Customer Satisfaction Index, the Attribute Model and the Overall Affect Model for model inference. A total of 700 copies of questionnaires from two authoritative southern Taiwan medical centers providing the electronic medical record system and the online appointment system service were distributed, among which 590 valid copies were retrieved with a response rate of 84.3%. We then used SPSS 11.0 and the Linear Structural Relationship Model (LISREL 8.54) to analyze and evaluate the data.</p> <p>Results</p> <p>The findings are as follows: (1) Technology-based service encounters have a positive impact on service quality, but not patient satisfaction; (2) After experiencing technology-based service encounters, the cognition of the service quality has a positive effect on patient satisfaction; and (3) Network security contributes a positive moderating effect on service quality and patient satisfaction.</p> <p>Conclusion</p> <p>It revealed that the impact of electronic workflow (online appointment system service) on service quality was greater than electronic facilities (electronic medical record systems) in technology-based service encounters. Convenience and credibility are the most important factors of service quality in technology-based service encounters that patients demand. Due to the openness of networks, patients worry that transaction information could be intercepted; also, the credibility of the hospital involved is even a bigger concern, as patients have a strong sense of distrust. Therefore, in the operation of technology-based service encounters, along with providing network security, it is essential to build an atmosphere of psychological trust.</p