Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes

The present paper examines stakeholders\u27 business process model awareness to measure and improve stakeholder participation in information systems security risk management (ISRM) via a multi-method research study at the organizational level. Organizational stakeholders were interviewed to gain an understanding of their awareness of business processes and related security requirements in the context of an ongoing ISRM process. The research model was evaluated in four case studies. The findings indicate that stakeholders\u27 awareness of business process models contributed to an improved ISRM process, better alignment to the business environment and improved elicitation of security requirements. Following current research that considers users as the most important resource in ISRM, this study highlights the importance of involving appropriate stakeholders at the right time during the ISRM process and provides risk managers with decision support for the prioritization of stakeholder participation during ISRM processes to improve results and reduce overhead

Towards a Precise Semantics for Object-Oriented Modeling Techniques

In this paper we present a possible way how a precise semantics of object oriented modeling techniques can be achieved and what the possible benefits are .We outline the main modeling techniques used in the SysLab project sketch how a precise semantics can be given and how this semantics can be used during the development process.Comment: 6 pages, 0 figure

Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyberattacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived eight key findings and discuss how existing gaps should be addressed by future research

Enterprise Architecture Documentation: Current Practices and Future Directions

Over the past decade Enterprise Architecture (EA) management matured to a discipline commonly perceived as a strategic advantage. Among others, EA management helps to identify and realize cost saving potentials in organizations. EA initiatives commonly start by documenting the status-quo of the EA. The respective management discipline analyzes this so-called current state and derives intermediate planned states heading towards a desired target state of the architecture. Several EA frameworks describe this process in theory. However, during practical application, organizations struggle with documenting the EA and lack concrete guidance during the process. To underline our observations and confirm our hypotheses, we conducted a survey among 140 EA practitioners to analyze issues organizations face while documenting the EA and keeping the documentation up to date. In this paper we present results on current practices, challenges, and automation techniques for EA documentation in a descriptive manner

Lecturers’ and Students’ Experiences with an Automated Programming Assessment System

Assessment of source code in university education has become an integral part of grading students and providing them valuable feedback on their developed software solutions. Thereby, lecturers have to deal with a rapidly growing number of students from heterogeneous fields of study, a shortage of lecturers, a highly dynamic set of learning objectives and technologies, and the need for more targeted student support. To meet these challenges, the use of an automated programming assessment system (APAS) to support traditional teaching is a promising solution. This paper examines this trend by analyzing the experiences of lecturers and students at various universities with an APAS and its impact over the course of a semester. In doing so, we conducted a total number of 30 expert interviews with end users, including 15 lecturers and 15 students, from four different universities within the same country. The results discuss the experiences of lecturers and students and highlight challenges that should be addressed in future research