Using Business Process Model Awareness to improve Stakeholder Participation in Information Systems Security Risk Management Processes

The present paper examines stakeholders\u27 business process model awareness to measure and improve stakeholder participation in information systems security risk management (ISRM) via a multi-method research study at the organizational level. Organizational stakeholders were interviewed to gain an understanding of their awareness of business processes and related security requirements in the context of an ongoing ISRM process. The research model was evaluated in four case studies. The findings indicate that stakeholders\u27 awareness of business process models contributed to an improved ISRM process, better alignment to the business environment and improved elicitation of security requirements. Following current research that considers users as the most important resource in ISRM, this study highlights the importance of involving appropriate stakeholders at the right time during the ISRM process and provides risk managers with decision support for the prioritization of stakeholder participation during ISRM processes to improve results and reduce overhead

Towards a Precise Semantics for Object-Oriented Modeling Techniques

In this paper we present a possible way how a precise semantics of object oriented modeling techniques can be achieved and what the possible benefits are .We outline the main modeling techniques used in the SysLab project sketch how a precise semantics can be given and how this semantics can be used during the development process.Comment: 6 pages, 0 figure

Threat Intelligence Sharing Platforms: An Exploratory Study of Software Vendors and Research Perspectives

In the last couple of years, organizations have demonstrated an increased willingness to exchange information and knowledge regarding vulnerabilities, threats, incidents and mitigation strategies in order to collectively protect against today’s sophisticated cyberattacks. As a reaction to this trend, software vendors started to create offerings that facilitate this exchange and appear under the umbrella term “Threat Intelligence Sharing Platforms”. To which extent these platforms provide the needed means for exchange and information sharing remains unclear as they lack a common definition, innovation in this area is mostly driven by vendors and empirical research is rare. To close this gap, we examine the state-of-the-art software vendor landscape of these platforms, identify gaps and present arising research perspectives. Therefore, we conducted a systematic study of 22 threat intelligence sharing platforms and compared them. We derived eight key findings and discuss how existing gaps should be addressed by future research

Enterprise Architecture Documentation: Current Practices and Future Directions

Over the past decade Enterprise Architecture (EA) management matured to a discipline commonly perceived as a strategic advantage. Among others, EA management helps to identify and realize cost saving potentials in organizations. EA initiatives commonly start by documenting the status-quo of the EA. The respective management discipline analyzes this so-called current state and derives intermediate planned states heading towards a desired target state of the architecture. Several EA frameworks describe this process in theory. However, during practical application, organizations struggle with documenting the EA and lack concrete guidance during the process. To underline our observations and confirm our hypotheses, we conducted a survey among 140 EA practitioners to analyze issues organizations face while documenting the EA and keeping the documentation up to date. In this paper we present results on current practices, challenges, and automation techniques for EA documentation in a descriptive manner

Lecturers’ and Students’ Experiences with an Automated Programming Assessment System

Assessment of source code in university education has become an integral part of grading students and providing them valuable feedback on their developed software solutions. Thereby, lecturers have to deal with a rapidly growing number of students from heterogeneous fields of study, a shortage of lecturers, a highly dynamic set of learning objectives and technologies, and the need for more targeted student support. To meet these challenges, the use of an automated programming assessment system (APAS) to support traditional teaching is a promising solution. This paper examines this trend by analyzing the experiences of lecturers and students at various universities with an APAS and its impact over the course of a semester. In doing so, we conducted a total number of 30 expert interviews with end users, including 15 lecturers and 15 students, from four different universities within the same country. The results discuss the experiences of lecturers and students and highlight challenges that should be addressed in future research

Towards an Evaluation Framework for Threat Intelligence Sharing Platforms

Threat intelligence sharing is an important countermeasure against the increasing number of security threats to which companies and governments are exposed. Its objective is the cross-organizational exchange of information about actual and potential threats. In recent years, a heterogeneous market of threat intelligence sharing platforms (TISPs) has emerged. These platforms are inter-organizational systems that support collaborative collection, aggregation, analysis and dissemination of threat-related information. Organizations that consider using TISPs are often faced with the challenge of selecting suitable platforms. To facilitate the evaluation of threat intelligence sharing platforms, we present a framework for analyzing and comparing relevant TISPs. Our framework provides a set of 25 functional and non-functional criteria that support potential users in selecting suitable platforms. We demonstrate the applicability of our evaluation framework by assessing three platforms: MISP, OTX and ThreatQ. We describe common features and differences between the three platforms

Enterprise Architecture Planning: Analyses of Requirements from Practice and Research

Enterprise architecture management (EAM) has become an increasingly important topic in practice due to the growing complexity of organizations and their underlying IT. While there is a strong interest in Enterprise Architecture (EA) modeling, evaluation, and frameworks, a lack of knowledge remains in the research field of EA planning. We conducted a series of expert interviews on the topic of EA planning. From these interviews we were able to extract requirements for EA planning from practice as the foundation of our analyses. Additionally, we conducted a structured literature review to elicit requirements for EA planning from a research perspective. This paper combines the results of both the practitioner interviews and the literature review to emphasize the gaps between the two worlds. As a result, we identified that current research does not adequately address the pressing problems of EA planning in practice