Security Requirements Specification and Tracing within Topological Functioning Model

Specification and traceability of security requirements is still a challenge since modeling and analysis of security aspects of systems require additional efforts at the very beginning of software development. The topological functioning model is a formal mathematical model that can be used as a reference model for functional and non-functional requirements of the system. It can also serve as a reference model for security requirements. The purpose of this study is to determine the approach to how security requirements can be specified and traced using the topological functioning model. This article demonstrates the suggested approach and explains its potential benefits and limitations

Business-IT Alignment: A Discussion on Enterprise Architecture and Blockchains. Editorial Introduction to Issue 35 of CSIMQ

Nowadays, business operation is impossible without proper alignment between business and IT goals. The alignment foresees integration at different levels: strategic, managerial, technological, and others. In addition, aligning goals should take into account factors arising from interaction with business partners, competitors, customers, and supervisory authorities. The collection of articles included in this issue presents research on the impact of different factors on the achievement of business and IT goal alignment. The first two articles in the collection concern Enterprise Architecture (EA) while the last two articles consider blockchain applications

Selected Topics on Information Management in Complex Systems: Editorial Introduction to Issue 24 of CSIMQ

Complex systems consist of multiple interacting parts; some of them (or even all of them) may also be systems. While performing their tasks, these parts operate with multiple data and information flows. Data are gathered, created, transferred, and analyzed. Information based on the analyzed data is assessed and taken into account during decision making. Different types of data and a large number of data flows can be considered as one of the sources of system complexity. Thus, information management, including data control, is an important aspect of complex systems development and management.According to ISO/IEC/IEEE 15288:2015, “the purpose of the Information Management Process is to generate, obtain, confirm, transform, retain, retrieve, disseminate and dispose of information, to designated stakeholders…”. Information management strategies consider the scope of information, constrains, security controls and information life cycle. This means that information management activities should be implemented starting from the level of primitive data gathering and ending with enterprise-level decision making.The articles, which have been recommended by reviewers for this issue of CSIMQ, present contributions in different aspects of information management in complex systems, namely, implementation of harmful environment monitoring and data transmitting by Internet-of-Things (IoT) systems, analysis of technological and organizational means for mitigating issues related to information security and users’ privacy that can lead to changes in corresponding systems’ processes, organization and infrastructure, as well as assessment of potential benefits that a controlled (i.e. based on the up-to-date information) change process can bring to an enterprise

Selected Topics on Advanced Methods in Complex Systems Research: Editorial Introduction to Issue 28 of CSIMQ

The articles, which have been recommended by reviewers for this issue of CSIMQ, present contributions which evaluate the application of advanced means for evaluation, monitoring, design, and modification of complex systems. The focus of the published articles is on such issues as quality assurance in the context of big data, content analysis in the mobile app context, and blockchains in securities settlements

Overcoming System Complexity using Models and Knowledge Structures. Editorial Introduction to Issue 36 of CSIMQ

Models allow us to simplify reality and give advantages to both decomposition and abstraction. Models can have various forms from textual, tabular, mathematical, and graphical to a combination of these formats. Formal models can be processed, or even executed, by machines. An engineering model must satisfy such characteristics as abstraction, understandability, accuracy, predictiveness, and inexpensiveness. Models explicitly represent knowledge of the modeled domain in a form suitable for reasoning about them and learning. Knowledge may be descriptive, structural, procedural, meta-, or heuristic. Focus on one type of knowledge during the analysis may ignore the other one. Moreover, analysis and reasoning also rely on data representation forms which may lose accuracy due to simplification and different assumptions. Therefore, completeness, correctness, and adequacy of knowledge as well as particularities of the representing structure may affect the results of knowledge processing and decision making. Therefore, the capability of models (and other structures) to represent knowledge completely, adequately, and accurately is still a matter of various research activities. This issue of CSIMQ is devoted to this matter

Selected Topics on Business Informatics: Editorial Introduction to Issue 29 of CSIMQ

The objective of this thematic issue was to show the diversity of research in the field of business informatics, both from the perspective of application areas and from the research methodologies applied. Application areas visible in this issue are product development in manufacturing industries, online learning in universities, innovation activities in networks of museums, and curriculum engineering in educational organizations. Research methods include various quantitative and qualitative approaches combined with prototyping and the design science paradigm

Extracting TFM Core Elements From Use Case Scenarios by Processing Structure and Text in Natural Language

Extracting core elements of Topological Functioning Model (TFM) from use case scenarios requires processing of both structure and natural language constructs in use case step descriptions. The processing steps are discussed in the present paper. Analysis of natural language constructs is based on outcomes provided by Stanford CoreNLP. Stanford CoreNLP is the Natural Language Processing pipeline that allows analysing text at paragraph, sentence and word levels. The proposed technique allows extracting actions, objects, results, preconditions, post-conditions and executors of the functional features, as well as cause-effect relations between them. However, accuracy of it is dependent on the used language constructs and accuracy of specification of event flows. The analysis of the results allows concluding that even use case specifications require the use of rigor, or even uniform, structure of paths and sentences as well as awareness of the possible parsing errors