MetricM: a modeling method in support of the reflective design and use of performance measurement systems

Performance indicators play a key role in management practice. The existence of a coherent and consistent set of performance indicators is widely regarded as a prerequisite to making informed decisions in line with set objectives of the firm. Designing such a system of performance indicators requires a profound understanding of the relations between financial and non-financial metrics, organizational goals, aspired decision scenarios, and the relevant organizational context—including subtleties resulting from implicit assumptions and hidden agendas potentially leading to dysfunctional consequences connected with the ill-informed use of performance indicators. In this paper, we investigate whether a domain-specific modeling method can address requirements essential to the reflective design of performance measurement systems, and which structural and procedural features such a method entails. The research follows a design research process in which we describe a research artifact, and evaluate it to assess whether it meets intended goals and domain requirements. In the paper, we specify design goals, requirements and assumptions underlying the method construction, discuss the structural specification of the method and its design rationale, and provide an initial method evaluation. The results indicate that the modeling method satisfies the requirements of the performance measurement domain, and that such a method contributes to the reflective definition and interpretation of performance measurement systems.     

Components of a multi-perspective modeling method for designing and managing IT security systems

Information technology (IT) security design and management are a major concern and substantial challenge for IT management. Today’s highly complex business and technological environments and the need to effectively communicate and justify IT security requirements and controls demand methodical support. The modeling method presented in this paper addresses this demand. The method is based on the assumption that enriched enterprise models integrating technological, business, organizational and strategic aspects provide an effective foundation for developing and managing IT security systems and facilitating communication and understanding between stakeholders. The proposed modeling method for designing and managing IT security in organizations accounts for different perspectives and is based on multi-perspective enterprise modeling. The core components of the method, based on analysis of requirements at different levels of abstraction, are: modeling language concepts specifically designed to address security issues, process models that guide the use of the resulting language, and a modeling environment. The method facilitates elaborate representations of the various aspects of IT security at different levels of abstraction and covers the entire lifecycle of IT security systems. It not only supports multi-perspective requirement analysis and design but also enables monitoring and analysis of IT security at runtime. The presented artifact is evaluated with recourse to a research method that enables the configuration of multi-criteria justification procedures.     

Why one big picture is worth a thousand numbers: measuring intangible benefits of investments in augmented reality based assistive technology using utility effect chains and system dynamics

The body of literature in the area of IT/IS investment evaluation proposes a variety of methods and techniques for the ex-ante assessment of IT/IS investments. However, the financial evaluation of intangible benefits associated with IT/IS investments in general and investments in innovative IT/IS in particular still remains a problem area of high relevance to decision makers. As a consequence, investment decisions are still taken by practitioners as an “act of faith”. With this in mind, it is our primary aim to develop a quantification model for the financial assessment of intangible benefits concerning investments in innovative IT/IS. Based on an augmented reality and smart glasses application scenario from the construction domain, we demonstrate how intangible benefits of innovative IT/IS investments can be visualised and measured more effectively by means of utility effect chains and system dynamics prior to their incorporation into a cost–benefit analysis. Based on design science research, the quantification model is developed by means of a systematic literature review and evaluated using the augmented reality application scenario in construction. The model can serve as an aid to the managerial decision making process by providing an enhanced understanding of the various tangible and intangible benefits associated with the investment.     

动态进化导向的系统分析与设计

信息系统的动态进化是其适应IT发展、组织业务和环境变化需求的一种重要能力,特别是在实时系统和分布式系统当中,正引起学者的广泛关注和深入研究。综述了相关领域的研究成果,并提出用系统化的建模方法,从信息系统动态进化的行为连续性、触发机制、系统化的抽象层次三个角度来研究信息系统的动态进化。这一系列的信息系统动态进化理论和提出的系统建模方法、建议的工具、系统构架构成了一定的动态进化导向的信息系统分析和设计的方法论,推动当前相关领域的理论研究和实践探索。     

Theory-generating design science research

A frequently mentioned challenge in design science research (DSR) is the generation of novel theory above and beyond information technology artefacts. This article analyzes the DSR process and extends established frameworks for theory generation to exemplify improvements to theory generation through methods of grounded theory development. On a conceptual base, we developed a theory-generating DSR approach which integrates methods of grounded theory development with established DSR methodology. This combination enables a design theorist to generate theoretical knowledge that extends the applicable knowledge base. We do not elaborate this combination on a meta-level, but rather provide a process model for researchers in form of an extension of a well-known DSR model to combine both methods in a pluralistic research design. With this suggested research approach, scholars can draw theoretical insights from analytical abstractions and can improve the development of IT artefacts in a structured way to avoid failure or repair loops.     

Senior executives'' use of information technology

There is a paucity of literature focusing on the ingredients for effective top management, i.e. senior executives, use of Information Technology (IT). In practice, many senior executives argue that they do not see a connection between what IT does and their tasks as executives. Based on the Technology Acceptance Model (TAM), a research model was developed and tested to assess the factors that influence the use of IT by senior executives. A dedicated system supporting the task of a senior executive, an Executive Information System (EIS), was used as the IT tool under review. A large number of external variables were identified and hypothesized, influencing the core elements of TAM. To test the research model using structural equation modeling, cross-sectional data was gathered from eighty-seven senior executives drawn from twenty-one European-based multinationals. The results supported the core TAM and found only a small number of antecedent variables influencing actual use, either directly or indirectly. In addition to identifying the external factors, three of these key variables are under managerial control. They can be used to design organizational or managerial interventions that increase effective utilization of IT.     

IT一体化运维管控技术与管理研究

在分析了当前电力行业中IT运维操作面临的内部和外部安全风险与需求的基础上,以IT运维安全审计系统、动态口令认证系统、防火墙等运维安全系统为研究对象,对IT运维安全的技术手段与管理手段进行探讨,并提出相应的技术方案和安全管理要求,对内部人员和第三方人员实现一体化运维管控。经实践表明,该技术方案和管理要求是可行有效的,既满足IT运维审计的实际需要,又符合IT内控管理中的合规性要求。     

Yet another cybersecurity risk assessment framework

IT systems pervade our society more and more, and we become heavily dependent on them. At the same time, these systems are increasingly targeted in cyberattacks, making us vulnerable. Enterprise and cybersecurity responsibles face the problem of defining techniques that raise the level of security. They need to decide which mechanism provides the most efficient defense with limited resources. Basically, the risks need to be assessed to determine the best cost-to-benefit ratio. One way to achieve this is through threat modeling; however, threat modeling is not commonly used in the enterprise IT risk domain. Furthermore, the existing threat modeling methods have shortcomings. This paper introduces a metamodel-based approach named Yet Another Cybersecurity Risk Assessment Framework (Yacraf). Yacraf aims to enable comprehensive risk assessment for organizations with more decision support. The paper includes a risk calculation formalization and also an example showing how an organization can use and benefit from Yacraf.

     

Business Processes Verification for e-Government Service Delivery

Domain experts knowledge represents a major source of information in the design and the development of user-centric and distributed service-based applications, such as those of e-government. Issues related both to the communication among domain and IT experts, and to the implementation of domain dependent requirements in service-based applications, have to be carefully considered to support both Public Administrations efficiency and citizen satisfaction. In this article, we provide as user-friendly approach toward business process assessment via formal verification. Starting from a semi-formal notation, well understood and largely used by domain experts, we provide a mapping to a formal specification in the form of a process algebra. This transformation makes possible formal and automatic verification of desired quality requirements. The approach has been already applied, with encouraging results, in the e-government domain to verify the quality of business processes related to the delivery of e-government digital services to citizens. Moreover, the approach is supported by a plug-in for the Eclipse platform permitting to have an integrated environment in which to design the process model and to assess its quality.     

Systemic classification of concern-based design methods in the context of enterprise architecture

Enterprise Architecture (EA) is a relatively new domain that is rapidly developing. “The primary reason for developing EA is to support business by providing the fundamental technology and process structure for an IT strategy” [TOGAF]. EA models have to model enterprises facets that span from marketing to IT. As a result, EA models tend to become large. Large EA models create a problem for model management. Concern-based design methods (CBDMs) aim to solve this problem by considering EA models as a composition of smaller, manageable parts—concerns. There are dozens of different CBDMs that can be used in the context of EA: from very generic methods to specific methods for business modeling or IT implementations. This variety of methods can cause two problems for those who develop and use innovative CBDMs in the field of Enterprise Architecture (EA). The first problem is to choose specific CBDMs that can be used in a given EA methodology: this is a problem for researchers who develop their own EA methodology. The second problem is to find similar methods (with the same problem domain or with similar frameworks) in order to make a comparative analysis with these methods: this is a problem of researchers who develop their own CBDMs related to a specific problem domain in EA (such as business process modeling or aspect oriented programming). We aim to address both of these problems by means of a definition of generic Requirements for CBDMs based on the system inquiry. We use these requirements to classify twenty CBDMs in the context of EA. We conclude with a short discussion about trends that we have observed in the field of concern-based design and modeling.     

Inside the adaptive enterprise: an information technology capabilities perspective on business process agility

Recent innovations in utility computing, web services, and service-oriented architectures, combined with a growing array of IT skills, have improved firms’ ability to be more agile in responding to change. Using the resource-based view of the firm, prior research suggests that IT resources, in isolation, are unlikely to yield superior performance and so as firms try to boost their agility, the question becomes how to configure IT resources to prepare for, or react to, change. In this paper, we posit that managerial IT capabilities based on IT-business partnerships, strategic planning, and ex-post IT project analysis lead to the development of technical IT capabilities associated with a flexible IT infrastructure which in turn drives agility or a firm’s ability to react to change in its products and markets. Using data from matched surveys of IT and business executives in 241 firms, we find that managerial and technical capabilities affect agility. In further testing, we reveal that in a stable setting, technical IT capabilities are more important to agility than managerial IT capabilities, while in a dynamic setting, the opposite is true. Thus, for firms operating in volatile markets, effective models of managerial IT governance are essential for delivering superior agility or adaptiveness.

光纤耦合太赫兹时域光谱采样技术

主要对基于光电导天线的典型光纤耦合太赫兹时域光谱采样技术及典型光纤耦合太赫兹时域光谱系统进行了介绍.光电导天线是太赫兹时域脉冲信号产生和探测的关键部件,目前基于光电导天线的光纤耦合太赫兹时域光谱采样技术主要有3种,分别为等效时间采样法、异步采样法和腔长调谐光学采样法.对3种不同采样方法的技术原理进行了分析,并对基于不同采样原理的光纤耦合太赫兹时域光谱系统结构进行了介绍,给出了基于不同采样原理的光纤耦合太赫兹时域光谱系统典型产品说明和关键技术指标,说明了基于不同采样方法的系统特点.可为不同的应用需求提供技术参考,为自主搭建基于不同采样技术的光线耦合太赫兹时域光谱系统提供技术支持.     

Model-based qualitative risk assessment for availability of IT infrastructures

For today’s organisations, having a reliable information system is crucial to safeguard enterprise revenues (think of on-line banking, reservations for e-tickets etc.). Such a system must often offer high guarantees in terms of its availability; in other words, to guarantee business continuity, IT systems can afford very little downtime. Unfortunately, making an assessment of IT availability risks is difficult: incidents affecting the availability of a marginal component of the system may propagate in unexpected ways to other more essential components that functionally depend on them. General-purpose risk assessment (RA) methods do not provide technical solutions to deal with this problem. In this paper we present the qualitative time dependency (QualTD) model and technique, which is meant to be employed together with standard RA methods for the qualitative assessment of availability risks based on the propagation of availability incidents in an IT architecture. The QualTD model is based on our previous quantitative time dependency (TD) model (Zambon et al. in BDIM ’07: Second IEEE/IFIP international workshop on business-driven IT management. IEEE Computer Society Press, pp 75–83, 2007), but provides more flexible modelling capabilities for the target of assessment. Furthermore, the previous model required quantitative data which is often too costly to acquire, whereas QualTD applies only qualitative scales, making it more applicable to industrial practice. We validate our model and technique in a real-world case by performing a risk assessment on the authentication and authorisation system of a large multinational company and by evaluating the results with respect to the goals of the stakeholders of the system. We also perform a review of the most popular standard RA methods and discuss which type of method can be combined with our technique.     

基于领域需求结构化描述的自动分析建模方法

软件需求描述和需求分析建模一直以来是需求工程的重要工作,且存在紧密的关联,自动化需求分析建模与验证需要以规范的需求描述为基础。提出基于领域需求的结构化描述的自动分析建模方法,通过对系统整体按照一定的组织结构进行描述,描述句式采用富含语义的句型和普通句型相结合的方式,运用自然语言处理相关技术,通过预定义的转换规则对结构化描述下的需求文本进行建模元素识别,实现自动化的建模,最终生成UML图形化分析结果。     

Designing IT systems according to environmental settings: A strategic analysis framework

In the past, IT system design is mainly driven by two essential factors: technical merits and costs. Environmental consideration only emerges in most recent discussions under the label of green IT. As the evaluation of environmental and climate impact involves too many parameters, some of which are indirect and hidden, it is very hard to make rationale analysis without the support of a holistic strategic analysis framework. In this paper, we propose to extend the goal-oriented requirements modeling language, GRL, to model the rationality behind IT system design, in particular, how the environment related considerations come into play in such design decision making. It can be adopted as a strategic analysis framework to facilitate concrete decision makings under different environmental settings. Example real world scenarios are used to illustrate how the proposed approach can help improve the state of the practice.     

An ontology-based framework for domain-specific modeling

Domain-specific languages (DSLs) provide abstractions and notations for better understanding and easier modeling of applications in a special domain. Current shortcomings of DSLs include learning curve and formal semantics. This paper reports on a framework that allows the use of ontology technologies to describe and reason on DSLs. The formal semantics of OWL together with reasoning services allows for addressing constraint definition, progressive evaluation, suggestions, and debugging. The approach integrates existing metamodels and concrete syntaxes in a new technical space. A scenario in which domain models for network devices are created illustrates the framework.     

Evaluating the generalizability of the Organizational Constraints Analysis framework: a hospital bed management case study

Cognitive Work Analysis (CWA) provides useful tools for analyzing and modeling work constraints that can inform the development of systems design requirements. However, it does not provide effective tools for analyzing and modeling organizational constraints that can inform the development of organizational design requirements. By integrating organizational theories with the CWA approach, we developed the Organizational Constraints Analysis framework, a formative approach to the analysis, modeling, and design of the organization of work. In this paper, we test the generalizability of the framework by using its two analytical templates—the Organizational Constraints model and Work Possibilities diagram—to analyze the hospital bed management work domain. The research findings suggest that the concepts, investigative probes, and notations from the analytical templates can be applied to complex work domains beyond those in which it was initially developed. We conclude with suggestions for how the Organizational Constraints Analysis framework can complement CWA methods by helping researchers and practitioners develop a broader organizational perspective on the constraints that drive how work can be done in organizations.     

基于特征模型和构件语义的概念体系结构设计

特定领域软件体系结构(domain-specific software architecture,简称DSSA)是特定领域开发中的重要资产,而基于特征的领域模型使得从领域需求到DSSA的映射成为可能.引入本体作为特征模型的描述基础,通过该方法得到的领域特征本体将同时作为领域内业务构件的语义描述基础存在.在此基础上,提出了基于特征模型和构件语义的概念体系结构设计方法.该方法综合考虑了特征模型中的共性、可变性、绑定时间以及结构关系、依赖关系等对DSSA设计的影响,同时以构件语义作为特征到概念构件设计的过渡.相关方法已经实现为基于本体的特征建模工具和基于特征模型的体系结构设计工具,为特征驱动的领域开发提供了有力的支持.     

Evaluating the characteristics of a non-standardised Model Requirements Analysis (MRA) for the development of policy impact assessment tools

The aim of this paper is to provide a critical analysis of the strengths and weaknesses of a non-standardised Model Requirements Analysis (MRA) used for the purpose of developing the Sustainability Impact Assessment Tool (SIAT). By ‘non-standardised’ we mean not strictly following a published MRA method. The underlying question we are interested in addressing is how non-standardised methods, often employed in research driven projects, compare to defined methods with more standardised structure, with regards their ability to capture model requirements effectively, and with regards their overall usability. Through describing and critically assessing the specific features of the non-standardised MRA employed, the ambition of this paper is to provide insights useful for impact assessment tool (IAT) development. Specifically, the paper will (i) characterise kinds of user requirements relevant to the functionality and design of IATs; (ii) highlight the strengths and weaknesses of non-standardised MRA for user requirements capture, analysis and reflection in the context of IAT; (iii) critically reflect on the process and outcomes of having used a non-standardised MRA in comparison with other more standardised approaches. To accomplish these aims, we first review methods available for IAT development before describing the SIAT development process, including the MRA employed. Major strengths and weaknesses of the MRA method are then discussed in terms of user identification and characterisation, organisational characterisation and embedding, and ability to capture design options for ensuring usability and usefulness. A detailed assessment on the structural differences of MRA with two advanced approaches (Integrated DSS design and goal directed design) and their role in performance of the MRA tool is used to critique the approach employed. The results show that MRA is able to bring thematic integration, establish system performance and technical thresholds as well as detailing quality and transparency guidelines. Nevertheless the discussion points out to a number of deficiencies in application - (i) a need to more effectively characterise potential users, and; (ii) a need to better foster communication among the distinguished roles in the development process. If addressed these deficiencies, SIAT non-standardised MRA could have brought out better outcomes in terms of tool usability and usefulness, and improved embedding of the tool into conditions of targeted end-users.     

Wertorientierte Gestaltung von Informationssystemen: Konzeption und Anwendung einer Potenzialmodellierung am Beispiel Serviceorientierter Architekturen

Companies are increasingly confronted with the question of whether or not the adoption of information technologies (IT) turns out to be a profitable venture. Thus, there is a great need for methods which allow for both the analysis and evaluation of the economic value of IT investments. In this paper we introduce the concept of potentials modeling which integrates a value-oriented perspective into information modeling. More specifically, we set out to explore the economic value of service-oriented architectures (SOA). The practicability of our approach is illustrated on the basis of a simplified application example. It is hoped that this paper will make a contribution to the ongoing discussion on IT value and stimulates further research in the field of value-oriented information systems (IS) research.