The effect of governance on global software development: An empirical research in transactive memory systems

ContextThe way global software development (GSD) activities are managed impacts knowledge transactions between team members. The first is captured in governance decisions, and the latter in a transactive memory system (TMS), a shared cognitive system for encoding, storing and retrieving knowledge between members of a group.ObjectiveWe seek to identify how different governance decisions (such as business strategy, team configuration, task allocation) affect the structure of transactive memory systems as well as the processes developed within those systems.MethodWe use both a quantitative and a qualitative approach. We collect quantitative data through an online survey to identify transactive memory systems. We analyze transactive memory structures using social network analysis techniques and we build a latent variable model to measure transactive memory processes. We further support and triangulate our results by means of interviews, which also help us examine the GSD governance modes of the participating projects. We analyze governance modes, as set of decisions based on three aspects; business strategy, team structure and composition, and task allocation.ResultsOur results suggest that different governance decisions have a different impact on transactive memory systems. Offshore insourcing as a business strategy, for instance, creates tightly-connected clusters, which in turn leads to better developed transactive memory processes. We also find that within the composition and structure of GSD teams, there are boundary spanners (formal or informal) who have a better overview of the network’s activities and become central members within their network. An interesting mapping between task allocation and the composition of the network core suggests that the way tasks are allocated among distributed teams is an indicator of where expertise resides.ConclusionWe present an analytical method to examine GSD governance decisions and their effect on transactive memory systems. Our method can be used from both practitioners and researchers as a “cause and effect” tool for improving collaboration of global software teams.     

On the model-based control of networked systems

In this paper the control of linear plants, where the sensor is connected to a linear controller/actuator via a network is addressed. Both, state and output feedback, are considered and results are derived for both continuous and discrete plants. A key idea is that knowledge of the plant dynamics is used to reduce the usage of the network. Necessary and sufficient conditions for stability are derived as simple eigenvalue tests of a well-structured test matrix, constructed in terms of the update time h, and the parameters of the plant and of its model. These tests are extended to include network delay as well.     

Information systems as social systems: Implications for developing countries

Abstract

Computer‐based information systems should be conceptualised as social systems in which technology is only one of the dimensions. This broader perspective on information systems offers opportunities for a deeper understanding of their development and use. The social systems approach is illustrated in the paper by two research projects in the UK on the evaluation of information systems and information systems strategy formulation. The relevance of the UK research to a developing country context is discussed and it is argued that methodologies which aim to provide an understanding of the organisational, social and political context are highly suitable for organisations in developing countries. Some implications are drawn for research, education and practice related to information systems in developing countries.     

VIVACE: A framework for the systematic evaluation of variability support in process-aware information systems

ContextThe increasing adoption of process-aware information systems (PAISs) such as workflow management systems, enterprise resource planning systems, or case management systems, together with the high variability in business processes (e.g., sales processes may vary depending on the respective products and countries), has resulted in large industrial process model repositories. To cope with this business process variability, the proper management of process variants along the entire process lifecycle becomes crucial.ObjectiveThe goal of this paper is to develop a fundamental understanding of business process variability. In particular, the paper will provide a framework for assessing and comparing process variability approaches and the support they provide for the different phases of the business process lifecycle (i.e., process analysis and design, configuration, enactment, diagnosis, and evolution).MethodWe conducted a systematic literature review (SLR) in order to discover how process variability is supported by existing approaches.ResultsThe SLR resulted in 63 primary studies which were deeply analyzed. Based on this analysis, we derived the VIVACE framework. VIVACE allows assessing the expressiveness of a process modeling language regarding the explicit specification of process variability. Furthermore, the support provided by a process-aware information system to properly deal with process model variants can be assessed with VIVACE as well.ConclusionsVIVACE provides an empirically-grounded framework for process engineers that enables them to evaluate existing process variability approaches as well as to select that variability approach meeting their requirements best. Finally, it helps process engineers in implementing PAISs supporting process variability along the entire process lifecycle.     

Context-aware,self-scaling Fuzzy ArtMap for received signal strength based location systems

Location awareness is the key capability of mobile computing applications. Despite high demand, indoor location technologies have not become truly ubiquitous mainly due to their requirements of costly infrastructure and dedicated hardware components. Received signal strength (RSS) based location systems are poised to realize economical ubiquity as well as sufficient accuracy for variety of applications. Nevertheless high resolution RSS based location awareness requires tedious sensor data collection and training of classifier which lengthens location system development life cycle. We present a rapid development approach based on online and incremental learning method which significantly reduces development time while providing competitive accuracy in comparison with other methods. ConSelFAM (Context-aware, Self-scaling Fuzzy ArtMap) extends the Fuzzy ArtMap neural network system. It enables on the fly expansion and reconstruction of location systems which is not possible in previous systems.     

Exploring spatial datasets with histograms

As online spatial datasets grow both in number and sophistication, it becomes increasingly difficult for users to decide whether a dataset is suitable for their tasks, especially when they do not have prior knowledge of the dataset. In this paper, we propose browsing as an effective and efficient way to explore the content of a spatial dataset. Browsing allows users to view the size of a result set before evaluating the query at the database, thereby avoiding zero-hit/mega-hit queries and saving time and resources. Although the underlying technique supporting browsing is similar to range query aggregation and selectivity estimation, spatial dataset browsing poses some unique challenges. In this paper, we identify a set of spatial relations that need to be supported in browsing applications, namely, the contains, contained and the overlap relations. We prove a lower bound on the storage required to answer queries about the contains relation accurately at a given resolution. We then present three storage-efficient approximation algorithms which we believe to be the first to estimate query results about these spatial relations. We evaluate these algorithms with both synthetic and real world datasets and show that they provide highly accurate estimates for datasets with various characteristics. Recommended by: Sunil Prabhakar Work supported by NSF grants IIS 02-23022 and CNF 04-23336. An earlier version of this paper appeared in the 17th International Conference on Data Engineering (ICDE 2001).     

Employ Five Fundamental Principles to Produce a SOLID,Secure Network

ABSTRACT

While reading online forums and frequently asked questions (FAQs) pertaining to network security, inevitably one of the questions asked is “Is my network secure'” The typical answer is that one can never be completely certain that all security measures have been taken to protect a network from intruders. While this may be true, there are ways to increase the confidence of network administrators with regards to protecting the data and resources entrusted to them. This paper will present a strategy that, if implemented, will improve confidence that all necessary precautions in establishing a secure network have been taken.     

MAX-PLUS ALGEBRA MODELING FOR A PUBLIC TRANSPORT SYSTEM

Abstract

This paper discusses the use of Petri net languages, particularly, its subclass “timed event graph” for modeling a public transport network. The behavior of the network is described by a particular algebraic structure called (max, +) algebra. We show that the modeling of such a network is possible under some hypotheses. We propose a Petri net tool with some conflicts to model this network without taking into account these assumptions. The behavior of this Petri net in (max, +) algebra is presented. An example is given to illustrate our results.     

Exploring university perceptions of IS implementation and attributes of success: a case study of public universities in Thailand

ABSTRACT

This study aims to gain a better understanding of public university implementation of organizational information systems (IS). Mixed methods research was used, including initial exploration, telephone interviews, and a self-administered mail survey. The data were gathered from university personnel at 40 public universities in Thailand, and the research focused on the university student-registration systems (S-R). The study results highlight the different perceptions between two response groups: administrators and system users. The results show different perceptions of IS implementation and attributes that define IS implementation success. The results also serve as important suggestions that need to be recognized by administrators and practitioners for effectively planning the implementation of organizational IS in public universities.     

Internet Network Resource Information Model

The foundation of any network management systems is a database that contains information about the network resources relevant to the management tasks.A network information model is an abstraction of network resources,including both managed resources and managing resources,In the SNMP-based management framework,management information is defined almost exclusively from a “Device“ viewpoint,namely managing a network is equivalent to managing a collection of individual nodes.Aiming at making use of recent advances in distributed computing and in object-oriented analysis and design,the Internet management architecture can also be based on the Open Distributed Processing Reference Model(RM-ODP).The purpose of this article is to provide an Internet Network Resource Information Model.First,a layered management information architecture will be discussed.Then the Internet Network resource information model is presented.The information model is specified using object-Z.     

Integrating IS Disciplines into End-User Training

Abstract

In addition to software training, users need to learn systems analysis concepts and development techniques that will enable them to develop better and more reliable end-user applications. IS managers should realize that this type of IS-sponsored training not only improves the users’ productivity but the IS staffs as well.     

NCL: A common language for achieving rule-based interoperability among heterogeneous systems

For achieving interoperability among heterogeneous computing systems, the Object Management Group (OMG) has adapted the Common Object Request Broker Architecture (CORBA) and the use of an Interface Definition Language (IDL) for specifying object properties and operations which encapsulate the data and programs of heterogeneous systems. This paper describes a common language which is an enhancement of IDL to include: 1) the semantic richness of EXPRESS, an information modeling language adapted by the ISO/STEP community for achieving product model and data exchange; and 2) the extensibility features and knowledge rule specification offered by the Object-oriented Semantic Association Model (OSAM^*). This common language, named the NIIIP Common Language (NCL), is a part of the R&D effort of a project entitled the National Industrial Information Infrastructure Protocols (NIIIP). The design of NCL is standards-based, incorporating the semantic features of the two standard languages, IDL and EXPRESS, and conforming to their syntaxes as much as possible. It is an extensible language which supports the addition of new class, constraint, and association types to the language and its underlying object model in order to satisfy the diverse modeling needs of virtual enterprises. The language also contains a high-level rule specification component. Rules in NCL can be used for defining and enforcing integrity and security constraints, government or enterprise policies and regulations, and other types of semantic constraints that are local or global to heterogeneous systems. In this paper, we shall show how such a modeling language and its supporting KBMS functions can be used to achieve rule-based interoperability in an active heterogeneous system as an enhancement to OMG's CORBA.This research is supported by the Advanced Research Project Agency under ARPA Order No. B761-00 and managed by the United States Air Force under contract F33615-94-2-4447. This is a part of the R&D effort of the NIIIP Consortium. The views and conclusions contained in this paper are those of the authors and should not be interpreted necessarily as representing the official policies, either expressed or implied, of all the NIIIP Consortium members, the Advanced Research Projects Agency, or the United States government.     

Finite-time median-related group consensus over directed networks

ABSTRACT

In this paper, we investigate a novel finite-time median-related group consensus problem, where the finial consensus value can be identified as a desired function of the median of initial states instead of the much studied average value. The underlying communication topology is modelled by a weighted dynamical directed network. A distributed control protocol is firstly introduced to ensure that the agents can reach a median-related consensus in finite time in a collaboration network, meaning that all edge-weights of the communication network are non-negative. We then generalise the results to cooperation–competition networks, where the communication network is divided into predetermined collaboration subnetworks allowing possibly negative weights. Effective group control protocols are designed to guarantee the median-related group consensus in finite time. Finally, numerical simulations are presented to illustrate the availability of our theoretical results.     

General Misconceptions about Information Security Lead to an Insecure World

ABSTRACT

It is becoming clear that the underground hacking industry as a whole (not just individual hackers) is continually gaining ground despite the best efforts of the information security industry. It seems the latter should have an overwhelming advantage, as a multibillion dollar industry staffed with hundreds of thousands of security professionals. However, the efforts of the information security industry are almost always reactive, and in most cases amount to losing ground on the defensive. The unfortunate and seldom acknowledged truth is that the underground hacking industry is always one step ahead. Why are we so slow to respond when all evidence indicates that such delays lead to enormous business losses? Is it possible that the fundamental way our information system security is organized has some inherited deficiencies which are prohibiting us from successfully mounting an effective defense?

Today's losses are becoming too great to say that we are just in need of some evolutionary improvements. Instead, we need to reevaluate the way we go about security business as a whole. In this article, we consider various processes common to both information systems and information system security based on both well-known cases and personal experience. This is our initial attempt to analyze how information system security is organized and to suggest some core changes to its processes.     

Ontological Semantics for Distributing Contextual Knowledge in Highly Distributed Autonomic Systems

Much recent research has focused on applying Autonomic Computing principles to achieve constrained self-management in adaptive systems, through self-monitoring and analysis, strategy planning, and self adjustment. However, in a highly distributed system, just monitoring current operation and context is a complex and largely unsolved problem domain. This difficulty is particularly evident in the areas of network management, pervasive computing, and autonomic communications. This paper presents a model for the filtered dissemination of semantically enriched knowledge over a large loosely coupled network of distributed heterogeneous autonomic agents, removing the need to bind explicitly to all of the potential sources of that knowledge. This paper presents an implementation of such a knowledge delivery service, which enables the efficient routing of distributed heterogeneous knowledge to, and only to, nodes that have expressed an interest in that knowledge. This gathered knowledge can then be used as the operational or context information needed to analyze to the system's behavior as part of an autonomic control loop. As a case study this paper focuses on contextual knowledge distribution for autonomic network management. A comparative evaluation of the performance of the knowledge delivery service is also provided. John Keeney holds a BAI degree in Computer Engineering and a PhD in Computer Science from Trinity College Dublin. His primary interests are in controlling autonomic adaptable systems, particularly when those systems are distributed. David Lewis graduated in Electronics Engineering from the University of Southampton and gained his PhD in Computer Science from University College London. His areas of interest include integrated network and service management, distributed system engineering, adaptive and autonomic systems, semantic services and pervasive computing. Declan O’Sullivan was awarded his primary degree, MSc and PhD in Computer Science from Trinity College Dublin. He has a particular interest in the issues of semantic interoperability and heterogeneous information querying within a range of areas, primarily network and service management, autonomic management, and pervasive computing.     

Characteristics of Effective Security Governance 1

Abstract

This article outlines some thirty ways that fraudsters commonly commit identity theft and exploit stolen identities, with a little more information specifically on phishing using actual phishing e-mails to illustrate the techniques.     

BOND-GRAPHS FOR INFORMATION SYSTEMS

Abstract

In this paper, an approach dealing with the dynamical aspect of information systems modelling is described. The main idea that governs this article is that the bond-graphs language can be applied to information systems theory. An extension of bond-graphs words is presented to cope with information exchanges. The aim of this task is to show that bond-graphs concepts can be used to model all the aspects of the information system model (static, dynamical,.).

After a brief introduction, the bond-graph language for information systems is dealt with. Particular cases and a short comparison with the Jackson software development method constitute the subject of the sections that follow, then the tools required to model the running of the information system modelled by Bond-graphs are presented. The problem is clearly presented as follows: can the energetic point of view be applied to information systems? If so, is it possible to apply the bond-graph language to those systems?     

Quantum Computing and Information Extraction for Dynamical Quantum Systems

We discuss the simulation of complex dynamical systems on a quantum computer. We show that a quantum computer can be used to efficiently extract relevant physical information. It is possible to simulate the dynamical localization of classical chaos and extract the localization length with quadratic speed up with respect to any known classical computation. We can also compute with algebraic speed up the diffusion coefficient and the diffusion exponent, both in the regimes of Brownian and anomalous diffusion. Finally, we show that it is possible to extract the fidelity of the quantum motion, which measures the stability of the system under perturbations, with exponential speed up. The so-called quantum sawtooth map model is used as a test bench to illustrate these results. PACS: 03.67.Lx, 05.45.Mt     

Impact Metrics of Security Vulnerabilities: Analysis and Weighing

ABSTRACT

The number of vulnerabilities discovered and reported during the recent decades is enormous, making an improved ranking and prioritization of vulnerabilities’ severity a major issue for information technology (IT) management. Although several methodologies for ranking and scoring vulnerabilities have been proposed, the Common Vulnerability Scoring System (CVSS) is the open standard with wide acceptance from the information security community. Recently, the Weighted Impact Vulnerability Scoring System (WIVSS) has been proposed as an alternative scoring methodology, which assigns different weights to impact factors of vulnerability in order to achieve higher diversity of values and thus improvement in flexibility of ranking in comparison to CVSS. The purpose of this paper is to expand the idea of WIVSS by defining the sets of weights which provide higher diversity of values. For this reason, an algorithm that finds all the possible combinations of optimal weights within a specified range and under certain constrains is presented. The algorithm results in 14 different combinations of impact weights that are applied to a sample of 20,496 vulnerabilities and statistically analyzed for associations among impact factors. The results suggest that one specific combination of impact weights can achieve highest diversity of values.     

Verifying Object-based Graph Grammars

The development of concurrent and reactive systems is gaining importance since they are well-suited to modern computing platforms, such as the Internet. However, the development of correct concurrent and reactive systems is a non-trivial task. Object-based graph grammar (OBGG) is a visual formal language suitable for the specification of this class of systems. In previous work, a translation from OBGG to PROMELA (the input language of the SPIN model checker) was defined, enabling the verification of OBGG models using SPIN. In this paper we extend this approach in two different ways: (1) the approach for property specification is improved, enabling to prove properties not only about possible OBGG derivations, but also about the internal state of involved objects; (2) an approach is defined to interpret PROMELA races as OBGG derivations, generating graphical counter-examples for properties that are not true for a given OBGG model. Another contribution of this paper is (3) the definition of a method for model checking partial systems (isolated objects or a set of objects) using an assume-guarantee approach. A gas station system modeled with OBGGs is used to illustrate the contributions.This work is partially sponsored by projects IQ-MObile (CNPq-Brazil/CNR-Italy) and PLATUS (CNPq).Osmar Marchi dos Santos is partially sponsored by CAPES-Brazil.