| 1. |
- Aier, Stephan, et al.
(författare)
-
A Survival Analysis of Application Life Spans based on Enterprise Architecture Models
- 2009
-
Ingår i: Proc. 3rd International Workshop on Enterprise Modelling and Information Systems Architectures, EMISA 2009. ; , s. 141-154
-
Konferensbidrag (refereegranskat)abstract
- Modern enterprises face the challenge to survive in an ever changing environment. One commonly accepted means to address this challenge and further enhance survivability is enterprise architecture (EA) management, which provides a holistic model-based approach to business/IT alignment. Thereby, the decisions taken in the context of EA management are based on accurate documentation of IT systems and business processes. The maintenance of such documentation causes high investments for enter-prises, especially in the absence of information on the change rates of different systems and processes. In this paper we propose a method for gathering and analyzing such in-formation. The method is used to analyze the life spans of the application portfolio of three companies from different industry sectors. Based on the results of the three case studies implications and limitations of the method are discussed.
|
|
| 2. |
- Andreasson, Annika, et al.
(författare)
-
A Census of Swedish Government Administrative Authority Employee Communications on Cybersecurity during the COVID-19 Pandemic
- 2020
-
Ingår i: 2020 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining (ASONAM). - : IEEE.
-
Konferensbidrag (refereegranskat)abstract
- Cybersecurity is the backbone of a successful digitalization of society, and cyber situation awareness is an essential aspect of managing it. The COVID-19 pandemic has sped up an already ongoing digitalization of Swedish government agencies, but the cybersecurity maturity level varies across agencies. In this study, we conduct a census of Swedish government administrative authority communications on cybersecurity to employees at the beginning of the COVID-19 pandemic. The census shows that the employee communications in the beginning of the pandemic to a greater extent have focused on first-order risks, such as video meetings and telecommuting, rather than on second-order risks, such as invoice fraud or social engineering. We also find that almost two thirds of the administrative authorities have not yet implemented, but only initiated or documented, their cybersecurity policies.
|
|
| 3. |
- Andreasson, Annika, et al.
(författare)
-
A Census of Swedish Public Sector Employee Communication on Cybersecurity during the COVID-19 Pandemic
- 2021
-
Ingår i: Proceedings of the International Conference on Cyber Situational Awareness, Data Analytics and Assessment, CyberSA 2021. - : Institute of Electrical and Electronics Engineers (IEEE). ; , s. 1-8
-
Konferensbidrag (refereegranskat)abstract
- The COVID-19 pandemic has accelerated the digitalization of the Swedish public sector, and to ensure the success of this ongoing process cybersecurity plays an integral part. While Sweden has come far in digitalization, the maturity of cybersecurity work across entities covers a wide range. One way of improving cybersecurity is through communication, thereby enhancing employee cyber situation awareness. In this paper, we conduct a census of Swedish public sector employee communication on cybersecurity at the beginning of the COVID-19 pandemic using questionnaires. The study shows that public sector entities find the same sources of information useful for their cybersecurity work. We find that nearly two thirds of administrative authorities and almost three quarters of municipalities are not yet at the implemented cybersecurity level. We also find that 71 % of municipalities have less than one dedicated staff for cybersecurity.
|
|
| 4. |
- Axelsson, Jakob, et al.
(författare)
-
Towards the architecture of a decision support ecosystem for system component selection
- 2017
-
Ingår i: 11th Annual IEEE International Systems Conference, SysCon 2017 - Proceedings. - 9781509046225 - 9781509046232
-
Konferensbidrag (refereegranskat)abstract
- When developing complex software-intensive systems, it is nowadays common practice to base the solution partly on existing software components. Selecting which components to use becomes a critical decision in development, but it is currently not well supported through methods and tools. This paper discusses how a decision support system for this problem could benefit from a software ecosystem approach, where participants share knowledge across organizations both through reuse of analysis models, and through partially disclosed past decision cases. We show how the ecosystem architecture becomes fundamental to deal with efficient knowledge sharing, while respecting constraints on integrity of intellectual property. A concrete architecture proposal is outlined, which is a web-based distributed system-of-systems. Experiences of a proof-of-concept implementation are also described.
|
|
| 5. |
- Badampudi, Deepika, 1984-, et al.
(författare)
-
A decision-making process-line for selection of software asset origins and components
- 2018
-
Ingår i: Journal of Systems and Software. - : Elsevier Inc.. - 0164-1212 .- 1873-1228. ; 135, s. 88-104
-
Tidskriftsartikel (refereegranskat)abstract
- Selecting sourcing options for software assets and components is an important process that helps companies to gain and keep their competitive advantage. The sourcing options include: in-house, COTS, open source and outsourcing. The objective of this paper is to further refine, extend and validate a solution presented in our previous work. The refinement includes a set of decision-making activities, which are described in the form of a process-line that can be used by decision-makers to build their specific decision-making process. We conducted five case studies in three companies to validate the coverage of the set of decision-making activities. The solution in our previous work was validated in two cases in the first two companies. In the validation, it was observed that no activity in the proposed set was perceived to be missing, although not all activities were conducted and the activities that were conducted were not executed in a specific order. Therefore, the refinement of the solution into a process-line approach increases the flexibility and hence it is better in capturing the differences in the decision-making processes observed in the case studies. The applicability of the process-line was then validated in three case studies in a third company. © 2017 Elsevier Inc.
|
|
| 6. |
- Bahsi, Hayretdin, et al.
(författare)
-
The cyber-insurance market in Norway
- 2019
-
Ingår i: Information and Computer Security. - Bingley, West Yorkshire, England, UK : Emerald Group Publishing Limited. - 2056-4961. ; 28:1, s. 54-67
-
Tidskriftsartikel (refereegranskat)abstract
- PurposeThis paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.Design/methodology/approachThe study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.FindingsThe Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.Practical implicationsSome policy lessons for different stakeholders are identified.Originality/valueEmpirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.
|
|
| 7. |
- Barreto, Carlos, et al.
(författare)
-
Duopoly insurers’ incentives for data quality under a mandatory cyber data sharing regime
- 2023
-
Ingår i: Computers & security (Print). - : Elsevier Ltd. - 0167-4048 .- 1872-6208. ; 131
-
Tidskriftsartikel (refereegranskat)abstract
- We study the impact of data sharing policies on cyber insurance markets. These policies have been proposed to address the scarcity of data about cyber threats, which is essential to manage cyber risks. We propose a Cournot duopoly competition model in which two insurers choose the number of policies they offer (i.e., their production level) and also the resources they invest to ensure the quality of data regarding the cost of claims (i.e., the data quality of their production cost). We find that enacting mandatory data sharing sometimes creates situations in which at most one of the two insurers invests in data quality, whereas both insurers would invest when information sharing is not mandatory. This raises concerns about the merits of making data sharing mandatory.
|
|
| 8. |
- Besker, Terese, et al.
(författare)
-
Navigating the Cyber-Security Risks and Economics of System-of-Systems
- 2023
-
Ingår i: 2023 18th Annual System of Systems Engineering Conference, SoSe 2023. - : Institute of Electrical and Electronics Engineers Inc.. - 9798350327236
-
Konferensbidrag (refereegranskat)abstract
- Cybersecurity is an important concern in systems-of-systems (SoS), where the effects of cyber incidents, whether deliberate attacks or unintentional mistakes, can propagate from an individual constituent system (CS) throughout the entire SoS. Unfortunately, the security of an SoS cannot be guaranteed by separately addressing the security of each CS. Security must also be addressed at the SoS level. This paper reviews some of the most prominent cybersecurity risks within the SoS research field and combines this with the cyber and information security economics perspective. This sets the scene for a structured assessment of how various cyber risks can be addressed in different SoS architectures. More precisely, the paper discusses the effectiveness and appropriateness of five cybersecurity policy options in each of the four assessed SoS archetypes and concludes that cybersecurity risks should be addressed using both traditional design-focused and more novel policy-oriented tools.
|
|
| 9. |
- Birgersson, Marcus, 1988, et al.
(författare)
-
Data Integration Using Machine Learning
- 2016
-
Ingår i: Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOCW. - 1541-7719. ; 2016-September, s. 313-322, s. 313-322
-
Konferensbidrag (refereegranskat)abstract
- Today, enterprise integration and cross-enterprise collaboration is becoming evermore important. The Internet of things, digitization and globalization are pushing continuous growth in the integration market. However, setting up integration systems today is still largely a manual endeavor. Most probably, future integration will need to leverage more automation in order to keep up with demand. This paper presents a first version of a system that uses tools from artificial intelligence and machine learning to ease the integration of information systems, aiming to automate parts of it. Three models are presented and evaluated for precision and recall using data from real, past, integration projects. The results show that it is possible to obtain Fo.5 scores in the order of 80% for models trained on a particular kind of data, and in the order of 60%-70% for less specific models trained on a several kinds of data. Such models would be valuable enablers for integration brokers to keep up with demand, and obtain a competitive advantage. Future work includes fusing the results from the different models, and enabling continuous learning from an operational production system.
|
|
| 10. |
- Borg, Markus, et al.
(författare)
-
Digitalization of Swedish Government Agencies : Detailed Census Description and Analysis
- 2018
-
Rapport (övrigt vetenskapligt/konstnärligt)abstract
- Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.
|
|
