Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and mo... more Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and models are used to implement BIS, but these are perceived as complex and hard to maintain. Most companies still use spreadsheets to design, direct and monitor their information security improvement plans. Regulators too use spreadsheets for supervision. This paper reflects on ten years of Design Science Research (DSR) on BIS and describes the design and engineering of an artefact which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via an integrated dash-boarding and reporting tool. Three cases are presented to illustrate the way the artefact, of which the realisation is called the Securimeter, works. The paper concludes with an in-depth comparison study acknowledging 91% of the core BIS requirements being present in the artefact.
The Standish Group started in 1985 in the business of IT market forecasts and predictions using A... more The Standish Group started in 1985 in the business of IT market forecasts and predictions using Artificial Intelligence and cased-based reasoning technology. In 1994, we turned to predicting project outcomes, improving software development, and building a world-class database. Standish’s cumulative research encompasses 22 years of data on why projects succeed or fail, representing more than 50,000 active completed IT projects. In this paper we clarify how we got here, where we are, and how academia next to practitioners can be part of the next stage of the CHAOS journey. The vehicle that drives our journey is the CHAOS University System.
The Standish Group started in 1985 in the business of IT market forecasts and predictions using A... more The Standish Group started in 1985 in the business of IT market forecasts and predictions using Artificial Intelligence and cased-based reasoning technology. In 1994, we turned to predicting project outcomes, improving software development, and building a world-class database. Standish’s cumulative research encompasses 22 years of data on why projects succeed or fail, representing more than 50,000 active completed IT projects. In this paper we clarify how we got here, where we are, and how academia next to practitioners can be part of the next stage of the CHAOS journey. The vehicle that drives our journey is the CHAOS University System.
Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not i... more Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not in the mainstream of Information Systems Development (ISD). With use of a comparative evaluation of LAP theory and DEMO theory, the implication of DEMO's reflection upon LAP is determined. The paper concludes by outlining an agenda for further research if LAP is to improve its footprint in the field.
Business Strategy and Applications in Enterprise IT Governance
Most information security methodologies are aimed at large enterprise organizations with a top-do... more Most information security methodologies are aimed at large enterprise organizations with a top-down structure, while relatively smaller organizations have insufficient knowledge to adopt this methodology. Most of the frameworks used by enterprises focus on high-level policy-making and the overwhelming amount of controls might suffocate practitioners in smaller organizations. This article examines the results of an exploratory study, performed in the Netherlands in Q1&Q2 of 2010. The study used expert panel research followed by a survey. The research found essential interventions to easily and effectively increase security maturity for mid market organizations. The research also found barriers for not implementing these interventions by the midmarket. This paper provides a minimum core set of practices for organizations. It shows that mid market organizations struggle with implementing relevant interventions. This research contributes a new pragmatic approach to assist mid market org...
International Journal of Cooperative Information Systems, 2018
Lack of shared understanding among stakeholders is a commonly cited drawback in enterprise archit... more Lack of shared understanding among stakeholders is a commonly cited drawback in enterprise architecture development. Stakeholders need to have shared understanding of requirements and principles for an enterprise architecture, and the extent to which the resultant architecture addresses their concerns. However, existing approaches for enterprise architecture development lack adequate capabilities for managing aspects associated with creating shared understanding among stakeholders. Although such aspects can be largely managed by approaches for collaborative decision making and soft systems thinking, these approaches lack details on the enterprise architecture process and its products. Therefore, this paper explores ways of mutually diminishing these gaps through adopting situational method engineering, to guide the development of a situational method for enabling stakeholders to acquire shared understanding of requirements for an enterprise architecture. The situational method prese...
Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and mo... more Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and models are used to implement BIS, but these are perceived as complex and hard to maintain. Most companies still use spreadsheets to design, direct and monitor their information security improvement plans. Regulators too use spreadsheets for supervision. This paper reflects on ten years of Design Science Research (DSR) on BIS and describes the design and engineering of an artefact which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via an integrated dash-boarding and reporting tool. Three cases are presented to illustrate the way the artefact, of which the realisation is called the Securimeter, works. The paper concludes with an in-depth comparison study acknowledging 91% of the core BIS requirements being present in the artefact.
This paper investigates whether Enterprise Ontology is instrumental in modelling global IT Servic... more This paper investigates whether Enterprise Ontology is instrumental in modelling global IT Service Management processes to enable the quantitative minimization of their ecological impact. These processes can become extremely complex, especially in global operational environments. This complexity is due to several factors, such as the numbers of involved organizations, people and different working procedures, but also of deliverables and tasks that are within scope. Additionally, a high pace of change can also add to the challenge of managing IT Service Management processes. As ecology and sustainability are becoming more and more important, Green IT Service Management which aim it is to minimize the ecological impact of IT Service Management, is introduced. For this purpose, it is necessary to apply process models that describe the operational reality accurately, but that also enable quantification and minimization of the related ecological impact. In this context, the question is e...
Evolution and Challenges in System Development, 1999
Since the mid-1950’s, the field of information systems development (ISD) has produced an impressi... more Since the mid-1950’s, the field of information systems development (ISD) has produced an impressive body of literature in which several methods and information modelling approaches have been proposed. In recent years we observe that more emphasis is put on designing information systems based on business modelling approaches. After a comparison of these two classes of modelling approaches a case study is introduced to illustrate the differences. The case study is modelled with Yourdons Structured Method as a representative of the class of information modelling approaches and with the DEMO method as a representative of the class of business modelling approaches. We conclude this paper by reporting on some theoretical and practical differences between information and business modelling for ISD and the resulting information systems.
Lecture Notes in Business Information Processing, 2009
Recently, business processes are receiving more attention as process-centric representations of a... more Recently, business processes are receiving more attention as process-centric representations of an enterprise. This paper focuses on the Business Process Modeling Notation (BPMN), that is becoming an industry standard. However, BPMN has some drawbacks such as the lack of formal semantics, limited potential for verification, and ambiguous description of the constructs. Also the ontology used to model is mostly kept
Abstract. The field of communicative action-based modelling of business pro-cesses and informatio... more Abstract. The field of communicative action-based modelling of business pro-cesses and information systems has attracted more and more attention in recent years. Inspired by the seminal work of Winograd and Flores, researchers have proposed several modelling approaches. In ...
Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not i... more Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not in the mainstream of Information Systems Development (ISD). Since at present there is only a limited understanding of LAP theory and practice, it remains unclear whether the lack of LAP's impact is due to shortcomings in LAP theory itself. One classic problem within ISD is the dichotomy between social perspectives and technical perspectives. LAP claims it offers a solution to this problem. This paper investigates this claim as a means to review LAP theory. To provide a structure to a critical analysis of DEMO -an example methodology that belongs to the LAP research community -this paper utilizes a paradigmatic framework. This framework is augmented by the opinion of several DEMO practitioners by means of an expert discussion. With use of a comparative evaluation of LAP theory and DEMO theory, the implication of DEMO's reflection upon LAP is determined. The paper concludes by out...
'Organizational transformation' is a term referring collectively to such activities as ... more 'Organizational transformation' is a term referring collectively to such activities as re-engineering, redesigning and redefining business systems. The dominant enabling technology in transforming organizations is information and communication technology. The ...
Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and mo... more Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and models are used to implement BIS, but these are perceived as complex and hard to maintain. Most companies still use spreadsheets to design, direct and monitor their information security improvement plans. Regulators too use spreadsheets for supervision. This paper reflects on ten years of Design Science Research (DSR) on BIS and describes the design and engineering of an artefact which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via an integrated dash-boarding and reporting tool. Three cases are presented to illustrate the way the artefact, of which the realisation is called the Securimeter, works. The paper concludes with an in-depth comparison study acknowledging 91% of the core BIS requirements being present in the artefact.
The Standish Group started in 1985 in the business of IT market forecasts and predictions using A... more The Standish Group started in 1985 in the business of IT market forecasts and predictions using Artificial Intelligence and cased-based reasoning technology. In 1994, we turned to predicting project outcomes, improving software development, and building a world-class database. Standish’s cumulative research encompasses 22 years of data on why projects succeed or fail, representing more than 50,000 active completed IT projects. In this paper we clarify how we got here, where we are, and how academia next to practitioners can be part of the next stage of the CHAOS journey. The vehicle that drives our journey is the CHAOS University System.
The Standish Group started in 1985 in the business of IT market forecasts and predictions using A... more The Standish Group started in 1985 in the business of IT market forecasts and predictions using Artificial Intelligence and cased-based reasoning technology. In 1994, we turned to predicting project outcomes, improving software development, and building a world-class database. Standish’s cumulative research encompasses 22 years of data on why projects succeed or fail, representing more than 50,000 active completed IT projects. In this paper we clarify how we got here, where we are, and how academia next to practitioners can be part of the next stage of the CHAOS journey. The vehicle that drives our journey is the CHAOS University System.
Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not i... more Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not in the mainstream of Information Systems Development (ISD). With use of a comparative evaluation of LAP theory and DEMO theory, the implication of DEMO's reflection upon LAP is determined. The paper concludes by outlining an agenda for further research if LAP is to improve its footprint in the field.
Business Strategy and Applications in Enterprise IT Governance
Most information security methodologies are aimed at large enterprise organizations with a top-do... more Most information security methodologies are aimed at large enterprise organizations with a top-down structure, while relatively smaller organizations have insufficient knowledge to adopt this methodology. Most of the frameworks used by enterprises focus on high-level policy-making and the overwhelming amount of controls might suffocate practitioners in smaller organizations. This article examines the results of an exploratory study, performed in the Netherlands in Q1&Q2 of 2010. The study used expert panel research followed by a survey. The research found essential interventions to easily and effectively increase security maturity for mid market organizations. The research also found barriers for not implementing these interventions by the midmarket. This paper provides a minimum core set of practices for organizations. It shows that mid market organizations struggle with implementing relevant interventions. This research contributes a new pragmatic approach to assist mid market org...
International Journal of Cooperative Information Systems, 2018
Lack of shared understanding among stakeholders is a commonly cited drawback in enterprise archit... more Lack of shared understanding among stakeholders is a commonly cited drawback in enterprise architecture development. Stakeholders need to have shared understanding of requirements and principles for an enterprise architecture, and the extent to which the resultant architecture addresses their concerns. However, existing approaches for enterprise architecture development lack adequate capabilities for managing aspects associated with creating shared understanding among stakeholders. Although such aspects can be largely managed by approaches for collaborative decision making and soft systems thinking, these approaches lack details on the enterprise architecture process and its products. Therefore, this paper explores ways of mutually diminishing these gaps through adopting situational method engineering, to guide the development of a situational method for enabling stakeholders to acquire shared understanding of requirements for an enterprise architecture. The situational method prese...
Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and mo... more Implementing and maintaining Business Information Security (BIS) is cumbersome. Frameworks and models are used to implement BIS, but these are perceived as complex and hard to maintain. Most companies still use spreadsheets to design, direct and monitor their information security improvement plans. Regulators too use spreadsheets for supervision. This paper reflects on ten years of Design Science Research (DSR) on BIS and describes the design and engineering of an artefact which can emancipate boards from silo-based spreadsheet management and improve their visibility, control and assurance via an integrated dash-boarding and reporting tool. Three cases are presented to illustrate the way the artefact, of which the realisation is called the Securimeter, works. The paper concludes with an in-depth comparison study acknowledging 91% of the core BIS requirements being present in the artefact.
This paper investigates whether Enterprise Ontology is instrumental in modelling global IT Servic... more This paper investigates whether Enterprise Ontology is instrumental in modelling global IT Service Management processes to enable the quantitative minimization of their ecological impact. These processes can become extremely complex, especially in global operational environments. This complexity is due to several factors, such as the numbers of involved organizations, people and different working procedures, but also of deliverables and tasks that are within scope. Additionally, a high pace of change can also add to the challenge of managing IT Service Management processes. As ecology and sustainability are becoming more and more important, Green IT Service Management which aim it is to minimize the ecological impact of IT Service Management, is introduced. For this purpose, it is necessary to apply process models that describe the operational reality accurately, but that also enable quantification and minimization of the related ecological impact. In this context, the question is e...
Evolution and Challenges in System Development, 1999
Since the mid-1950’s, the field of information systems development (ISD) has produced an impressi... more Since the mid-1950’s, the field of information systems development (ISD) has produced an impressive body of literature in which several methods and information modelling approaches have been proposed. In recent years we observe that more emphasis is put on designing information systems based on business modelling approaches. After a comparison of these two classes of modelling approaches a case study is introduced to illustrate the differences. The case study is modelled with Yourdons Structured Method as a representative of the class of information modelling approaches and with the DEMO method as a representative of the class of business modelling approaches. We conclude this paper by reporting on some theoretical and practical differences between information and business modelling for ISD and the resulting information systems.
Lecture Notes in Business Information Processing, 2009
Recently, business processes are receiving more attention as process-centric representations of a... more Recently, business processes are receiving more attention as process-centric representations of an enterprise. This paper focuses on the Business Process Modeling Notation (BPMN), that is becoming an industry standard. However, BPMN has some drawbacks such as the lack of formal semantics, limited potential for verification, and ambiguous description of the constructs. Also the ontology used to model is mostly kept
Abstract. The field of communicative action-based modelling of business pro-cesses and informatio... more Abstract. The field of communicative action-based modelling of business pro-cesses and information systems has attracted more and more attention in recent years. Inspired by the seminal work of Winograd and Flores, researchers have proposed several modelling approaches. In ...
Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not i... more Despite offering several promising concepts, the Language/Action Perspective (LAP) is still not in the mainstream of Information Systems Development (ISD). Since at present there is only a limited understanding of LAP theory and practice, it remains unclear whether the lack of LAP's impact is due to shortcomings in LAP theory itself. One classic problem within ISD is the dichotomy between social perspectives and technical perspectives. LAP claims it offers a solution to this problem. This paper investigates this claim as a means to review LAP theory. To provide a structure to a critical analysis of DEMO -an example methodology that belongs to the LAP research community -this paper utilizes a paradigmatic framework. This framework is augmented by the opinion of several DEMO practitioners by means of an expert discussion. With use of a comparative evaluation of LAP theory and DEMO theory, the implication of DEMO's reflection upon LAP is determined. The paper concludes by out...
'Organizational transformation' is a term referring collectively to such activities as ... more 'Organizational transformation' is a term referring collectively to such activities as re-engineering, redesigning and redefining business systems. The dominant enabling technology in transforming organizations is information and communication technology. The ...
Uploads