Change search
Link to record
Permanent link

Direct link
BETA
Alternative names
Publications (10 of 38) Show all publications
Wang, S. S. & Franke, U. (2020). Enterprise IT service downtime cost and risk transfer in a supply chain. Operations Management Research
Open this publication in new window or tab >>Enterprise IT service downtime cost and risk transfer in a supply chain
2020 (English)In: Operations Management Research, ISSN 1936-9735, E-ISSN 1936-9743Article in journal (Refereed) Epub ahead of print
Abstract [en]

In this paper we present an economic model for analyzing enterprise IT service downtime cost, first on a standalone basis and then in a supply chain setting. With a baseline probability model of Poisson arrival frequency with random downtime duration, we analyze optimal production of a firm’s investments in reducing frequency and duration of downtime, and corresponding premiums for insuring against downtime cost. We also present a model for the spillover effect of downtime for interconnected firms in a supply chain, and discuss how third-party insurance coverage can help enterprises to internalize the externalities of spillover effects on the supply chain.

Place, publisher, year, edition, pages
Springer, 2020
Keywords
Enterprise IT service, Downtime cost, Supply chain
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-43986 (URN)10.1007/s12063-020-00148-x (DOI)
Projects
DRISTIGCyRiM
Funder
Swedish Civil Contingencies Agency, 2015-6986
Available from: 2020-02-24 Created: 2020-02-24 Last updated: 2020-02-24Bibliographically approved
García Lozano, M., Brynielsson, J., Franke, U., Rosell, M., Tjörnhammar, E., Varga, S. & Vlassov, V. (2020). Veracity assessment of online data. Decision Support Systems, 129, Article ID 113132.
Open this publication in new window or tab >>Veracity assessment of online data
Show others...
2020 (English)In: Decision Support Systems, ISSN 0167-9236, E-ISSN 1873-5797, Vol. 129, article id 113132Article in journal (Refereed) Published
Abstract [en]

Fake news, malicious rumors, fabricated reviews, generated images and videos, are today spread at an unprecedented rate, making the task of manually assessing data veracity for decision-making purposes a daunting task. Hence, it is urgent to explore possibilities to perform automatic veracity assessment. In this work we review the literature in search for methods and techniques representing state of the art with regard to computerized veracity assessment. We study what others have done within the area of veracity assessment, especially targeted towards social media and open source data, to understand research trends and determine needs for future research. The most common veracity assessment method among the studied set of papers is to perform text analysis using supervised learning. Regarding methods for machine learning much has happened in the last couple of years related to the advancements made in deep learning. However, very few papers make use of these advancements. Also, the papers in general tend to have a narrow scope, as they focus on solving a small task with only one type of data from one main source. The overall veracity assessment problem is complex, requiring a combination of data sources, data types, indicators, and methods. Only a few papers take on such a broad scope, thus, demonstrating the relative immaturity of the veracity assessment domain. © 2019 The Authors

Place, publisher, year, edition, pages
Elsevier B.V., 2020
Keywords
Credibility, Data quality, Fake news, Online data, Social media, Veracity assessment, Decision making, Machine learning, Paper, Social networking (online), Deep learning
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-43403 (URN)10.1016/j.dss.2019.113132 (DOI)2-s2.0-85076227196 (Scopus ID)
Note

Funding details: Horizon 2020 Framework Programme, H2020, 832921; Funding details: Försvarsmakten; Funding details: Research and Development; Funding text 1: We gratefully acknowledge the help obtained from the librarian Alexis Wiklund, for performing the initial database literature searches. This work was supported by the Swedish Armed Forces’ research and development program and the European Union Horizon 2020 program (grant agreement no. 832921 ). Appendix A; Funding text 2: Supplementary data to this article can be found online at https://doi.org/10.1016/j.dss.2019.113132 . The supplementary data contains the full list of reviewed papers for this study. Marianela García Lozano is a senior scientist at the Swedish Defence Research Agency (FOI) since 2001. Her research interests include information and knowledge modeling, veracity assessment, software development in distributed systems, web mining, machine learning, and natural language processing. Marianela received her M.Sc. degree in Computer Science and Engineering in 2003 and her Licentiate degree in Electronic and Computer Systems in 2010 from the Royal Institute of Technology (KTH). Marianela’s licentiate thesis is on the topic of distributed systems. Joel Brynielsson is a research director at the Swedish Defence Research Agency (FOI) and an associate professor at the Royal Institute of Technology (KTH). He previously worked as an assistant professor at the Swedish Defence University. Joel is Docent (Habilitation) in Computer Science (2015), and holds a Ph.D. in Computer Science (2006) and an M.Sc. in Computer Science and Engineering (2000) from KTH. His research interests include uncertainty management, information fusion, probabilistic expert systems, the theory and practice of decision-making, command and control, operations research, game theory, web mining, privacy-preserving data mining, cyber security, and computer security education. He is the author or co-author of more than 150 papers and reports devoted to these subjects. Ulrik Franke is a senior researcher at Research Institutes of Sweden (RISE). Prior to joining RISE, he was a senior scientist at the Swedish Defence Research Agency (FOI). His research interests include IT service availability, enterprise architecture, cyber insurance, and cyber situational awareness. He received his M.Sc. and Ph.D. degrees in 2007 and 2012, respectively, both from the Royal Institute of Technology (KTH) in Stockholm, Sweden. Magnus Rosell is a scientist at the Swedish Defence Research Agency (FOI), where he manages a long-term research project on semi-automatic intelligence analysis. He previously worked at Recorded Future, a web intelligence company, where he designed and implemented essential parts of the core engine for extracting events from free text. Magnus holds a Ph.D. in Computer Science (2009) and an M.Sc. in Engineering Physics (2002) from the Royal Institute of Technology (KTH). His research interests include natural language processing, machine learning, data and web mining, decision support, and crisis management. Edward Tjörnhammar is a Ph.D. candidate at the Royal Institute of Technology (KTH) since 2015 and a research engineer at the Swedish Defence Research Agency (FOI) since 2006. His interests include distributed systems, data mining, and machine learning. Edward received his M.Sc. degree in Computer Science and Engineering in 2012 from the Royal Institute of Technology. Edward's master's thesis is on the topic of distributed systems. Stefan Varga Swedish Armed Forces, is a professional Ph.D. student (Computer Science) at the Royal Institute of Technology. Major (air force) Varga has worked in the military specialty fields of air surveillance, communications, and intelligence. He is an armed forces military specialist in command and control systems development. Stefan is a graduate from the Advanced Management Program at the Information Resources Management College of the U.S. National Defense University. He is a NATO cyber security professional trained by the U.S. Naval Post Graduate School and the NATO School Oberammergau, Germany. His research interests include cyber security, cyber situational awareness, and decision support. Vladimir Vlassov is a professor in Computer Systems at the Royal Institute of Technology (KTH) in Stockholm, Sweden. Prior to coming to KTH in 1993, he was an assistant and associate professor at the Electrotechnical University LETI of Saint Petersburg, Russia (19851993). He was a visiting scientist at MIT (1998), and a researcher at the University of Massachusetts Amherst (2004). Vladimir has co-authored more than 150 research papers. His research interests include big data analytics, data-intensive computing, autonomic computing, and distributed and parallel computing.

Available from: 2020-01-31 Created: 2020-01-31 Last updated: 2020-01-31Bibliographically approved
Välja, M., Lagerström, R., Franke, U. & Ericsson, G. (2019). A Framework for Automatic IT Architecture Modeling: Applying Truth Discovery. Complex Systems Informatics and Modeling Quarterly (20), 20-56, Article ID 116.
Open this publication in new window or tab >>A Framework for Automatic IT Architecture Modeling: Applying Truth Discovery
2019 (English)In: Complex Systems Informatics and Modeling Quarterly, E-ISSN 2255-9922, no 20, p. 20-56, article id 116Article in journal (Refereed) Published
Abstract [en]

Modeling IT architecture is a complex, time consuming, and error prone task. However, many systems produce information that can be used for automating modeling. Early studies show that this is a feasible approach if we can overcome certain obstacles. Often more than one source is needed in order to cover the data requirements of an IT architecture model; and the use of multiple sources means that heterogeneous data needs to be merged. Moreover, the same collection of data might be useful for creating more than one kind of models for decision support. IT architecture is constantly changing and data sources provide information that can deviate from reality to some degree. There can be problems with varying accuracy (e.g. actuality and coverage), representation (e.g. data syntax and file format), or inconsistent semantics. Thus, integration of heterogeneous data from different sources needs to handle data quality problems of the sources. This can be done by using probabilistic models. In the field of truth discovery, these models have been developed to track data source trustworthiness in order to help solving conflicts while making quality issues manageable for automatic modeling. We build upon previous research in modeling automation and propose a framework for merging data from multiple sources with a truth discovery algorithm to create multiple IT architecture models. The usefulness of the proposed framework is demonstrated in a study where models using three tools are created, namely; Archi, securiCAD, and EMFTA.

Keywords
IT Architecture Modeling; System Modeling; Automatic Data Collection; Automatic Modeling
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-40904 (URN)10.7250/csimq.2019-20.02 (DOI)
Funder
EU, FP7, Seventh Framework Programme, 607109
Available from: 2019-12-04 Created: 2019-12-04 Last updated: 2020-01-30Bibliographically approved
Franke, U. & Meland, P. H. (2019). Demand side expectations of cyber insurance. In: : . Paper presented at IEEE Cyber Science 2019 June 3-4, 2019 University of Oxford, UK.
Open this publication in new window or tab >>Demand side expectations of cyber insurance
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Cyber insurance has attracted much attention fromboth practitioners, policymakers and academics in the past fewyears. However, it also faces some challenges before it can reachits full potential as a tool for better cyber risk management. Onesuch challenge is the gap between what customers expect andwhat insurers really offer.

This paper investigates this gap empirically, based on interviewswith informant companies in Norway and Sweden consideringcyber insurance. The expectations expressed in the interviewsare compared to anonymized incident claims reports and claimsstatistics for 2018 from a global insurance intermediary.

The results show no obvious pattern of discrepancies betweendifferent domains. However, informant expectations on businessinterruption coverage are much greater than one would expectfrom its share of claims. In this respect, informant expectationson business interruption coverage are more aligned with somerecently published scenarios on possible major business interruptions.

Keywords
cyber insurance, company expectations, cyber claims data, cyber coverage, threats
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-39899 (URN)10.1109/CyberSA.2019.8899685 (DOI)2-s2.0-85075864627 (Scopus ID)
Conference
IEEE Cyber Science 2019 June 3-4, 2019 University of Oxford, UK
Projects
DRISTIG
Funder
Swedish Civil Contingencies Agency, 2015-6986
Available from: 2019-09-13 Created: 2019-09-13 Last updated: 2020-02-04Bibliographically approved
Olsson, T. & Franke, U. (2019). Introduction to Service Level Agreements.
Open this publication in new window or tab >>Introduction to Service Level Agreements
2019 (English)Report (Other academic)
Abstract [en]

Modern industrial production environments are rapidly transforming.Concepts such as smart industry and Industry 4.0 encompass many expectations onhow digital technology can improve industrial plants. Some strands are betteralgorithms for robotics, better situational awareness through ubiquitous RFID,fewer production interruptions through smarter predictive maintenance, and moreagile production lines enabling greater customization of products. Many of theseideas depend on reliable access to IT services such computing power and dataavailability. If these falters, the benefits will not materialize. Therefore,it is crucial to study the Service Level Agreements (SLAs) that are used toregulate such services.

Publisher
p. 12
Series
RISE Rapport
Keywords
Service Level Agreements; Cyber-physical systems; PIMM DMA
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-37833 (URN)978-91-88907-49-3 (ISBN)
Available from: 2019-02-28 Created: 2019-02-28 Last updated: 2020-01-30Bibliographically approved
Franke, U. (2019). Kunskap är militärmakt. Kungl Krigsvetenskapsakademiens Handlingar och Tidskrift (3), 36-44
Open this publication in new window or tab >>Kunskap är militärmakt
2019 (Swedish)In: Kungl Krigsvetenskapsakademiens Handlingar och Tidskrift, ISSN 0023-5369, no 3, p. 36-44Article in journal (Other academic) Published
Abstract [en]

This essay explores notions of knowledge and intelligence in war, with a particular emphasis on knowledge about knowledge. It is argued that such second order knowledge deserves more attention in military training and education, especially in the context of maneuver warfare. More precisely, information operations within the maneuver warfare paradigm largely aim to present or withhold (second order) knowledge to the enemy in order to gain an advantage. This is elaborated using cultural and historical examples. Furthermore, the relevance of flaws and biases in human cognition and decision-making in war are discussed. In particular, it is argued that while tactical decision-making can be much improved upon through training and exercises, it is more difficult to train experts in strategic decision-making. The article is concluded with some reflections and recommendations for how to improve military training and education.

Place, publisher, year, edition, pages
Stockholm: Kungl Krigsvetenskapsakademien, 2019
National Category
Social Sciences
Identifiers
urn:nbn:se:ri:diva-40595 (URN)
Available from: 2019-11-01 Created: 2019-11-01 Last updated: 2020-01-30Bibliographically approved
Olsson, T. & Franke, U. (2019). Risks and assets: A qualitative study of a software ecosystem in the mining industry. In: ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering: . Paper presented at 27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, 26 August 2019 through 30 August 2019 (pp. 895-904). Association for Computing Machinery, Inc
Open this publication in new window or tab >>Risks and assets: A qualitative study of a software ecosystem in the mining industry
2019 (English)In: ESEC/FSE 2019 - Proceedings of the 2019 27th ACM Joint Meeting European Software Engineering Conference and Symposium on the Foundations of Software Engineering, Association for Computing Machinery, Inc , 2019, p. 895-904Conference paper, Published paper (Refereed)
Abstract [en]

Digitalization and servitization are impacting many domains, including the mining industry. As the equipment becomes connected and technical infrastructure evolves, business models and risk management need to adapt. In this paper, we present a study on how changes in asset and risk distribution are evolving for the actors in a software ecosystem (SECO) and system-of-systems (SoS) around a mining operation. We have performed a survey to understand how Service Level Agreements (SLAs) - a common mechanism for managing risk - are used in other domains. Furthermore, we have performed a focus group study with companies. There is an overall trend in the mining industry to move the investment cost (CAPEX) from the mining operator to the vendors. Hence, the mining operator instead leases the equipment (as operational expense, OPEX) or even acquires a service. This change in business model impacts operation, as knowledge is moved from the mining operator to the suppliers. Furthermore, as the infrastructure becomes more complex, this implies that the mining operator is more and more reliant on the suppliers for the operation and maintenance. As this change is still in an early stage, there is no formalized risk management, e.g. through SLAs, in place. Rather, at present, the companies in the ecosystem rely more on trust and the incentives created by the promise of mutual future benefits of innovation activities. We believe there is a need to better understand how to manage risk in SECO as it is established and evolves. At the same time, in a SECO, the focus is on cooperation and innovation, the companies do not have incentives to address this unless there is an incident. Therefore, industry need, we believe, help in systematically understanding risk and defining quality aspects such as reliability and performance in the new business environment.

Place, publisher, year, edition, pages
Association for Computing Machinery, Inc, 2019
Keywords
Case study, Risk Management, Service Level Agreement, Software ecosystem, Survey, Ecosystems, Investments, Quality of service, Risks, Software engineering, Surveying, Surveys, Systems engineering, Business environments, Formalized risk management, Operation and maintenance, Operational expense, Service level agreement (SLAs), Service Level Agreements, Software ecosystems, Technical infrastructure
National Category
Natural Sciences
Identifiers
urn:nbn:se:ri:diva-39923 (URN)10.1145/3338906.3340443 (DOI)2-s2.0-85071940101 (Scopus ID)9781450355728 (ISBN)
Conference
27th ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering, ESEC/FSE 2019, 26 August 2019 through 30 August 2019
Available from: 2019-10-17 Created: 2019-10-17 Last updated: 2020-01-30Bibliographically approved
Olsson, T., Hell, M., Höst, M., Franke, U. & Borg, M. (2019). Sharing of vulnerability information amongcompanies: a survey of Swedish companies. In: : . Paper presented at Euromicro Conference on Software Engineering and Advanced Applications 2019, August 28-30, 2019 Kallithea, Chalkidiki, Greece.
Open this publication in new window or tab >>Sharing of vulnerability information amongcompanies: a survey of Swedish companies
Show others...
2019 (English)Conference paper, Published paper (Refereed)
Abstract [en]

Software products are rarely developed from scratch and vulnerabilities in such products might reside in parts that are either open source software or provided by another organization. Hence, the total cybersecurity of a product often depends on cooperation, explicit or implicit, between several organizations. We study the attitudes and practices of companies in software ecosystems towards sharing vulnerability information. Furthermore, we compare these practices to contemporary cybersecurity recommendations. This is performed through a questionnaire-based qualitative survey. The questionnaire is divided into two parts: the providers' perspective and the acquirers' perspective. The results show that companies are willing to share information with each other regarding vulnerabilities. Sharing is not considered to be harmful neither to the cybersecurity nor their business, even though a majority of the respondents consider vulnerability information sensitive. However, the companies, despite being open to sharing, are less inclined to proactively sharing vulnerability information. Furthermore, the providers do not perceive that there is a large interest in vulnerability information from their customers. Hence, the companies' overall attitude to sharing vulnerability information is passive but open. In contrast, contemporary cybersecurity guidelines recommend active disclosure and sharing among actors in an ecosystem.

National Category
Engineering and Technology
Identifiers
urn:nbn:se:ri:diva-40577 (URN)
Conference
Euromicro Conference on Software Engineering and Advanced Applications 2019, August 28-30, 2019 Kallithea, Chalkidiki, Greece
Available from: 2019-10-22 Created: 2019-10-22 Last updated: 2020-01-30Bibliographically approved
Bahsi, H., Franke, U. & Langfeldt Friberg, E. (2019). The cyber-insurance market in Norway. Information and Computer Security
Open this publication in new window or tab >>The cyber-insurance market in Norway
2019 (English)In: Information and Computer Security, E-ISSN 2056-4961Article in journal (Refereed) Epub ahead of print
Abstract [en]

Purpose

This paper aims to describe the cyber-insurance market in Norway but offers conclusions that are interesting to a wider audience.

Design/methodology/approach

The study is based on semi-structured interviews with supply-side actors: six general insurance companies, one marine insurance company and two insurance intermediaries.

Findings

The Norwegian cyber-insurance market supply-side has grown significantly in the past two years. The General Data Protection Regulation (GDPR) is found to have had a modest effect on the market so far but has been used by the supply-side as an icebreaker to discuss cyber-insurance with customers. The NIS Directive has had little or no impact on the Norwegian cyber-insurance market until now. Informants also indicate that Norway is still the least mature of the four Nordic markets.

Practical implications

Some policy lessons for different stakeholders are identified.

Originality/value

Empirical investigation of cyber-insurance is still rare, and the paper offers original insights on market composition and actor motivations, ambiguity of coverage, the NIS Directive and GDPR.

Place, publisher, year, edition, pages
Bingley, West Yorkshire, England, UK: Emerald Group Publishing Limited, 2019
Keywords
cyber-insurance, Norway, NIS Directive, GDPR, insurance coverage, insurance adoption
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-40584 (URN)10.1108/ICS-01-2019-0012 (DOI)2-s2.0-85074435548 (Scopus ID)
Projects
DRISTIG
Funder
Swedish Civil Contingencies Agency, 2015-6986
Note

License CC BY-NC 4.0

Available from: 2019-10-24 Created: 2019-10-24 Last updated: 2020-02-04Bibliographically approved
Franke, U. (2019). Towards Increased Transparency in Digital Insurance. ERCIM News (116), 23-24
Open this publication in new window or tab >>Towards Increased Transparency in Digital Insurance
2019 (English)In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, no 116, p. 23-24Article in journal (Refereed) Published
Abstract [en]

Automated decision-making has the potential to increase both productivity and competitiveness as well as compensate for well-known human biases and cognitive flaws [1]. But today’s powerful machine-learning based technical solutions also bring about problems of their own – not least in terms of being uncomfortably black-box like. A new research project at RISE Research Institutes of Sweden, in collaboration with KTH Royal Institute of Technology, has recently been set up to study transparency in the insurance industry, a sector that is poised to undergo technological disruption.

Place, publisher, year, edition, pages
Sophia-Antipolis Cedex, France: , 2019
National Category
Computer and Information Sciences
Identifiers
urn:nbn:se:ri:diva-37580 (URN)
Projects
Transparenta algoritmer i försäkringsbranschen (TALFÖR)
Funder
Länsförsäkringar AB, P4/18
Available from: 2019-01-24 Created: 2019-01-24 Last updated: 2020-01-30Bibliographically approved
Organisations
Identifiers
ORCID iD: ORCID iD iconorcid.org/0000-0003-2017-7914

Search in DiVA

Show all publications
v. 2.35.10