Change search
Refine search result
1 - 31 of 31
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
Rows per page
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sort
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
  • Standard (Relevance)
  • Author A-Ö
  • Author Ö-A
  • Title A-Ö
  • Title Ö-A
  • Publication type A-Ö
  • Publication type Ö-A
  • Issued (Oldest first)
  • Issued (Newest first)
  • Created (Oldest first)
  • Created (Newest first)
  • Last updated (Oldest first)
  • Last updated (Newest first)
  • Disputation date (earliest first)
  • Disputation date (latest first)
Select
The maximal number of hits you can export is 250. When you want to export more records please use the Create feeds function.
  • 1.
    Axelsson, Jakob
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Carlson, Jan
    Mälardalen University, Sweden.
    Sentilles, Severine
    Mälardalen University, Sweden.
    Cicchetti, Antonio
    Mälardalen University, Sweden.
    Towards the architecture of a decision support ecosystem for system component selection2017In: 11th Annual IEEE International Systems Conference, SysCon 2017 - Proceedings, 2017Conference paper (Refereed)
    Abstract [en]

    When developing complex software-intensive systems, it is nowadays common practice to base the solution partly on existing software components. Selecting which components to use becomes a critical decision in development, but it is currently not well supported through methods and tools. This paper discusses how a decision support system for this problem could benefit from a software ecosystem approach, where participants share knowledge across organizations both through reuse of analysis models, and through partially disclosed past decision cases. We show how the ecosystem architecture becomes fundamental to deal with efficient knowledge sharing, while respecting constraints on integrity of intellectual property. A concrete architecture proposal is outlined, which is a web-based distributed system-of-systems. Experiences of a proof-of-concept implementation are also described.

  • 2.
    Badampudi, Deepika
    et al.
    Blekinge Institute of Technology, Sweden.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Sweden.
    Wohlin, Claes
    Blekinge Institute of Technology, Sweden.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Smite, Darja
    Blekinge Institute of Technology, Sweden.
    Cicchetti, Antonio
    Mälardalen University, Sweden.
    A decision-making process-line for selection of software asset origins and components2018In: Journal of Systems and Software, ISSN 0164-1212, E-ISSN 1873-1228, Vol. 135, no January, p. 88-104Article in journal (Refereed)
    Abstract [en]

    Selecting sourcing options for software assets and components is an important process that helps companies to gain and keep their competitive advantage. The sourcing options include: in-house, COTS, open source and outsourcing. The objective of this paper is to further refine, extend and validate a solution presented in our previous work. The refinement includes a set of decision-making activities, which are described in the form of a process-line that can be used by decision-makers to build their specific decision-making process. We conducted five case studies in three companies to validate the coverage of the set of decision-making activities. The solution in our previous work was validated in two cases in the first two companies. In the validation, it was observed that no activity in the proposed set was perceived to be missing, although not all activities were conducted and the activities that were conducted were not executed in a specific order. Therefore, the refinement of the solution into a process-line approach increases the flexibility and hence it is better in capturing the differences in the decision-making processes observed in the case studies. The applicability of the process-line was then validated in three case studies in a third company

  • 3.
    Birgersson, Marcus
    et al.
    Chalmers University of Technology, Sweden; ICore Solutions, Sweden.
    Hansson, Gustav
    Chalmers University of Technology, Sweden; ICore Solutions, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Data Integration Using Machine Learning2016In: 2016 IEEE 20th International Enterprise Distributed Object Computing Workshop (EDOCW), 2016, p. 313-322, article id 7584357Conference paper (Refereed)
    Abstract [en]

    Today, enterprise integration and cross-enterprise collaboration is becoming evermore important. The Internet of things, digitization and globalization are pushing continuous growth in the integration market. However, setting up integration systems today is still largely a manual endeavor. Most probably, future integration will need to leverage more automation in order to keep up with demand. This paper presents a first version of a system that uses tools from artificial intelligence and machine learning to ease the integration of information systems, aiming to automate parts of it. Three models are presented and evaluated for precision and recall using data from real, past, integration projects. The results show that it is possible to obtain F0.5 scores in the order of 80% for models trained on a particular kind of data, and in the order of 60%-70% for less specific models trained on a several kinds of data. Such models would be valuable enablers for integration brokers to keep up with demand, and obtain a competitive advantage. Future work includes fusing the results from the different models, and enabling continuous learning from an operational production system.

  • 4.
    Borg, Markus
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Olsson, Thomas
    RISE - Research Institutes of Sweden, ICT, SICS.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Assar, Saïd
    IMT Business School, France.
    Digitalization of Swedish Government Agencies: A Perspective Through the Lens of a Software Development Census2018In: Proceedings of the 40th International Conference on Software Engineering: Software Engineering in Society, 2018, p. 37-46Conference paper (Refereed)
    Abstract [en]

    Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.

  • 5.
    Borg, Markus
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Olsson, Thomas
    RISE - Research Institutes of Sweden, ICT, SICS.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Assar, Saïd
    IMT Business School, Sweden.
    Digitalization of Swedish Government Agencies: Detailed Census Description and Analysis2018Report (Other academic)
    Abstract [en]

    Software engineering is at the core of the digitalization of society. Ill-informed decisions can have major consequences, as made evident in the 2017 government crisis in Sweden, originating in a data breach caused by an outsourcing deal made by the Swedish Transport Agency. Many Government Agencies (GovAgs) in Sweden are rapidly undergoing a digital transition, thus it is important to overview how widespread, and mature, software development is in this part of the public sector. We present a software development census of Swedish GovAgs, complemented by document analysis and a survey. We show that 39.2% of the GovAgs develop software internally, some matching the number of developers in large companies. Our findings suggest that the development largely resembles private sector counterparts, and that established best practices are implemented. Still, we identify improvement potential in the areas of strategic sourcing, openness, collaboration across GovAgs, and quality requirements. The Swedish Government has announced the establishment of a new digitalization agency next year, and our hope is that the software engineering community will contribute its expertise with a clear voice.

  • 6.
    Brynielsson, Joel
    et al.
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Adnan Tariq, Muhammad
    KTH Royal Institute of Technology, Sweden.
    Varga, Stefan
    KTH Royal Institute of Technology, Sweden.
    Using cyber defense exercises to obtain additional data for attacker profiling2016In: 2016 IEEE Conference on Intelligence and Security Informatics (ISI), 2016, p. 37-42Conference paper (Refereed)
    Abstract [en]

    In order to be able to successfully defend an IT system it is useful to have an accurate appreciation of the cyber threat that goes beyond stereotypes. To effectively counter potentially decisive and skilled attackers it is necessary to understand, or at least model, their behavior. Although the real motives for untraceable anonymous attackers will remain a mystery, a thorough understanding of their observable actions can still help to create well-founded attacker profiles that can be used to design effective countermeasures and in other ways enhance cyber defense efforts. In recent work empirically founded attacker profiles, so-called attacker personas, have been used to assess the overall threat situation for an organization. In this paper we elaborate on 1) the use of attacker personas as a technique for attacker profiling, 2) the design of tailor-made cyber defense exercises for the purpose of obtaining the necessary empirical data for the construction of such attacker personas, and 3) how attacker personas can be used for enhancing the situational awareness within the cyber domain. The paper concludes by discussing the possibilities and limitations of using cyber defense exercises for data gathering, and what can and cannot be studied in such exercises.

  • 7.
    Fazlollahi, Ariyan
    et al.
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS. KTH Royal Institute of Technology, Sweden.
    Measuring the impact of enterprise integration on firm performance using data envelopment analysis2018In: International Journal of Production Economics, ISSN 0925-5273, E-ISSN 1873-7579, Vol. 200, p. 119-129Article in journal (Refereed)
    Abstract [en]

    Today, with rapidly developing technology and changing business models, organizations face rapid changes in both internal and external environments. To be able to rapidly respond to such changing environments, integration of software systems has become a top priority for many organizations. However, despite extensive use of software systems integration, quantitative methods for estimating the business value of such integrations are still missing. Using Data Envelopment Analysis (DEA) and the microeconomic concept of marginal rates, this study proposes a method for quantifying the effects of enterprise integration on the firm performance. In the paper, we explain how DEA can be used to evaluate the marginal benefits of enterprise integration. Our proposed method is to measure and compare the productive efficiency of firms using enterprise integration, specifically by relating the benefits produced to the resources consumed in the process. The method is illustrated on data collected from 12 organizations. The defined method has a solid theoretical foundation, eliminating the need for a priori information about the relationship between different measures. Furthermore, the framework could be used not only to quantify the business value of enterprise integration, but also to estimate trade-offs and impacts of other subjective managerial goals on the results. The major limitation of the proposed method is the absence of a comprehensive theory relating IT architecture changes to organizational outcomes. The underlying model is strongly dependent on the relevancy and accuracy of the included variables, as well as number of data units, introducing uncertainties to the outcomes of the model.

  • 8.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Cyber Insurance Against Electronic Payment Service Outages: A Document Study of Terms and Conditions from Electronic Payment Service Providers and Insurance Companies2018In: Security and Trust Management: 14th International Workshop, STM 2018, Barcelona, Spain, September 6–7, 2018, Proceedings / [ed] Sokratis K. Katsikas & Cristina Alcaraz, Cham, Switzerland: Springer Nature Switzerland AG , 2018, p. 73-84Conference paper (Refereed)
    Abstract [en]

    Society is becoming increasingly dependent on IT services. One example is the dependence of retailers on electronic payment services. This article investigates the terms and conditions offered by three electronic payment service providers, finding that they only guarantee best effort availability. As potential mitigation, five cyber insurance policies are studied from the perspective of coverage of electronic payment service outages. It is concluded that cyber insurance does indeed give some protection, but that coverage differs between insurers and between different policy options offered. Thus, a retailer who wishes to purchase cyber insurance should take care to understand what is on offer and actively select appropriate coverage.

  • 9.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Driftavbrott i samhällsviktiga it-tjänster2018Report (Other (popular science, discussion, etc.))
    Abstract [sv]

    Det moderna samhället är beroende av it-tjänster. Driftavbrott kan leda till allt från kortare elavbrott till brist på livsmedel eller läkemedel. Projektet DRISTIG har under drygt två år studerat driftavbrott i samhällsviktiga it-tjänster. Rapporten redovisar kort några forskningsresultat relaterade till kostnader för avbrott, försäkringar mot avbrott och så kallade Service Level Agreements(SLA).

  • 10.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Militär kompetens i de tänkande maskinernas tidsålder2016In: Kungl Krigsvetenskapsakademiens Handlingar och Tidskrift, ISSN 0023-5369, no 3, p. 68-76Article in journal (Other academic)
    Abstract [en]

    Recent advances in Artificial Intelligence have spawned a prolific debate about the future of employment and labour in a world where even intellectual work can be performed by algorithms and robots rather than humans. This article discusses the impact of this development on military professions, and on the very concept of military professionalism. Considering military capability to be built from physical, conceptual, and moral factors, it is observed that with increasing automation of the first and second factors, the human contribution will increasingly be in the third, moral, realm. It is also argued that such a human contribution can still tip the scales, even in a high-­tech conflict. Reasoning by analogies, it is claimed that ‘man or machine’ is a false dichotomy, that the challenge is, rather, to find the best combination of the two and that this holds true also in highly intellectual aspects of warfighting, such as intelligence analysis. The article is concluded with some reflections on the challenge of creating innovative military organizations that are tolerant to new divisions of labour between man and machine.

  • 11.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    The cyber insurance market in Sweden2017In: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 68, p. 130-144Article in journal (Refereed)
    Abstract [en]

    This article is a characterization of the cyber insurance market in Sweden. As empirical investigations of cyber insurance are rarely reported in the literature, the results are novel. The investigation is based on semi-structured interviews with 10 insurance companies active on the Swedish market, and additional interviews with 2 re-insurance companies and 3 insurance intermediaries. These informants represent essentially all companies selling cyber insurance on the Swedish market. Findings include descriptions of the coverages offered, including discrepancies between insurers, and the underwriting process used. Typical annual premiums are found to be in the span of some 5–10 kSEK per MSEK indemnity limit, i.e. 0.5–1% of the indemnity limit. For business interruption coverage, waiting periods are found to be relatively long compared to many outages. Furthermore, insurance companies impose information and IT security requirements on their customers, and do not insure customers that are too immature or have too poor security. Thus cyber insurance, in practice, is not merely an instrument of risk transfer, but also contains aspects of avoidance and mitigation. Based on the findings, market segmentation, pricing, business continuity, and asymmetry of information are discussed, and some future work is suggested.

  • 12.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Towards Increased Transparency in Digital Insurance2019In: ERCIM News, ISSN 0926-4981, E-ISSN 1564-0094, no 116, p. 23-24Article in journal (Refereed)
    Abstract [en]

    Automated decision-making has the potential to increase both productivity and competitiveness as well as compensate for well-known human biases and cognitive flaws [1]. But today’s powerful machine-learning based technical solutions also bring about problems of their own – not least in terms of being uncomfortably black-box like. A new research project at RISE Research Institutes of Sweden, in collaboration with KTH Royal Institute of Technology, has recently been set up to study transparency in the insurance industry, a sector that is poised to undergo technological disruption.

  • 13.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Towards Preference Elicitation for Trade-Offs between Non-Functional Properties2016In: 2016 IEEE 20th International Enterprise Distributed Object Computing Conference (EDOC), 2016Conference paper (Refereed)
    Abstract [en]

    In the design and evolution of software intensive systems, it is desirable to make informed decisions as early as possible in the life cycle. To do this, it is both necessary to be able to predict properties of these future systems and to know how one would like to prioritize among those properties. This paper addresses the latter problem of how to make trade-offs between non-functional properties of software intensive systems. An approach based on the elicitation of utility functions from stake-holders and subsequent checks for consistency among these functions is proposed. A sample GUI is presented, along with some examples. Limitations are discussed and several avenues for future work, including empirical validation, are proposed.

  • 14.
    Franke, Ulrik
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Buschle, M.
    Zeb.consulting, Sweden.
    Jung, J.
    Frankfurt University of Applied Sciences, Germany.
    Message from the TEAR 2018 Workshop Chairs2018In: Proceedings - IEEE International Enterprise Distributed Object Computing Workshop, EDOCW, 2018, p. XVI-XVIIConference paper (Other academic)
    Abstract [en]

    This paper gives a brief overview of the 13th Workshop on Trends in Enterprise Architecture Research (TEAR) organized in conjunction with EDOC 2018. The paper introduces the Workshop research topics and presents the accepted papers.

  • 15.
    Franke, Ulrik
    et al.
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory. KTH Royal Institute of Technology, Sweden.
    Buschle, Markus
    KTH Royal Institute of Technology, Sweden; Zeb/Consulting, Sweden.
    Experimental Evidence on Decision-Making in Availability Service Level Agreements2016In: IEEE Transactions on Network and Service Management, ISSN 1932-4537, E-ISSN 1932-4537, Vol. 13, no 1, p. 58-70, article id 7360206Article in journal (Refereed)
    Abstract [en]

    As more enterprises buy information technology services, studying their underpinning contracts becomes more important. With cloud computing and outsourcing, these service level agreements (SLAs) are now often the only link between the business and the supporting IT services. This paper presents an experimental economics investigation of decision-making with regard to availability SLAs, among enterprise IT professionals. The method and the ecologically valid subjects make the study unique to date among IT service SLA studies. The experiment consisted of pairwise choices under uncertainty, and subjects (N=46) were incentivized by payments based on one of their choices, randomly selected. The research question investigated in this paper is: Do enterprise IT professionals maximize expected value when procuring availability SLAs, as would be optimal from the business point of view? The main result is that enterprise IT professionals fail to maximize expected value. Whereas some subjects do maximize expected value, others are risk-seeking, risk-averse, or exhibit nonmonotonic preferences. The nonmonotonic behavior in particular is an interesting observation, which has no obvious explanation in the literature. For a subset of the subjects (N=29), a few further hypotheses related to associations between general attitude to risk or professional experience on the one hand, and behavior in SLAs on the other hand, were investigated. No support for these associations was found. The results should be interpreted with caution, due to the limited number of subjects. However, given the prominence of SLAs in modern IT service management, the results are interesting and call for further research, as they indicate that current professional decision-making regarding SLAs can be improved. In particular, if general attitude to risk and professional experience do not impact decision-making with regard to SLAs, more extensive use of decision-support systems might be called for in order to facilitate proper risk management.

  • 16.
    Franke, Ulrik
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Ciccozzi, Federico
    Mälardalen University, Sweden.
    Characterization of trade-off preferences between non-functional properties2018In: Information Systems, ISSN 0306-4379, E-ISSN 1873-6076, Vol. 74, p. 86-102Article in journal (Refereed)
    Abstract [en]

    Efficient design and evolution of complex software intensive systems rely on the ability to make informed decisions as early as possible in the life cycle. Such informed decisions should take both the intended functional and non-functional properties into account. Especially regarding the latter, it is both necessary to be able to predict properties and to prioritize them according to well-defined criteria. In this paper we focus on the latter problem, that is to say how to make trade-offs between non-functional properties of software intensive systems. We provide an approach based on the elicitation of utility functions from stake-holders and subsequent checks for consistency among these functions. The approach is exploitable through an easy-to-use GUI, which is also presented. Moreover, we describe the setup and the outcome of our two-fold validation based on exploratory elicitations with students and practitioners

  • 17.
    Franke, Ulrik
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS. FOI Swedish Defence Research Agency, Sweden.
    Cohen, Mika
    FOI Swedish Defence Research Agency, Sweden.
    Sigholm, Johan
    FHS Swedish Defence University, Sweden.
    What can we learn from enterprise architecture models? An experiment comparing models and documents for capability development2018In: Software and Systems Modeling, ISSN 1619-1366, E-ISSN 1619-1374, Vol. 17, no 2, p. 695-711Article in journal (Refereed)
    Abstract [en]

    Enterprise architecture (EA) has been established as a discipline to cope with the complex interactions of business operations and technology. Models, i.e., formal descriptions in terms of diagrams and views, are at the heart of the approach. Though it is widely thought that such architecture models can contribute to improved understanding and decision making, this proposition has not rigorously been tested. This article describes an experiment conducted with a real EA model and corresponding real traditional documents, investigating whether the model or the documents lead to better and faster understanding. Understanding is interesting to study, as it is a prerequisite to other EA uses. The subjects (N=98">N=98N=98 ) were officer cadets, and the experiment was carried out using a comprehensive description of military Close Air Support capability either (1) in the form of a MODAF model or (2) in the form of traditional documents. Based on the results, the model seems to lead to better, though not faster, understanding.

  • 18.
    Franke, Ulrik
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Draeger, Joachim
    IABG mbH, Germany.
    Two simple models of business interruption accumulation risk in cyber insurance2019Conference paper (Refereed)
    Abstract [en]

    As modern society becomes ever more dependenton IT services, risk management of cyber incidents becomes more important. Cyber insurance is one tool, among others, for such risk management that has received much attentionin the past few years. One obstacle to well-functioning cyberinsurance, however, is the fact that cyber accumulation risk remains poorly understood, despite efforts from practitioners and scientists.

    In this article, we address the accumulation risk of business interruption incidents, an area that has received less attention than the accumulation risk of data breach incidents. Two simple models are introduced: First, a model that takes the insurer’s perspective and explores the impact on aggregated claims cost from incidents that unintentionally propagate between firms. Second, a model that takes the insured’s perspective, considering the impacts of limited incident management capacity and showing that there is sometimes an economic case for collectively funding additional incident managers. The paper is concluded with some reflections on the models and an outlook.

  • 19.
    Franke, Ulrik
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Meland, Per Håkon
    SINTEF Digital, Norway.
    Demand side expectations of cyber insurance2019Conference paper (Refereed)
    Abstract [en]

    Cyber insurance has attracted much attention fromboth practitioners, policymakers and academics in the past fewyears. However, it also faces some challenges before it can reachits full potential as a tool for better cyber risk management. Onesuch challenge is the gap between what customers expect andwhat insurers really offer.

    This paper investigates this gap empirically, based on interviewswith informant companies in Norway and Sweden consideringcyber insurance. The expectations expressed in the interviewsare compared to anonymized incident claims reports and claimsstatistics for 2018 from a global insurance intermediary.

    The results show no obvious pattern of discrepancies betweendifferent domains. However, informant expectations on businessinterruption coverage are much greater than one would expectfrom its share of claims. In this respect, informant expectationson business interruption coverage are more aligned with somerecently published scenarios on possible major business interruptions.

  • 20.
    Funcke, Alexander
    et al.
    University of Pennsylvania, US.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Partial participation towards collective action: To stifle or instigate2016In: Rationality and Society, ISSN 1043-4631, E-ISSN 1461-7358, Vol. 28, no 4, p. 453-467Article in journal (Refereed)
    Abstract [en]

    In this paper we extend the Granovetter threshold model with partial participation towards a collective action. That is, agents may partake by conducting an action that is less costly than the ultimate collective action, but costly enough to signal a commitment to the cause. We show that it is not just the exact distribution of thresholds, but also the distribution of available actions that determines whether a collective action will be achieved. We suggest and prove propositions for how both an inventive “activist” and a “dictator” may strategically change the signaling value of existing actions, or introduce new ones, in order to either instigate or stifle collective action. Applying the theory to revolutions, we argue that new technology can play a role beyond that of communication and synchronization, viz. that of adding modes of partial, less arduous, participation.

  • 21.
    Guerreiro, Sérgio
    et al.
    Lusófona University, Portugal; Formetis, Netherlands.
    Gaaloul, Khaled
    LIST Luxembourg Institute of Science and Technology, Luxembourg.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Analysis of Enterprise Architecture Evolution Using Markov Decision Processes2016In: Enterprise and Organizational Modeling and Simulation / [ed] Robert Pergl, Martin Molhanec, Eduard Babkin, Samuel Fosso Wamba, 2016, Vol. 272, p. 37-51Conference paper (Refereed)
    Abstract [en]

    Enterprise architecture (EA) offers steering instruments to aid architects in their decision-making process. However, the management of such a process is a challenging task for enterprise architects, due to the complex dependencies amongst EA models when evolving from an initial to a subsequent state. In this paper, we design, present and analyze an approach supporting EA model evolution. In doing so, we define EA artifacts dependencies and model their corresponding evolutions during change. Then, this model is processed using a feedback control schema to fully inform the EA design decisions. An access control model for an inventory case study is introduced to reason on issues connected to this evolution. The results obtained by a stochastic solution (Markov Decision Processes) are used to argue about the usefulness and applicability of our proposal.

  • 22.
    Ibrahimovic, Semir
    et al.
    School of Economics and Business in Sarajevo, Bosnia and Herzegovina.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    A probabilistic approach to IT risk management in the Basel regulatory framework: A case study2017In: Journal of Financial Regulation and Compliance, ISSN 1358-1988, E-ISSN 1740-0279, Vol. 25, no 2, p. 176-195Article in journal (Refereed)
    Abstract [en]

    Purpose: This paper aims to examine the connection between information system (IS) availability and operational risk losses and the capital requirements. As most businesses today become increasingly dependent on information technology (IT) services for continuous operations, IS availability is becoming more important for most industries. However, the banking sector has particular sector-specific concerns that go beyond the direct and indirect losses resulting from unavailability. According to the first pillar of the Basel II accord, IT outages in the banking sector lead to increased capital requirements and thus create an additional regulatory cost, over and above the direct and indirect costs of an outage. Design/methodology/approach: A Bayesian belief network (BBN) with nodes representing causal factors has been used for identification of the factors with the greatest influence on IS availability, thus helping in investment decisions. Findings: Using the BBN model for making IS availability-related decisions action (e.g. bringing a causal factor up to the best practice level), organization, according to the presented mapping table, would have less operational risk events related to IS availability. This would have direct impact by decreasing losses, related to those events, as well as to decrease the capital requirements, prescribed by the Basel II accord, for covering operational risk losses. Practical implications: An institution using the proposed framework can use the mapping table to see which measures for improving IS availability will have a direct impact on operational risk events, thus improving operational risk management. Originality/value: The authors mapped the factors causing unavailability of IS system to the rudimentary IT risk management framework implied by the Basel II regulations and, thus, established an otherwise absent link from the IT availability management to operational risk management according to the Basel II framework.

  • 23.
    Johnson, Pontus
    et al.
    KTH Royal Institute of Technology, Sweden.
    Lagerström, Robert
    KTH Royal Institute of Technology, Sweden.
    Ekstedt, Mathias
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Can the Common Vulnerability Scoring System be Trusted?: A Bayesian Analysis2018In: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 15, no 6, p. 1002-1015Article in journal (Refereed)
    Abstract [en]

    The Common Vulnerability Scoring System (CVSS) is the state-of-the art system for assessing software vulnerabilities. However, it has been criticized for lack of validity and practitioner relevance. In this paper, the credibility of the CVSS scoring data found in five leading databases – NVD, X-Force, OSVDB, CERT-VN, and Cisco – is assessed. A Bayesian method is used to infer the most probable true values underlying the imperfect assessments of the databases, thus circumventing the problem that ground truth is not known. It is concluded that with the exception of a few dimensions, the CVSS is quite trustworthy. The databases are relatively consistent, but some are better than others. The expected accuracy of each database for a given dimension can be found by marginalizing confusion matrices. By this measure, NVD is the best and OSVDB is the worst of the assessed databases

  • 24.
    Johnson, Pontus
    et al.
    KTH Royal Institute of Technology, Sweden.
    Lagerström, Robert
    KTH Royal Institute of Technology, Sweden.
    Ekstedt, Mathias
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Modeling and analyzing systems-of-systems in the multi-attribute prediction language (MAPL)2016In: Proceedings of the 4th International Workshop on Software Engineering for Systems-of-Systems, ACM Press, 2016, p. 1-7Conference paper (Refereed)
    Abstract [en]

    The Multi-Attribute Prediction Language (MAPL), an analysis metamodel for non-functional qualities of systems-of-systems, is introduced. MAPL features analysis in five non-functional areas: service cost, service availability, data accuracy, application coupling, and application size. In addition, MAPL explicitly includes utility modeling to make trade-offs between the qualities. The paper introduces how each of the five non-functional qualities is modeled and quantitatively analyzed based on the ArchiMate standard for enterprise architecture modeling and the previously published Predictive, Probabilistic Architecture Modeling Framework, building on the well-known UML and OCL formalisms. The main contribution of MAPL lies in combining all five non-functional analyses into a single unified framework.

  • 25.
    Lagerström, Robert
    et al.
    KTH Royal Institute of Technology, Sweden.
    Johnson, Pontus
    KTH Royal Institute of Technology, Sweden.
    Ekstedt, Mathias
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Shahzad, Khurram
    KTH Royal Institute of Technology, Sweden.
    Automated Probabilistic System Architecture Analysis in the Multi-Attribute Prediction Language (MAPL): Iteratively Developed using Multiple Case Studies2017In: Complex Systems Informatics and Modeling, ISSN 2255-9922, Vol. 11, p. 38-68Article in journal (Refereed)
    Abstract [en]

    The Multi-Attribute Prediction Language (MAPL), an analysis metamodel for non-functional qualities of system architectures, is introduced. MAPL features automate analysis in five non-functional areas: service cost, service availability, data accuracy, application coupling, and application size. In addition, MAPL explicitly includes utility modeling to make trade-offs between the qualities. The article introduces how each of the five non-functional qualities are modeled and quantitatively analyzed based on the ArchiMate standard for enterprise architecture modeling and the previously published Predictive, Probabilistic Architecture Modeling Framework, building on the well-known UML and OCL formalisms. The main contribution of MAPL lies in the probabilistic use of multi-attribute utility theory for the trade-off analysis of the non-functional properties. Additionally, MAPL proposes novel model-based analyses of several non-functional attributes. We also report how MAPL has iteratively been developed using multiple case studies.

  • 26.
    Olsson, Thomas
    et al.
    RISE - Research Institutes of Sweden, ICT, SICS.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Introduction to Service Level Agreements2019Report (Other academic)
    Abstract [en]

    Modern industrial production environments are rapidly transforming.Concepts such as smart industry and Industry 4.0 encompass many expectations onhow digital technology can improve industrial plants. Some strands are betteralgorithms for robotics, better situational awareness through ubiquitous RFID,fewer production interruptions through smarter predictive maintenance, and moreagile production lines enabling greater customization of products. Many of theseideas depend on reliable access to IT services such computing power and dataavailability. If these falters, the benefits will not materialize. Therefore,it is crucial to study the Service Level Agreements (SLAs) that are used toregulate such services.

  • 27.
    Papatheocharous, Efi
    et al.
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Decision-Making in Automotive Software Development: An Observational Study2016In: New Trends in Software Methodologies, Tools and Techniques / [ed] Hamido Fujita, George Angelos Papadopoulos, IOS Press, 2016, Vol. 286, p. 59-68Conference paper (Refereed)
    Abstract [en]

    This paper reports results from an independent observational study of an automotive software development research project. The study is carried out as a monitoring activity of the project, which is inexpensive but still representative of real automotive software development cases, thus providing the basis for more rigorous studies. The objective is to take initial steps to improve our understanding of architectural decision-making in the development of software in the automotive domain. The key findings summarize issues surfacing during the development process related to the problem articulation and formulation, the impact of participant experience, the definition of requirements, the decision process, and the effect of the decisions made on the system architecture evolution. The paper offers some insights that can be useful to gain understanding of how decisions are typically made in real settings, i.e., based on gut-feeling, which is important when designing decision support systems for architectural design decisions.

  • 28.
    Varga, Stefan
    et al.
    KTH Royal Institute of Technology, Sweden.
    Brynielsson, Joel
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE - Research Institutes of Sweden, ICT, SICS.
    Information requirements for national level cyber situational awareness2018In: Proceedings of the 2018 IEEE/ACM International Conference on Advances in Social Networks Analysis and Mining, ASONAM 2018, 2018, p. 774-781Conference paper (Refereed)
    Abstract [en]

    As modern societies become more dependent on IT services, the potential impact both of adversarial cyberattacks and non-adversarial service management mistakes grows. This calls for better cyber situational awareness-decision-makers need to know what is going on. The main focus of this paper is to examine the information elements that need to be collected and included in a common operational picture in order for stakeholders to acquire cyber situational awareness. This problem is addressed through a survey conducted among the participants of a national information assurance exercise conducted in Sweden. Most participants were government officials and employees of commercial companies that operate critical infrastructure. The results give insight into information elements that are perceived as useful, that can be contributed to and required from other organizations, which roles and stakeholders would benefit from certain information, and how the organizations work with creating cyber common operational pictures today. Among findings, it is noteworthy that adversarial behavior is not perceived as interesting, and that the respondents in general focus solely on their own organization.

  • 29.
    Välja, Margus
    et al.
    KTH Royal Institute of Technology, Sweden.
    Korman, Matus
    KTH Royal Institute of Technology, Sweden.
    Lagerström, Robert
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Ekstedt, Mathias
    KTH Royal Institute of Technology, Sweden.
    Automated architecture modeling for enterprise technology manageme using principles from data fusion: A security analysis case2016In: PICMET 2016 - Portland International Conference on Management of Engineering and Technology: Technology Management For Social Innovation, Proceedings, 2016, p. 14-22, article id 7806662Conference paper (Refereed)
    Abstract [en]

    Architecture models are used in enterprise management for decision support. These decisions range from designing processes to planning for the appropriate supporting technology. It is unreasonable for an existing enterprise to completely reinvent itself. Incremental changes are in most cases a more resource efficient tactic. Thus, for planning organizational changes, models of the current practices and systems need to be created. For mid-sized to large organizations this can be an enormous task when executed manually. Fortunately, there's a lot of data available from different sources within an enterprise that can be used for populating such models. The data are however almost always heterogeneous and usually only representing fragmented views of certain aspects. In order to merge such data and obtaining a unified view of the enterprise a suitable methodology is needed. In this paper we address this problem of creating enterprise architecture models from heterogeneous data. The paper proposes a novel approach that combines methods from the fields of data fusion and data warehousing. The approach is tested using a modeling language focusing on cyber security analysis in a study of a lab setup mirroring a small power utility's IT environment.

  • 30.
    Välja, Margus
    et al.
    KTH Royal Institute of Technology, Sweden.
    Lagerström, Robert
    KTH Royal Institute of Technology, Sweden.
    Korman, Matus
    KTH Royal Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Bridging the gap between business and technology in strategic decision-making for cyber security management2016In: PICMET 2016 - Portland International Conference on Management of Engineering and Technology: Technology Management For Social Innovation, Proceedings, 2016, p. 32-42, article id 7806663Conference paper (Refereed)
    Abstract [en]

    System architectures are getting more and more complex. Thus, making strategic decisions when it comes to managing systems is difficult and needs proper support. One arising issue that managers need to take into account when changing their technology is security. No business is spared from threats in today's connected society. The repercussions of not paying this enough attention could result in loss of money and in case of cyber physical systems, also human lives. Thus, system security has become a high-level management issue. There are various methods of assessing system security. A common method that allows partial automation is attack graph based security analysis. This particular method has many variations and wide tool support. However, a complex technical analysis like the attack graph based one needs experts to run it and interpret the results. In this paper we study what kind of strategic decisions that need the support of threat analysis and how to improve an attack graph based architecture threat assessment method to fit this task. The needs are gathered from experts working with security management and the approach is inspired by an enterprise architecture language called ArchiMate. The paper contains a working example. The proposed approach aims to bridge the gap between technical analysis and business analysis making system architectures easier to manage.

  • 31.
    Wohlin, Claes
    et al.
    Blekinge Institute of Technology, Sweden.
    Wnuk, Krzysztof
    Blekinge Institute of Technology, Sweden.
    Smite, Darja
    Blekinge Institute of Technology, Sweden.
    Franke, Ulrik
    RISE, Swedish ICT, SICS, Software and Systems Engineering Laboratory.
    Badampudi, Deepika
    Blekinge Institute of Technology, Sweden.
    Cicchetti, Antonio
    Mälardalen University, Sweden.
    Supporting Strategic Decision-Making for Selection of Software Assets2016In: Software Business / [ed] Maglyas A., Lamprecht AL., 2016, Vol. 240Conference paper (Refereed)
    Abstract [en]

    Companies developing software are constantly striving to gain or keep their competitive advantage on the market. To do so, they should balance what to develop themselves and what to get from elsewhere, which may be software components or software services. These strategic decisions need to be aligned with business objectives and the capabilities and constraints of possible options. These sourcing options include: in-house, COTS, open source and outsourcing. The objective of this paper is to present an approach to support decision-makers in selecting appropriate types of origins in a specific case that maximizes the benefits of the selected business strategy. The approach consists of three descriptive models, as well as a decision process and a knowledge repository. The three models are a decision model that comprises three cornerstones (stakeholders, origins and criteria) and is based on a taxonomy for formulating decision models in this context, and two supporting models (property models and context models).

1 - 31 of 31
CiteExportLink to result list
Permanent link
Cite
Citation style
  • apa
  • harvard1
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Other style
More styles
Language
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Other locale
More languages
Output format
  • html
  • text
  • asciidoc
  • rtf
v. 2.35.7