Study on Architecture-Oriented Information Security Management Model

Tsai, Chiang-nan

07 January 2009

Information security, sometimes referred as enterprise security, plays a very important and professional role in the enterprises. Therefore, information security management is getting more and more popularity among the enterprises in recent years. Several aspects on information, such as technical documents, research and development plans, product quotations, are considered as core assets in one company. How to effectively manage and realize an information security system has become a key for a company¡¦s survival. The international information security management standard, ISO 27001:2005, which includes personnel security, technology security, physical security and management security has been promulgated. When bringing in an information security management system, a company usually embraces the process-oriented approach which treats the system¡¦s structure view and behavior view separately. Separating structure view from behavior view during the planning phase may cause many difficulties, such as uneven distribution of resources, poor safety performance, bad risk management, poor system management and so on, when working on the later realization and verification phase of the information security management system¡¦s construction. Up to date, there is no enterprise architecture theory for information security management system. This research utilizes architecture-oriented modeling methodology so that structure view and behavior view are coalesced when decomposing the information security management system to obtain structural elements and behaviors deriving from interactions among these structure elements. By adopting structure behavior coalescence, abbreviated as SBC, which includes ¡§architecture hierarchy diagram", "structure element diagram", "structure element service diagram", "structure element connection diagram", "structure behavior coalescence diagram", and "interactive flow diagram", this research constructs a complete architecture-oriented information security management model, abbreviated as AOISMM. This research is the first study using architecture-oriented approach to construct the information security management system. Also, AOISMM solves many difficulties caused by the process-oriented approach when constructing information security management systems. These are the contributions of this research.

Enterprise Architecture

Enterprise Security

Information Security

Study on Architecture-Oriented WiMAX Billing Model

Lan, Ya-Wen

16 February 2009

On a market of free competition, when consumers select their telecommunication service provider, they will not only consider basic elements such as the installation fee, call rate, and telecommunication reliability but also whether the provider can furnish the desired customer service, which is especially important. For most consumers, an essential part of customer service is the payment service. Due to the fact that there is not much difference in the technology, communication facilities and the type of business provided by different companies in the telecommunication industry, billing system and related customer services accordingly become the key differential factor and play a indispensable role in the decision-making process of customers. Moreover, as far as the operation, management, and strategy are concerned, billing system is the key backup for telecommunication enterprises. Establishing a billing system meeting the requirement of an enterprise that can provide the desired customer services hence becomes a priority for large telecommunication companies wishing to gain the upper hand in competition. This research uses the software architecture concept to develop a set of description language for the WiMAX billing management system based on which the architecture-oriented WiMAX billing management system model, abbreviated as AOWBMSM, is formulated. AOWBMSM is an integral model of the WiMAX billing management system framework which adopts the structure behavior coalescence, abbreviated as SBC, approach. It can clearly and completely describe the WiMAX billing management system and hopefully can serve as a model with more reference value when enterprises are planning, analyzing, and designing their payment system.

Structure Behavior Coalescence

Software Architecture

Study on Architecture-Oriented Project Risk Management Model

Hung, Mao-feng

23 June 2009

This research studies the six strategies of Project Risk Management defined by a Guide to Project Management Body of Knowledge (PMBOK) issued by U.S. Project Management Institute (PMI), the model of risk management invented by Boehm in 1991, and an enterprise architecture tool. As a result, this research comes out Architecture-Oriented Project Risk Management Model, abbreviated as AOPRMM, which emphasizes structure behavior coalescence within an organization. AOPRMM thoroughly describe the organization¡¦s integrity and the services provided by various structure elements. Moreover, AOPRMM is able to demonstrate the relationship of interaction among structure elements. Currently, most risk management models are categorized into the process-oriented approach. This research utilizes architecture-oriented as a new approach for modeling the project risk management. The model used in our approach is compared with those such as standard model of ISO 31000, standard model of New Zealand, and standard model of Taiwanese government. The result of this research shows that AOPRMM could help project managers master the whole project in a short period of time, implement the project easily, and lower the cost. By applying AOPRMM, the industries could regulate standard operations, and clarify the responsibility and authority in order to implement the project risk management successfully. This research achieves a beneficial model and knowledge for the project risk management. This accomplishment may be valuable for the business and academic circles to follow and refer.

Structure Behavior Coalescence

Enterprise Architecture

Project Risk Management

Study on Architecture-Oriented Electric Arc Furnace Manufacturing System Model

Huang, Bo-ham

25 June 2009

The electric arc furnace steelmakers produce steel across wide ranging sizes and different quality levels. The method of using electric arc for melting is an important process to produce steel from iron or scraps. The diversity of products and markets makes the steelmakers to operate within a large number of constraints of limited enterprise resources, so the electric arc furnace manufacturing system faces problems to integrate the enterprise resource planning system with the manufacturing execution system. The international automation society has come out a solution with an international standard, also known as ISA-95 aimed to help manufacturing industries such as electric arc furnace steelmakers, for the integration of enterprises and control systems. However, ISA-95 only emphasizes on the integration of enterprises and control systems, but does not provide a whole picture of the entire system. This research utilizes the tool of system architecture to develop the architecture-oriented electric arc furnace manufacturing system model, abbreviated as AOEAFMSM, to illustrate coherently the structure view and the behavior view of the electric arc furnace manufacturing system. Furthermore, AOEAFFMSM is able to fully describe many other views of the electric arc furnace manufacturing system. This capability satisfies everybody¡¦s need for capturing different views of the system. Consequentially, AOEAFFMSM simplifies the software development and reduces many communication difficulties among system developers and customers. In modeling the electric arc furnace manufacturing system model, AOEAFFMSM is superior to ISA-95.

Structure View

System Architecture

Behavior View

Study on Architecture-Oriented Vehicle Electronic Product Requirement Model

Chiu, Chun-Lung

08 January 2013

The electronic system in automobiles has become more important in providing safety, comfort and entertainment, at the same time less harmful to the environment. Due to the fact that there are varieties in automobile electronic devises, product development has become more complex. For example, shortening product development period while maintaining quality and fulfilling requirements of each company are all important issues. The development of automobile electronic products cannot only emphasize on functionality but also need to be more customer-oriented to fulfill the needs and expectations of the users. The initial phase of product development should focus on confirming the types of products with clients in order to develop and manufacture into what have been expected. The goal of product development expected by the market has obvious differences with the actual products that have been manufactured. The reason for the differences is the emphasis on functionality during the initial phase of product development. Also, the development process has focused mainly on technological development instead of customer expectations and the changes that occur during the product life cycle, which brings in the need for ¡§Requirements Management.¡¨ Problems such as large amount of development cost, compensation, loss of order and reliability can be resolved through the application of ¡§Requirements Management.¡¨ Through observation and interviews with management team and project managing engineers, what is lacking is the method of demand analysis for system engineer of suppliers during the demand analysis stage to better analyze customer needs and to combine with existing system; thus managers can utilize the requirement analysis method to familiarize with the product. In addition, system engineers can better distribute resources and confirm demands. Based on the architecture-oriented model for auto electrical products, demand analysis method can clearly integrated different aspects, including structural and behavioral. These statistics can be utilized in the following phases during project development, such as system design, production, testing, and proofing stages, especially where integration with software, electrical and structural system is important and complex for the development of auto electrical products. The architecture-oriented model can maintain consistency and can be traceable along with the requirements model.

System Engineering

Requirement Model

Structure-Behavior Coalescence

Requirement Analysis

Study on Architecture-Oriented Memory Assembly and Testing OEM Factory Manufacturing Resource Planning Management Model

Hsu, I-Cheng

12 June 2012

Memory assembly and testing OEM as the IC semiconductor backend process by Taiwan conducts 30% manufacturing output globally. Mainly 50% of the output focused on DRAM. The quality and shipping were headed as the key factor all over the world. The manufacturing process improved in South Korea and mainland China accompanied with the raw material price rising after the 311 earthquake in Japan, enterprises encountering enormous challenge so their OEM manufacturing needs to incorporate the copper wiring process and lower the cost to enhance the competitiveness. The rush orders exhausted the DRAM on-hand parts after economic recovery during the first half of 2011. The shortage mainly came from raw materials, human resources and equipments. Precise planning with elastic resource and information system control became the top priority. Therefore as Elpida, the DRAM manufacturer in Japan, filed the bankruptcy protection, memory assembly and testing OEM manufacturers should be paced in tuning the policy of enterprise, organization, production elements and information system to face the rapid global economic environments change. We propose architecture-oriented memory assembly and testing OEM factory manufacturing resource planning management model (AOMATOEMFMRPMM) in this study. AOMATOEMFMRPMM is an enterprise architecture which uses structure-behavior coalescence to define the components, operations and task forces during the planning of the manufacturing resources. AOMATOEMFMRPMM lets corporation supervisors understand and manipulate effectively the manufacturing resources, lessen the risk of re-organization, improve the quality of maintenance and efficiency of communication of the information system.

Structure-Behavior Coalescence

Enterprise Architecture

Study of Business Strategy Architecture-Oriented Integrated Model

Yen, Chien-nan

07 June 2007

¡@¡@Business strategy may lead the organization and people to achieve the strategy goals and let the stakeholder know the reason why the organization exists and the motive why people fight for missions. Therefore, business strategy management should be able to describe the business strategy clearly in order to assist to consolidate each point of view and enable business strategy achieve synergy effects. ¡@¡@The strategy map, adopting word, graphic and process languages, is used to describe the business strategy. However, the implementation and consolidation of these languages have problems that they cannot integrate business organization¡¦s ¡§Structure View¡¨ and ¡§Process View¡¨ together. ¡@¡@This research uses Strategy Architectural Description Language (SADL) to construct an Business Strategy Architecture-Oriented Integrated Model (BSAOIM) which utilizes the ¡§Union of Structure View and Process View¡¨ to enhance the insufficient description capability of the strategy map. ¡@¡@The result of the study shows that BSAOIM is from the huge view to the microcosmic, from whole to some merger strategy thinking. By SADL to consolidate business exclusive Strategy Architectural Diagram (SAD), The SAD integrates organizational structure and business process closely and provides various points of views to transform implicit into explicit knowledge, which is a paramount description tool that can transform the abstract concept into real system and enable the organization and people, under the instruction of strategy, implement strategies successfully.

Strategy Architecture

Strategy Management

Strategy Map

Strategy Architectural Diagram

Study on Architecture-Oriented Coast Guard Information Security Management Model

Chen, Chih-Ming

20 December 2011

With the popularity of computer networks, e-systems have enhanced the information flow within the Coast Guard Institute. Due to constant information security incidents, formulating policies and managing mechanisms become an important task of the internal security authorities. In this study, we construct an Architecture-Oriented Coast Guard Information Security Management Model (AOCGISMM) which is based on the six fundamental diagrams of Structure-Behavior Coalescence (SBC) Architecture. AOCGISMM, not only provides an integrated description of structure and behavior on the Coast Guard Institute Information Security operations, but also makes the employees within the organization easily to promote compliance.. AOCGISMM covers all structure and behavior of the whole Coast Guard Institute Information Security operations. Therefore, AOCGISMM describes the complete picture of Coast Guard Institute Information Security so that every employee shall understand and communicate well to meet the organization needs.

Architecture

Information Security Management

RefStratERP – A Refactoring Strategy for ERP Systems

Petkovic, Nikola

January 2017

Enterprise Resource Planning (ERP) systems are used to integrate all functions of an enterprise. They often evolve from a smaller monolithic object-oriented application, covering one functional area and organically grow over time in features and size until all functional areas are covered. Once they reach certain size, unrestricted dependencies among numerous classes increase complexity of the system and make it harder for development team to create new features and maintain code stability. This creates problems to further evolution of the ERP system and poses a risk to economic consequences for company developing it. ERP refactoring strategy, together with process of its creation, is presented in this thesis. It can be used with ERP systems, having architectural issues, with a purpose to improve quality of system’s architecture and thus prolong its lifecycle. The goal of modularizing monolithic system it pursued with intention to reduce complexity and make it easier to reason about the system. This architecture-level refactoring strategy is created for one specific medium-sized ERP system through iterative trial-and-error explorative approach. This thesis is carried out at the main development site for this ERP system by project team consisting of employees working on its development. The result shows the RefStratERP, an innovative refactoring strategy consisting of target architecture, refactoring process to reach it, refactoring principles and refactoring limitations. Contrary to initial expectation, arranging domain modules (modules containing business logic) in directed acyclic graph (DAG) is, in general, not feasible without sacrificing internal module cohesion of business logic. Accidental unidirectional dependency between two domain modules is at risk of becoming bidirectional under changing business requirements. On the other hand, non-domain modules (modules without business logic) could be completely separated from domain modules in a way that domain modules depend on non-domain modules. This comes from underlying nature of business domain and the fact that functional areas of an enterprise are interdependent. / Enterprise Resource Planning-system (ERP) används för att integrera alla funktioner inom ett företag. Oftast utvecklas dem från en mindre monolitisk objektorienterad applikation som täcker ett funktionellt område och växer organiskt över tiden i funktioner och storlek tills alla funktionella områden är täckta. När dem når en viss storlek ökar komplexiteten i systemet vilket gör det svårare fär utvecklingsteamet att skapa nya funktioner och hålla kodstabilitet. Detta skapar problem för fortsatt utveckling av ERP-systemet och utgör en risk för ekonomiska konsekvenser för utvecklingsföretaget. ERP refactoringstrategin, tillsammans med processen med att skapa den, presenteras i denna avhandling. Den kan användas med ERP-system, med arkitektoniska problem, med syfte att förbättra kvaliteten hos systemets arkitektur och därigenom förlänga dess livscykel. Målet att modularisera monolitiska system strävas efter i syfte att minska komplexiteten och göra det lättare att resonera kring systemet. En refaktorstrategi på arkitektnivå skapas för ett specifikt medelstort ERP-system genom en iterativ och försök-och-mistag-explorativ metod. Projektet genomfördes på ERPs huvudutvecklingsplats av ett projektteam bestående av anställda inom ERP utveckling. Resultatet visar RefStratERP, en innovativ refaktorstrategi som består av målarkitektur, refactoringprocess för att nå det, refactoringprinciper och refactoringbegränsningar. I motsats till inledande förväntningar är det i allmänhet inte möjligt att ordna domänmoduler (moduler som innehåller affärslogik) i en riktad acyklisk graf (DAG) utan att påverka interna modulsammanhang (cohesion) i affärslogiken. Oavsiktlig enriktad beroende mellan två domänmoduler riskerar att bli dubbelriktad under förändrade affärsbehov. Å andra sidan kan icke-domänmoduler (moduler utan affärslogik) helt separeras från domänmoduler så att domänmoduler beror på icke-domänmoduler. Detta kommer från underliggande egenskaper av affärsområden och det faktum att verksamhetsområden inom ett företag är beroende av varandra.

Refactoring Process

Refactoring Strategy

Architecture-Oriented Refactoring

Enterprise Application Architecture

Enterprise Resource Planning

Dependency Management

Domain Driven Design

Refactoprocessen

Refactorstrategi

Arkitektur Oriented Refactoring

Enterprise Application Architecture

Enterprise Resource Planning

Beroendehantering

Computer and Information Sciences

Data- och informationsvetenskap

Elektroteknik och elektronik