Posouzení informačního systému a návrh změn / Information System Assessment and Proposal of ICT Modification

Fojtík, Jakub

January 2010

The aim of this thesis is a description of information systems and a correct method of selection of the information system by an enterprise. It describes the subject with focus on ERP systems, situation and trends on the domestic market. It brings also benefits of the information systems for enterprises and common mistakes during information system selection process. Own solution for the analyzed company consists of information strategy proposal and the wide selection of the suitable information system. Additional proposals are stated contracted.

IT’S IN THE DATA : A multimethod study on how SaaS-businesses can utilize cohort analysis to improve marketing decision-making

Fridell, Gustav, Cedighi Chafjiri, Saam

January 2020

Incorporating data and analytics within marketing decision-making is today crucial for a company’s success. This holds true especially for SaaS-businesses due to having a subscription-based pricing model dependent on good service retention for long- term viability and profitability. Efficiently incorporating data and analytics does have its prerequisites but can for SaaS-businesses be achieved using the analytical framework of cohort analysis, which utilizes subscription data to obtain actionable insights on customer behavior and retention patterns. Consequently, to expand upon the understanding of how SaaS-businesses can utilize data-driven methodologies to improve their operations, this study has examined how SaaS-businesses can utilize cohort analysis to improve marketing decision-making and what the prerequisites are for efficiently doing so. Thus, by utilizing a multimethodology approach consisting of action research and a single caste study on the fast-growing SaaS-company GetAccept, the study has concluded that the incorporation and utilization of cohort analysis can improve marketing decision-making for SaaS-businesses. This conclusion is drawn by having identified that: The incorporation of cohort analysis can streamline the marketing decision-making process; and The incorporation of cohort analysis can enable decision-makers to obtain a better foundation of information to base marketing decisions upon, thus leading to an improved expected outcome of the decisions. Furthermore, to enable efficient data-driven marketing decision-making and effectively utilize methods such as cohort analysis, the study has concluded that SaaS- businesses need to fulfill three prerequisites, which have been identified to be: Management that support and advocate for data and analytics; A company culture built upon information sharing and evidence-based decision-making; and A large enough customer base to allow for determining similarities within and differences between customer segments as significant. However, the last prerequisite applies specifically for methods such as or similar to cohort analysis. Thus, by utilizing other methods, SaaS-businesses might still be able to efficiently utilize data-driven marketing decision-making, as long as the first two prerequisites are fulfilled.

saas

software as a service

software-as-a-service

data

cohort

cohort analysis

cohort-analysis

marketing

decision-making

decision making

marketing decision-making

marketing decision making

data

subscription

pricing model

data-driven

data driven

analytics

metrics

multimethod

multimethodology

action reserach

growth

profitability

segment

Engineering and Technology

Teknik och teknologier

Business Administration

Företagsekonomi

Computer and Information Sciences

Data- och informationsvetenskap

Integrating Trust-Based Adaptive Security Framework with Risk Mitigation to enhance SaaS User Identity and Access Control based on User Behavior

Akpotor Scott, Johnson

January 2022

In recent years, the emerging trends in cloud computing technologies have given rise to different computing services through the Internet. Organizations across the globe have seized this opportunity as a critical business driver for computing resource access and utilities that will indeed support significant business operations. Embracing SaaS as a crucial business factor enhances corporate business strategy through economies of scale, easy manageability, cost-effectiveness, non-geographical dependence, high reliability, flexible resources, and fast innovation. However, this has also come with various risks due to the limitation of traditional user identity and access control solutions’ inability to effectively identify and manage cloud users’ authorization process when interacting with the cloud. The limit can result in a legitimate user account's impersonation to carry out malicious activities after the user account is compromised to go undetected since traditional solutions seldom function based on user behavior trust level behind any account. Furthermore, the limitation is a significant vulnerability to the cloud environment. This vulnerability is known to be exploited by threats that can eventually lead to substantial unacceptable risks that can undermine security principles or requirements such as confidentiality, integrity, and availability. Significant consequences of this risk are categorized into financial damages, legal implications, reputational damages, and regulatory implications to the cloud environment. As a result, a solution that could contribute to the remediation of these potential risks incurred due to the limitation of user identity and access control management was proposed and designed as User Behavior Trust-Based Adaptive Security framework. The design aims to enhance how cloud users' identity and access control might be managed effectively based on a user behavior trust context and adaptation of corresponding access control measures through adaptive security. The design capability was manifested by integrating it into the standard ISO/2705:2018 Risk Management process. Although, there have been several good information security frameworks such as ISO/IEC 27005:2018 and other technical countermeasures such as SaaS Identity & Access Management (IDaaS) to deal with this risk on the public cloud services. However, they are based on static mitigation approaches, so there is a solid need to shift towards a more dynamic strategical approach. The presented design work, User Behavior Trust-Based Adaptive Security framework, intends to serve as a proposed guideline for risk mitigation that would enhance user identity and access control limitations across the cloud. The solution functions by a trust modeling process that evaluates cloud user activities to compute a user behavior comprehensive trust degree. The resulting data is further used as input feeds parameters into a policy decision point process. The policy decision point process adapts the input parameters to user behavior trust level and behavior risk rating to determine the appropriate access control decision. Ultimately, the adaptive security solution consults the policy decision points to dynamically enforce the corresponding controls measures based on the access control decision received as input feed. The report also conducts a risk assessment process to identify vulnerabilities, threats, and risks related to user behavior trust level and risk rating regarding SaaS resources. Then adapt the mitigation solution, User Behavior Trust-Based Adaptive Security framework, as a possible risk treatment within the risk management process ISO/2705:2018. This report uses a design methodology derived from User Behavior Trust Modelling scientific research work, Gartner Adaptive Security Architecture Model, and eXtensible Access Control Markup Language's policy decision point concept. The design evaluates user behavior trust level by the trust modeling, while the integrated policy decision point processes the trust level to make the access control decision which is later enforced by the adaptive security solution. The report further adapts the risk management procedure ISO/2705:2018 to identify risk from user behavior and trust level, then implements the design solution as a possible risk treatment. The research findings were documented as Results and Discussion, where the functional and operational aspects of the designed framework were provided. In addition, the effects of applying the framework as a possible risk treatment solution were observed through conducting an ISO/2705:2018 risk management procedure. The notable outcome of a reduction of identified risk levels was an improvement in user attitude or behavior, which eventually increased user behavior trust level and reduced associated behavior risk. At the same time, the discussion detailed the interpretation of the results, implications, and limitation of the research, why the framework could be considered a remediation solution beyond the state-of-the-art for cloud user identity and access management—precisely by integrating user behavior, trust, policy decision making with adaptive security into risk management process to reduce IDM-associated risk in the SaaS. Finally, this study has outlined the significance of adopting the designed framework as a possible mitigation solution to enhance the shortcomings of user identity and access control management in the cloud. It has demonstrated that SaaS identified risk can be reduced to an acceptable level when user behavior and activities are taken seriously. Insight into the current trust state and associated risk level of cloud users are vital for continuous risk monitoring and reduction. The solution is to be used as a recommended guideline that might significantly contribute to the research community and information security field of cloud security. Future research direction to consider the possibility of simulating and transforming this conceptual and abstract framework into a real-world working solution due to research work limitations. The framework was designed based on recognized and accepted scientific and technological principles and concepts, from user behavior trust modeling, eXtensible access control markup language, and adaptive security architecture. In addition, to extend this concept to a future research area that will focus exclusively on application-processes behavior.

Risk Assessment

Security countermeasure

Risk Management

Risk Mitigation

Adaptive Security Controls

Threats

Risk

Vulnerabilities

User Behavior Trust Degree

User Behavior Risk Rating

Policy Decision Point

Policy Enforcement Point

User Behavior Trust Model

Adaptive Security Architecture

SaaS

Public Cloud.

Computer Systems

Datorsystem

Telecommunications

Telekommunikation

Communication Systems

Kommunikationssystem

Annan elektroteknik och elektronik

IT’S IN THE DATA 2 : A study on how effective design of a digital product’s user onboarding experience can increase user retention

Fridell, Gustav

January 2021

User retention is a key factor for Software as a Service (SaaS) companies to ensure long-term growth and profitability. One area which can have a lasting impact on a digital product’s user retention is its user onboarding experience, that is, the methods and elements that guide new users to become familiar with the product and activate them to become fully registered users. Within the area of user onboarding, multiple authors discuss “best practice” design patterns which are stated to positively influence the user retention of new users. However, none of the sources reviewed showcase any statistically significant proof of this claim. Thus, the objective of this study was to: Design and implement a set of commonly applied design patterns within a digital product’s user onboarding experience and evaluate their effects on user retention Through A/B testing on the SaaS product GetAccept, the following two design patterns were evaluated: Reduce friction – reducing the number of barriers and steps for a new user when first using a digital product; and Monitor progress – monitoring and clearly showcasing the progress of a new user’s journey when first using a digital product. The retention metric used to evaluate the two design patterns was first week user retention, defined as the share of customers who after signing up, sign in again at least once within one week. This was tested by randomly assigning new users into different groups: groups that did receive changes related to the design patterns, and one group did not receive any changes. By then comparing the first week user retention data between the groups using Fisher’s exact test, the conclusion could be drawn that with statistical significance, both of the evaluated design patterns positively influenced user retention for GetAccept. Furthermore, due to the generalizable nature of GetAccept’s product and the aspects evaluated, this conclusion should also be applicable to other companies and digital products with similar characteristics, and the method used to evaluate the impact of implementing the design patterns should be applicable for evaluating other design patterns and/or changes in digital products. However, as the method used for data collection in the study could not ensure full validity of it, the study could and should be repeated with the same design patterns on another digital product and set of users in order to strengthen the reliability of the conclusions drawn.

saas

software as a service

software-as-a-service

data-driven

data driven

analytics

A/B testing

A/B-testing

AB testing

AB-testing

bucket testing

split-run testing

web

web development

application

design

design pattern

programming

software

Fisher's exact test

Fisher exact test

growth

onboarding

onboarding experience

retention

user retention

churn

digital product

digital

statistics

user onboarding

customer

profitability

Computer and Information Sciences

Data- och informationsvetenskap

Probability Theory and Statistics

Sannolikhetsteori och statistik

Human Computer Interaction

Software Engineering

Programvaruteknik

Business Administration

Företagsekonomi

Supply Chain Event Management – Bedarf, Systemarchitektur und Nutzen aus Perspektive fokaler Unternehmen der Modeindustrie

Tröger, Ralph

10 November 2014

Supply Chain Event Management (SCEM) bezeichnet eine Teildisziplin des Supply Chain Management und ist für Unternehmen ein Ansatzpunkt, durch frühzeitige Reaktion auf kritische Ausnahmeereignisse in der Wertschöpfungskette Logistikleistung und -kosten zu optimieren. Durch Rahmenbedingungen wie bspw. globale Logistikstrukturen, eine hohe Artikelvielfalt und volatile Geschäftsbeziehungen zählt die Modeindustrie zu den Branchen, die für kritische Störereignisse besonders anfällig ist. In diesem Sinne untersucht die vorliegende Dissertation nach einer Beleuchtung der wesentlichen Grundlagen zunächst, inwiefern es in der Modeindustrie tatsächlich einen Bedarf an SCEM-Systemen gibt. Anknüpfend daran zeigt sie nach einer Darstellung bisheriger SCEM-Architekturkonzepte Gestaltungsmöglichkeiten für eine Systemarchitektur auf, die auf den Designprinzipien der Serviceorientierung beruht. In diesem Rahmen erfolgt u. a. auch die Identifikation SCEM-relevanter Business Services. Die Vorzüge einer serviceorientierten Gestaltung werden detailliert anhand der EPCIS (EPC Information Services)-Spezifikation illustriert. Abgerundet wird die Arbeit durch eine Betrachtung der Nutzenpotenziale von SCEM-Systemen. Nach einer Darstellung von Ansätzen, welche zur Nutzenbestimmung infrage kommen, wird der Nutzen anhand eines Praxisbeispiels aufgezeigt und fließt zusammen mit den Ergebnissen einer Literaturrecherche in eine Konsolidierung von SCEM-Nutzeffekten. Hierbei wird auch beleuchtet, welche zusätzlichen Vorteile sich für Unternehmen durch eine serviceorientierte Architekturgestaltung bieten. In der Schlussbetrachtung werden die wesentlichen Erkenntnisse der Arbeit zusammengefasst und in einem Ausblick sowohl beleuchtet, welche Relevanz die Ergebnisse der Arbeit für die Bewältigung künftiger Herausforderungen innehaben als auch welche Anknüpfungspunkte sich für anschließende Forschungsarbeiten ergeben.

SCEM

Supply Chain Event Management

SOA

Serviceorientierte Architektur

EPCIS

EPC Information Services

Modeindustrie

Bedarf

Architektur

Systemarchitektur

Nutzen

SCEM-System

Business Services

Geschäftsorientierte Services

Supply Chain Management

SCM

Logistik

Fokale Unternehmen

Bekleidungsindustrie

Textilindustrie

Logistikleistung

Logistikkosten

Simulation

Service Science

Service Design

Event

Kritisches Ausnahmeereignis

Störung

Störereignis

Lieferkette

Wertschöpfungskette

Fallstudie

EPC

Electronic Product Code

Cloud Computing

Cloud-Infrastruktur

Cloud-ERP

Service-Identifikation

Service-Beschreibung

Gerry Weber

van Laack

Gardeur

Seidensticker

ThyssenKrupp

Deutsche Post

DHL

fTRACE

GS1

GS1 Germany

René Lezard

März München

Kybernetischer Regelkreis

Management by Exception

Supply Chain Risk Management

Supply Network Event Management

SNEM

Service-Repository

Service-Registry

Original Brand Manufacturer

OBM

SaaS

Software as a Service

RFID

Radio Frequency Identification

Komplexität

Störungsanfälligkeit

Nutzenpotenzial

SCEM-Lösung

Value Chain Integrator

Transaktionskostentheorie

Ressourcenbasierter Ansatz

Theorie der informatorischen Kaskaden

Systemtheorie

Prinzipal-Agent-Theorie

Theorien zur Informationsverarbeitung

Nutzenquantifizierung

Auto-ID

Automatische Identifikation

EDI

Electronic Data Interchange

Event-Typisierung

SCEM-Funktionen

SCEM-Funktionalitäten

Geschäftsprozesse

Servicekatalog

Servicekandidat

Servicespezifikation

Standard

Schnittstelle

Überwachen

Melden

Steuern

Messen

Simulieren

FMEA

Fehlermöglichkeits- und Einflussanalyse

SCEM-FMEA

Ereignisorientierte Simulation

Konfiguration

SCEM

Supply chain event management

SOA

Service-oriented architecture

EPCIS

EPC information services

Fashion industry

Need

Business need

Architecture

System architecture

Benefit

SCEM system

Business services

Business-oriented services

Supply chain management

SCM

Logistics

Apparel industry

Textile industry

Logistics performance

Logistics costs

Simulation

Service science

Service design

Event

Critical exception

Deviation

Disruption

Disruptive event

Supply chain

Value chain

Case study

EPC

Electronic product code

Cloud computing

Cloud infrastructure

Cloud ERP

Service identification

Service description

Gerry Weber

van Laack

Gardeur

Seidensticker

ThyssenKrupp

Deutsche Post

DHL

fTRACE

GS1

GS1 Germany

René Lezard

März München

Control system

Management by exception

Supply chain risk management

Supply network event management

SNEM

Service repository

Service registry

Original brand manufacturer

OBM

SaaS

Software as a Service

RFID

Radio Frequency Identification

Complexity

Vulnerability to disruptions

Potential

SCEM solution

Value chain integrator

Transaction cost theory

Resource-based view

Information cascades

System theory

Principal-agent theory

Information processing

AIDC

EDI

Electronic data interchange

Event classification

SCEM functions

SCEM functionalities

Business processes

Service catalogue

Service candidate

Service specification

Standard

Interface

Monitor

Notify

Simulate

Control

Measure

FMEA

Failure mode and effects analysis

SCEM FMEA

Discrete event simulation

Configuration

ddc:330

ddc:000

ddc:004

ddc:650

Supply Chain Event Management – Bedarf, Systemarchitektur und Nutzen aus Perspektive fokaler Unternehmen der Modeindustrie

Tröger, Ralph

17 October 2014

Supply Chain Event Management (SCEM) bezeichnet eine Teildisziplin des Supply Chain Management und ist für Unternehmen ein Ansatzpunkt, durch frühzeitige Reaktion auf kritische Ausnahmeereignisse in der Wertschöpfungskette Logistikleistung und -kosten zu optimieren. Durch Rahmenbedingungen wie bspw. globale Logistikstrukturen, eine hohe Artikelvielfalt und volatile Geschäftsbeziehungen zählt die Modeindustrie zu den Branchen, die für kritische Störereignisse besonders anfällig ist. In diesem Sinne untersucht die vorliegende Dissertation nach einer Beleuchtung der wesentlichen Grundlagen zunächst, inwiefern es in der Modeindustrie tatsächlich einen Bedarf an SCEM-Systemen gibt. Anknüpfend daran zeigt sie nach einer Darstellung bisheriger SCEM-Architekturkonzepte Gestaltungsmöglichkeiten für eine Systemarchitektur auf, die auf den Designprinzipien der Serviceorientierung beruht. In diesem Rahmen erfolgt u. a. auch die Identifikation SCEM-relevanter Business Services. Die Vorzüge einer serviceorientierten Gestaltung werden detailliert anhand der EPCIS (EPC Information Services)-Spezifikation illustriert. Abgerundet wird die Arbeit durch eine Betrachtung der Nutzenpotenziale von SCEM-Systemen. Nach einer Darstellung von Ansätzen, welche zur Nutzenbestimmung infrage kommen, wird der Nutzen anhand eines Praxisbeispiels aufgezeigt und fließt zusammen mit den Ergebnissen einer Literaturrecherche in eine Konsolidierung von SCEM-Nutzeffekten. Hierbei wird auch beleuchtet, welche zusätzlichen Vorteile sich für Unternehmen durch eine serviceorientierte Architekturgestaltung bieten. In der Schlussbetrachtung werden die wesentlichen Erkenntnisse der Arbeit zusammengefasst und in einem Ausblick sowohl beleuchtet, welche Relevanz die Ergebnisse der Arbeit für die Bewältigung künftiger Herausforderungen innehaben als auch welche Anknüpfungspunkte sich für anschließende Forschungsarbeiten ergeben.

info:eu-repo/classification/ddc/330

ddc:330

info:eu-repo/classification/ddc/000

ddc:000

info:eu-repo/classification/ddc/004

ddc:004

info:eu-repo/classification/ddc/650

ddc:650