957 resultados para validation process
Resumo:
Coordenação de Aperfeiçoamento de Pessoal de Nível Superior (CAPES)
Resumo:
Information about rainfall erosivity is important during soil and water conservation planning. Thus, the spatial variability of rainfall erosivity of the state Mato Grosso do Sul was analyzed using ordinary kriging interpolation. For this, three pluviograph stations were used to obtain the regression equations between the erosivity index and the rainfall coefficient EI30. The equations obtained were applied to 109 pluviometric stations, resulting in EI30 values. These values were analyzed from geostatistical technique, which can be divided into: descriptive statistics, adjust to semivariogram, cross-validation process and implementation of ordinary kriging to generate the erosivity map. Highest erosivity values were found in central and northeast regions of the State, while the lowest values were observed in the southern region. In addition, high annual precipitation values not necessarily produce higher erosivity values.
Resumo:
[ES] The purpose of this study was to develop and validate the Observational System for the Proxemic Communication of the Fitness Instructor, as well as conduct a pilot application of the same. During the development and validation process of the new observation system it was employed five sequential phases. At the end of this process, it was established the validity and reliability of 5 coding dimensions and 23 categories of instructor proxemics behavior to create the final version of the observational system. This version of the observational system was applied in a pilot study conducted in a sample of 12 fitness instructors from four different group-exercise classes. The results indicated that instructor proxemics behaviour could be feasibly coded with the Observational System for the Proxemic Communication of the Fitness Instructor, having been held a comparative analysis about its intervention in the various activities, albeit with a small sample size.
Resumo:
Nei processi di progettazione e produzione tramite tecnologie di colata di componenti in alluminio ad elevate prestazioni, risulta fondamentale poter prevedere la presenza e la quantità di difetti correlabili a design non corretti e a determinate condizioni di processo. Fra le difettologie più comuni di un getto in alluminio, le porosità con dimensioni di decine o centinaia di m, note come microporosità, hanno un impatto estremamente negativo sulle caratteristiche meccaniche, sia statiche che a fatica. In questo lavoro, dopo un’adeguata analisi bibliografica, sono state progettate e messe a punto attrezzature e procedure sperimentali che permettessero la produzione di materiale a difettologia e microstruttura differenziata, a partire da condizioni di processo note ed accuratamente misurabili, che riproducessero la variabilità delle stesse nell’ambito della reale produzione di componenti fusi. Tutte le attività di progettazione delle sperimentazioni, sono state coadiuvate dall’ausilio di software di simulazione del processo fusorio che hanno a loro volta beneficiato di tarature e validazioni sperimentali ad hoc. L’apparato sperimentale ha dimostrato la propria efficacia nella produzione di materiale a microstruttura e difettologia differenziata, in maniera robusta e ripetibile. Utilizzando i risultati sperimentali ottenuti, si è svolta la validazione di un modello numerico di previsione delle porosità da ritiro e gas, ritenuto ad oggi allo stato dell’arte e già implementato in alcuni codici commerciali di simulazione del processo fusorio. I risultati numerici e sperimentali, una volta comparati, hanno evidenziato una buona accuratezza del modello numerico nella previsione delle difettologie sia in termini di ordini di grandezza che di gradienti della porosità nei getti realizzati.
Resumo:
Over the last decade, translational science has come into the focus of academic medicine, and significant intellectual and financial efforts have been made to initiate a multitude of bench-to-bedside projects. The quest for suitable biomarkers that will significantly change clinical practice has become one of the biggest challenges in translational medicine. Quantitative measurement of proteins is a critical step in biomarker discovery. Assessing a large number of potential protein biomarkers in a statistically significant number of samples and controls still constitutes a major technical hurdle. Multiplexed analysis offers significant advantages regarding time, reagent cost, sample requirements and the amount of data that can be generated. The two contemporary approaches in multiplexed and quantitative biomarker validation, antibody-based immunoassays and MS-based multiple (or selected) reaction monitoring, are based on different assay principles and instrument requirements. Both approaches have their own advantages and disadvantages and therefore have complementary roles in the multi-staged biomarker verification and validation process. In this review, we discuss quantitative immunoassay and multiple reaction monitoring/selected reaction monitoring assay principles and development. We also discuss choosing an appropriate platform, judging the performance of assays, obtaining reliable, quantitative results for translational research and clinical applications in the biomarker field.
Resumo:
The use of hindcast climatic data is quite extended for multiple applications. However, this approach needs the support of a validation process to allow its drawbacks and, therefore, confidence levels to be assessed. In this work, the strategy relies on an hourly wind database resulting from a dynamical downscaling experiment, with a spatial resolution of 10 km, covering the Iberian Peninsula (IP), driven by the ERA40 reanalysis (1959–2001) extended by European Centre for Medium-Range Weather Forecast (ECMWF) analysis (2002–2007) and comprising two main steps. Initially, the skill of the simulation is evaluated comparing the quality-tested observational database (Lorente-Plazas et al., 2014) at local and regional scales. The results show that the model is able to portray the main features of the wind over the IP: annual cycles, wind roses, spatial and temporal variability, as well as the response to different circulation types. In addition, there is a significant added value of the simulation with respect to driving conditions, especially in regions with a complex orography. However, some problems are evident, the major drawback being the systematic overestimation of the wind speed, which is mainly attributed to a missrepresentation of frictional forces. The model skill is also lower along the Mediterranean coast and for the Pyrenees. In a second phase, the high spatio-temporal resolution of the pseudo-real wind database is used to explore the limitations of the observational database. It is shown that missing values do not affect the characterisation of the wind climate over the IP, while the length of the observational period (6 years) is sufficient for most regions, with only a few exceptions. The spatial distribution of the observational sampling schemes should be enhanced to improve the correct assessment of all IP wind regimes, particularly in some mountainous areas.
Resumo:
The present data set was used as a training set for a Habitat Suitability Model. It contains occurrence (presence-only) of living Lophelia pertusa reefs in the Irish continental margin, which were assembled from databases, cruise reports and publications. A total of 4423 records were inspected and quality assessed to ensure that they (1) represented confirmed living L. pertusa reefs (so excluding 2900 records of dead and isolated coral colony records); (2) were derived from sampling equipment that allows for accurate (<200 m) geo-referencing (so excluding 620 records derived mainly from trawling and dredging activities); and (3) were not duplicated. A total of 245 occurrences were retained for the analysis. Coral observations are highly clustered in regions targeted by research expeditions, which might lead to falsely inflated model evaluation measures (Veloz, 2009). Therefore, we coarsened the distribution data by deleting all but one record within grid cells of 0.02° resolution (Davies & Guinotte 2011). The remaining 53 points were subject to a spatial cross-validation process: a random presence point was chosen, grouped with its 12 closest neighbour presence points based on Euclidean distance and withheld from model training. This process was repeated for all records, resulting in 53 replicates of spatially non-overlapping sets of test (n=13) and training (n=40) data. The final 53 occurrence records were used for model training.
Resumo:
Distributed real-time embedded systems are becoming increasingly important to society. More demands will be made on them and greater reliance will be placed on the delivery of their services. A relevant subset of them is high-integrity or hard real-time systems, where failure can cause loss of life, environmental harm, or significant financial loss. Additionally, the evolution of communication networks and paradigms as well as the necessity of demanding processing power and fault tolerance, motivated the interconnection between electronic devices; many of the communications have the possibility of transferring data at a high speed. The concept of distributed systems emerged as systems where different parts are executed on several nodes that interact with each other via a communication network. Java’s popularity, facilities and platform independence have made it an interesting language for the real-time and embedded community. This was the motivation for the development of RTSJ (Real-Time Specification for Java), which is a language extension intended to allow the development of real-time systems. The use of Java in the development of high-integrity systems requires strict development and testing techniques. However, RTJS includes a number of language features that are forbidden in such systems. In the context of the HIJA project, the HRTJ (Hard Real-Time Java) profile was developed to define a robust subset of the language that is amenable to static analysis for high-integrity system certification. Currently, a specification under the Java community process (JSR- 302) is being developed. Its purpose is to define those capabilities needed to create safety critical applications with Java technology called Safety Critical Java (SCJ). However, neither RTSJ nor its profiles provide facilities to develop distributed realtime applications. This is an important issue, as most of the current and future systems will be distributed. The Distributed RTSJ (DRTSJ) Expert Group was created under the Java community process (JSR-50) in order to define appropriate abstractions to overcome this problem. Currently there is no formal specification. The aim of this thesis is to develop a communication middleware that is suitable for the development of distributed hard real-time systems in Java, based on the integration between the RMI (Remote Method Invocation) model and the HRTJ profile. It has been designed and implemented keeping in mind the main requirements such as the predictability and reliability in the timing behavior and the resource usage. iThe design starts with the definition of a computational model which identifies among other things: the communication model, most appropriate underlying network protocols, the analysis model, and a subset of Java for hard real-time systems. In the design, the remote references are the basic means for building distributed applications which are associated with all non-functional parameters and resources needed to implement synchronous or asynchronous remote invocations with real-time attributes. The proposed middleware separates the resource allocation from the execution itself by defining two phases and a specific threading mechanism that guarantees a suitable timing behavior. It also includes mechanisms to monitor the functional and the timing behavior. It provides independence from network protocol defining a network interface and modules. The JRMP protocol was modified to include two phases, non-functional parameters, and message size optimizations. Although serialization is one of the fundamental operations to ensure proper data transmission, current implementations are not suitable for hard real-time systems and there are no alternatives. This thesis proposes a predictable serialization that introduces a new compiler to generate optimized code according to the computational model. The proposed solution has the advantage of allowing us to schedule the communications and to adjust the memory usage at compilation time. In order to validate the design and the implementation a demanding validation process was carried out with emphasis in the functional behavior, the memory usage, the processor usage (the end-to-end response time and the response time in each functional block) and the network usage (real consumption according to the calculated consumption). The results obtained in an industrial application developed by Thales Avionics (a Flight Management System) and in exhaustive tests show that the design and the prototype are reliable for industrial applications with strict timing requirements. Los sistemas empotrados y distribuidos de tiempo real son cada vez más importantes para la sociedad. Su demanda aumenta y cada vez más dependemos de los servicios que proporcionan. Los sistemas de alta integridad constituyen un subconjunto de gran importancia. Se caracterizan por que un fallo en su funcionamiento puede causar pérdida de vidas humanas, daños en el medio ambiente o cuantiosas pérdidas económicas. La necesidad de satisfacer requisitos temporales estrictos, hace más complejo su desarrollo. Mientras que los sistemas empotrados se sigan expandiendo en nuestra sociedad, es necesario garantizar un coste de desarrollo ajustado mediante el uso técnicas adecuadas en su diseño, mantenimiento y certificación. En concreto, se requiere una tecnología flexible e independiente del hardware. La evolución de las redes y paradigmas de comunicación, así como la necesidad de mayor potencia de cómputo y de tolerancia a fallos, ha motivado la interconexión de dispositivos electrónicos. Los mecanismos de comunicación permiten la transferencia de datos con alta velocidad de transmisión. En este contexto, el concepto de sistema distribuido ha emergido como sistemas donde sus componentes se ejecutan en varios nodos en paralelo y que interactúan entre ellos mediante redes de comunicaciones. Un concepto interesante son los sistemas de tiempo real neutrales respecto a la plataforma de ejecución. Se caracterizan por la falta de conocimiento de esta plataforma durante su diseño. Esta propiedad es relevante, por que conviene que se ejecuten en la mayor variedad de arquitecturas, tienen una vida media mayor de diez anos y el lugar ˜ donde se ejecutan puede variar. El lenguaje de programación Java es una buena base para el desarrollo de este tipo de sistemas. Por este motivo se ha creado RTSJ (Real-Time Specification for Java), que es una extensión del lenguaje para permitir el desarrollo de sistemas de tiempo real. Sin embargo, RTSJ no proporciona facilidades para el desarrollo de aplicaciones distribuidas de tiempo real. Es una limitación importante dado que la mayoría de los actuales y futuros sistemas serán distribuidos. El grupo DRTSJ (DistributedRTSJ) fue creado bajo el proceso de la comunidad de Java (JSR-50) con el fin de definir las abstracciones que aborden dicha limitación, pero en la actualidad aun no existe una especificacion formal. El objetivo de esta tesis es desarrollar un middleware de comunicaciones para el desarrollo de sistemas distribuidos de tiempo real en Java, basado en la integración entre el modelo de RMI (Remote Method Invocation) y el perfil HRTJ. Ha sido diseñado e implementado teniendo en cuenta los requisitos principales, como la predecibilidad y la confiabilidad del comportamiento temporal y el uso de recursos. El diseño parte de la definición de un modelo computacional el cual identifica entre otras cosas: el modelo de comunicaciones, los protocolos de red subyacentes más adecuados, el modelo de análisis, y un subconjunto de Java para sistemas de tiempo real crítico. En el diseño, las referencias remotas son el medio básico para construcción de aplicaciones distribuidas las cuales son asociadas a todos los parámetros no funcionales y los recursos necesarios para la ejecución de invocaciones remotas síncronas o asíncronas con atributos de tiempo real. El middleware propuesto separa la asignación de recursos de la propia ejecución definiendo dos fases y un mecanismo de hebras especifico que garantiza un comportamiento temporal adecuado. Además se ha incluido mecanismos para supervisar el comportamiento funcional y temporal. Se ha buscado independencia del protocolo de red definiendo una interfaz de red y módulos específicos. También se ha modificado el protocolo JRMP para incluir diferentes fases, parámetros no funcionales y optimizaciones de los tamaños de los mensajes. Aunque la serialización es una de las operaciones fundamentales para asegurar la adecuada transmisión de datos, las actuales implementaciones no son adecuadas para sistemas críticos y no hay alternativas. Este trabajo propone una serialización predecible que ha implicado el desarrollo de un nuevo compilador para la generación de código optimizado acorde al modelo computacional. La solución propuesta tiene la ventaja que en tiempo de compilación nos permite planificar las comunicaciones y ajustar el uso de memoria. Con el objetivo de validar el diseño e implementación se ha llevado a cabo un exigente proceso de validación con énfasis en: el comportamiento funcional, el uso de memoria, el uso del procesador (tiempo de respuesta de extremo a extremo y en cada uno de los bloques funcionales) y el uso de la red (consumo real conforme al estimado). Los buenos resultados obtenidos en una aplicación industrial desarrollada por Thales Avionics (un sistema de gestión de vuelo) y en las pruebas exhaustivas han demostrado que el diseño y el prototipo son fiables para aplicaciones industriales con estrictos requisitos temporales.
Resumo:
This paper describes the CyberAula 2.0 project which presents an integrated solution for videoconferencing and lecture recording as a mechanism to support subjects which need to be promoted or discontinued within the framework of the European convergence process. Our solution is made up of a web portal, a videoconferencing tool and an economical and easily transportable hardware kit. Recording sessions can be exported to SCORM and LOM compliant files which can be imported by an LMS. The validation process is currently being carried out in five scenarios at our university that use Moodle as a way to deliver content to students.
Resumo:
The aim of this paper is to clarify the role played by the most commonly used viscous terms in simulating viscous laminar flows using the weakly compressible approach in the context of smooth particle hydrodynamics (WCSPH). To achieve this, Takeda et al. (Prog. Theor. Phys. 1994; 92(5):939–960), Morris et al. (J. Comput. Phys. 1997; 136:214–226) and Monaghan–Cleary–Gingold's (Appl. Math. Model. 1998; 22(12):981–993; Monthly Notices of the Royal Astronomical Society 2005; 365:199–213) viscous terms will be analysed, discussing their origins, structures and conservation properties. Their performance will be monitored with canonical flows of which related viscosity phenomena are well understood, and in which boundary effects are not relevant. Following the validation process of three previously published examples, two vortex flows of engineering importance have been studied. First, an isolated Lamb–Oseen vortex evolution where viscous effects are dominant and second, a pair of co-rotating vortices in which viscous effects are combined with transport phenomena. The corresponding SPH solutions have been compared to finite-element numerical solutions. The SPH viscosity model's behaviour in modelling the viscosity related effects for these canonical flows is adequate
Resumo:
Accurate detection of liver lesions is of great importance in hepatic surgery planning. Recent studies have shown that the detection rate of liver lesions is significantly higher in gadoxetic acid-enhanced magnetic resonance imaging (Gd–EOB–DTPA-enhanced MRI) than in contrast-enhanced portal-phase computed tomography (CT); however, the latter remains essential because of its high specificity, good performance in estimating liver volumes and better vessel visibility. To characterize liver lesions using both the above image modalities, we propose a multimodal nonrigid registration framework using organ-focused mutual information (OF-MI). This proposal tries to improve mutual information (MI) based registration by adding spatial information, benefiting from the availability of expert liver segmentation in clinical protocols. The incorporation of an additional information channel containing liver segmentation information was studied. A dataset of real clinical images and simulated images was used in the validation process. A Gd–EOB–DTPA-enhanced MRI simulation framework is presented. To evaluate results, warping index errors were calculated for the simulated data, and landmark-based and surface-based errors were calculated for the real data. An improvement of the registration accuracy for OF-MI as compared with MI was found for both simulated and real datasets. Statistical significance of the difference was tested and confirmed in the simulated dataset (p < 0.01).
Resumo:
An accepted fact in software engineering is that software must undergo verification and validation process during development to ascertain and improve its quality level. But there are too many techniques than a single developer could master, yet, it is impossible to be certain that software is free of defects. So, it is crucial for developers to be able to choose from available evaluation techniques, the one most suitable and likely to yield optimum quality results for different products. Though, some knowledge is available on the strengths and weaknesses of the available software quality assurance techniques but not much is known yet on the relationship between different techniques and contextual behavior of the techniques. Objective: This research investigates the effectiveness of two testing techniques ? equivalence class partitioning and decision coverage and one review technique ? code review by abstraction, in terms of their fault detection capability. This will be used to strengthen the practical knowledge available on these techniques.
Resumo:
La creación de esta aplicación web empresarial surge con la necesidad de optimizar el tiempo en el proceso de creación de una campaña publicitaria de email marketing. El objetivo principal de este trabajo es automatizar el proceso de validación de los campos de un formulario web. Un formulario web [6] es un documento digital en el que los usuarios introducen sus datos personales como nombre, apellido, dirección, documento de identidad, entre otros. Estos datos posteriormente serán procesados y almacenados en un base de datos para luego ser enviados al anunciante. El proceso de validación se refiere a la programación del formulario web en la parte del cliente usando tecnologías web como JavaScript y HTML5, para controlar que los datos introducidos por el usuario en el formulario, sean correctos. Cada campo de un formulario web tiene una validación específica que depende de varios factores, como son el país de lanzamiento de la campaña y el campo a validar. De esta forma dependiendo del tipo de validación se genera un fichero JavaScript con todas las validaciones de dicho formulario. Una de las finalidades de este trabajo es que cualquier usuario de la empresa pueda programar un formulario web, sin tener conocimientos previos de programación, ya que la programación se realiza de forma transparente al usuario. Este es un resumen básico de la aplicación web, sin embargo se debe tener en cuenta una serie de requisitos y parámetros para hacerlo más eficiente y personalizable dependiendo de las necesidades del producto final de cada campaña publicitaria. Todos estos aspectos se explicaran en detalle en los siguientes apartados. Este trabajo se realizó en el corporativo Media Response Group, para la empresa Canalmail S.L, situada en Alcobendas, supervisado por los tutores profesionales Daniel Paz y Jorge Lázaro Molina y por el tutor académico Rafael Fernández Gallego de la Universidad Politécnica de Madrid.---ABSTRACT---The creation of this enterprise Web application arises from the need to optimize the time in the process of creating an online advertising campaign. The main objective of this work is to automate the process of validating fields in a web form. A web form [6] is a digital document that users enter data such as name, surname, address, ID number among others. These data will subsequently be processed and stored in a database and then be sent to the client. These data will subsequently be processed and stored in a database and then be sent to the advertiser. This validation process refers to programming the online form on the client‟s side using web technologies such as JavaScript, HTML5 to control that the data entered by the user in this form are correct. Each field in a web form has a specific validation that depends on several factors; like being a nationwide launch of the campaign and validating data, thus depending on the type of validation a JavaScript file is generated with all validation web form. This file is integrated into the web form by calling the service. One purpose of this work is that any business user can program a web form, without prior knowledge of web programming, since programming is transparent to the user. This is a basic summary of the web application; however we must consider a number of requirements and parameters to make it more efficient and customizable depending on the needs of the end product of each advertising campaign. All these aspects are explained in detail in the following sections. This work was performed in the corporate Media Response Group, for the company Canalmail S.L, located in Alcobendas, supervised by professional tutors Daniel Paz and Jorge Lázaro Molina and PhD Assistant Lecturer at Universidad Politécnica de Madrid. Rafael Fernández Gallego.
Resumo:
Background: Early and effective identification of developmental disorders during childhood remains a critical task for the international community. The second highest prevalence of common developmental disorders in children are language delays, which are frequently the first symptoms of a possible disorder. Objective: This paper evaluates a Web-based Clinical Decision Support System (CDSS) whose aim is to enhance the screening of language disorders at a nursery school. The common lack of early diagnosis of language disorders led us to deploy an easy-to-use CDSS in order to evaluate its accuracy in early detection of language pathologies. This CDSS can be used by pediatricians to support the screening of language disorders in primary care. Methods: This paper details the evaluation results of the ?Gades? CDSS at a nursery school with 146 children, 12 educators, and 1 language therapist. The methodology embraces two consecutive phases. The first stage involves the observation of each child?s language abilities, carried out by the educators, to facilitate the evaluation of language acquisition level performed by a language therapist. Next, the same language therapist evaluates the reliability of the observed results. Results: The Gades CDSS was integrated to provide the language therapist with the required clinical information. The validation process showed a global 83.6% (122/146) success rate in language evaluation and a 7% (7/94) rate of non-accepted system decisions within the range of children from 0 to 3 years old. The system helped language therapists to identify new children with potential disorders who required further evaluation. This process will revalidate the CDSS output and allow the enhancement of early detection of language disorders in children. The system does need minor refinement, since the therapists disagreed with some questions from the CDSS knowledge base (KB) and suggested adding a few questions about speech production and pragmatic abilities. The refinement of the KB will address these issues and include the requested improvements, with the support of the experts who took part in the original KB development. Conclusions: This research demonstrated the benefit of a Web-based CDSS to monitor children?s neurodevelopment via the early detection of language delays at a nursery school. Current next steps focus on the design of a model that includes pseudo auto-learning capacity, supervised by experts.
Resumo:
En la actualidad no se concibe una empresa, por pequeña que esta sea, sin algún tipo de servicio TI. Se presenta para cada empresa el reto de emprender proyectos para desarrollar o contratar servicios de TI que soporten los diferentes procesos de negocio de la empresa. Por otro lado, a menos que los servicios de TI estén aislados de toda red, lo cual es prácticamente imposible en la actualidad, no existe un servicio o un proyecto que lo desarrolle garantizando el 100% de seguridad. Así la empresa maneja una dualidad entre desarrollar productos/servicios de TI seguros y el mantenimiento constante de sus servicios TI en estado seguro. La gestión de los proyectos para el desarrollo de los servicios de TI se aborda, en la mayoría de las empresas, aplicando distintas prácticas, utilizadas en otros proyectos y recomendadas, a tal efecto, por marcos y estándares con mayor reconocimiento. Por lo general, estos marcos incluyen, entre sus procesos, la gestión de los riesgos orientada al cumplimiento de plazos, de costes y, a veces, de la funcionalidad del producto o servicio. Sin embargo, en estas prácticas se obvian los aspectos de seguridad (confidencialidad, integridad y disponibilidad) del producto/servicio, necesarios durante el desarrollo del proyecto. Además, una vez entregado el servicio, a nivel operativo, cuando surge algún fallo relativo a estos aspectos de seguridad, se aplican soluciones ad-hoc. Esto provoca grandes pérdidas y, en ocasiones, pone en peligro la continuidad de la propia empresa. Este problema, se va acrecentando cada día más, en cualquier tipo de empresa y, son las PYMEs, por su la falta de conocimiento del problema en sí y la escasez de recursos metodológicos y técnicos, las empresas más vulnerables. Por todo lo anterior, esta tesis doctoral tiene un doble objetivo. En primer lugar, demostrar la necesidad de contar con un marco de trabajo que, integrado con otros posibles marcos y estándares, sea sencillo de aplicar en distintos tipos y envergaduras de proyectos, y que guíe a las PYMEs en la gestión de proyectos para el desarrollo seguro y posterior mantenimiento de la seguridad de sus servicios de TI. En segundo lugar, cubrir esta necesidad desarrollando un marco de trabajo que ofrezca un modelo de proceso genérico aplicable sobre distintos patrones de proyecto y una librería de activos de seguridad que sirva a las PYMEs de guía durante el proceso de gestión del proyecto para el desarrollo seguro. El modelo de proceso del marco propuesto describe actividades en los tres niveles organizativos de la empresa (estratégico, táctico y operativo). Está basado en el ciclo de mejora continua (PDCA) y en la filosofía Seguridad por Diseño, propuesta por Siemens. Se detallan las prácticas específicas de cada actividad, las entradas, salidas, acciones, roles, KPIs y técnicas aplicables para cada actividad. Estas prácticas específicas pueden aplicarse o no, a criterio del jefe de proyecto y de acuerdo al estado de la empresa y proyecto que se quiera desarrollar, estableciendo así distintos patrones de proceso. Para la validación del marco se han elegido dos PYMEs. La primera del sector servicios y la segunda del sector TIC. El modelo de proceso ha sido aplicado sobre un mismo patrón de proyecto que responde a necesidades comunes a ambas empresas. El patrón de proceso ha sido valorado en los proyectos elegidos en ambas empresas, antes y después de su aplicación. Los resultados del estudio, después de su aplicación en ambas empresas, han permitido la validación del patrón de proceso, en la mejora de la gestión de proyecto para el desarrollo seguro de TI en las PYMEs. ABSTRACT Today a company without any IT service is not conceived, even if it is small either. It presents the challenge for each company to undertake projects to develop or contract IT services that support the different business processes of the company. On the other hand, unless IT services are isolated from whole network, which is virtually impossible at present, there is no service or project, which develops guaranteeing 100% security. So the company handles a duality, develop products / insurance IT services and constant maintenance of their IT services in a safe state. The project management for the development of IT services is addressed, in most companies, using different practices used in other projects and recommended for this purpose by frameworks and standards with greater recognition. Generally, these frameworks include, among its processes, risk management aimed at meeting deadlines, costs and, sometimes, the functionality of the product or service. However, safety issues such as confidentiality, integrity and availability of the product / service, necessary for the project, they are ignored in these practices. Moreover, once the service delivered at the operational level, when a fault on these safety issues arise, ad-hoc solutions are applied. This causes great losses and sometimes threatens the continuity of the company. This problem is adding more every day, in any kind of business and SMEs are, by their lack of knowledge of the problem itself and the lack of methodological and technical resources, the most vulnerable companies. For all these reasons, this thesis has two objectives. Firstly demonstrate the need for a framework that integrated with other possible frameworks and standards, it is simple to apply in different types and wingspans of projects, and to guide SMEs in the management of development projects safely, and subsequent maintenance of the security of their IT services. Secondly meet this need by developing a framework that provides a generic process model applicable to project different patterns and a library of security assets, which serve to guide SMEs in the process of project management for development safe. The process model describes the proposed activities under the three organizational levels of the company (strategic, tactical and operational). It is based on the continuous improvement cycle (PDCA) and Security Design philosophy proposed by Siemens. The specific practices, inputs, outputs, actions, roles, KPIs and techniques applicable to each activity are detailed. These specific practices can be applied or not, at the discretion of the project manager and according to the state of the company and project that the company wants to develop, establishing different patterns of process. Two SMEs have been chosen to validate the frame work. The first of the services sector and the second in the ICT sector. The process model has been applied on the same pattern project that responds to needs common to both companies. The process pattern has been valued at the selected projects in both companies before and after application. The results of the study, after application in both companies have enabled pattern validation process, improving project management for the safe development of IT in SMEs.
