A scalable SIEM correlation engine and its application to the Olympic Games IT infrastructure

The security event correlation scalability has become a major concern for security analysts and IT administrators when considering complex IT infrastructures that need to handle gargantuan amounts of events or wide correlation window spans. The current correlation capabilities of Security Information and Event Management (SIEM), based on a single node in centralized servers, have proved to be insufficient to process large event streams. This paper introduces a step forward in the current state of the art to address the aforementioned problems. The proposed model takes into account the two main aspects of this ?eld: distributed correlation and query parallelization. We present a case study of a multiple-step attack on the Olympic Games IT infrastructure to illustrate the applicability of our approach.

Agile it project management professional

La gestión de las tecnologías de la información tiene cada vez más importancia dentro de un mundo totalmente digitalizado y donde la capacidad de respuesta al cambio puede marcar el devenir de una compañía, y resulta cada vez más evidente que los modelos de gestión tradicionales utilizados en la mayoría de las compañías no son capaces de dar respuesta por si solos a estas nuevas necesidades. Aun teniendo identificado este área de mejora, son muchas las empresas reacias a abordar estos cambios, principalmente por el cambio rupturista que significa a nivel interno. De cara a facilitar esta transformación, se propone en este documento un modelo de transición controlada donde las grandes compañías puedan incorporar nuevas alternativas y herramientas ágiles de forma paulatina y asegurando que el proceso de cambio es seguro y efectivo. Mediante una modificación del ciclo de vida de proyecto dentro de la compañía, se incorporan en las áreas, equipos o dominios de la empresa que se identifiquen los nuevos modelos de gestión ágil, permitiendo así una transición gradual y controlada, y pudiendo además analizar los detalles sobre todo en etapas tempranas de la transformación. Una vez seleccionada el área o dominio objeto de la transformación, se realiza un análisis a nivel de Portfolio de proyectos, identificando aquellos que cumplen una serie de condiciones que les permiten ser gestionados utilizando modelos de gestión ágil. Para ello, se plantea una matriz de decisión con las principales variables a tener en cuenta a la hora de tomar una decisión. Una vez seleccionado y consensuado con los interesados el modelo de gestión utilizando la matriz de decisión, se plantean una serie de herramientas y métricas asociadas para que la gestión ágil del proyecto dé una visibilidad completa y detallada del estado en cada momento, asegurando un correcto proceso de gestión de proyectos para proveer visibilidad regular del progreso, riesgos, planes de contingencia y problemas, con las alertas y escalaciones adecuadas. Además de proponerse una serie de herramientas y métricas para la gestión ágil del proyecto, se plantean las modificaciones necesarias sobre las tipologías habituales de contrato y se propone un nuevo modelo de contrato: el Contrato Agile. La principal diferencia entre este nuevo modelo de contrato y los habituales es que, al igual que las metodologías ágiles, es ejecutado en segmentos o iteraciones. En definitiva, el objetivo de este documento es proveer un mecanismo que facilite la inclusión de nuevos modelos ágiles de gestión en grandes organizaciones, llevando a cabo una transición controlada, con herramientas y métricas adaptadas para tener visibilidad completa sobre los proyectos en todo momento.---ABSTRACT---The information technology management is every time more important in a totally digitized world, where the capacity to response the change could mark the future of a company, and results every time more evident that the traditional management models used in the most of the companies are not able to respond by themselves to these new necessities. Even having identified this improvement area, many companies are reluctant to address these changes, mainly due to the disruptive change that it means internally in the companies. In order to facilitate this transformation, this document proposed a controlled transition model to help the big companies to incorporate new alternatives and agile tools gradually and ensuring that the change process is safe and effective. Through a modification the project life cycle inside the company, the new agile management models are incorporated in the selected areas, teams or domains, permitting a gradual and controlled transition, and enabling further analyze the details above all in the early phases of the transformation. Once is selected the area or domain object of the transformation, a portfolio level analysis is performed, identifying those projects that meet a some conditions that allow them to be managed using agile management models. For that, a decision matrix is proposed with the principal variables to have into account at the time of decision making. Once the management model is selected using the decision matrix and it is agreed with the different stakeholders, a group of tools and metrics associated with the agile management projects are proposed to provide a regular visibility of the project progress, risks, contingency plans and problems, with proper alerts and escalations. Besides the group of tools and metrics proposed for agile project management, the necessary modifications over the traditional contract models and a new contract model are proposed: the Agile Contract. The main difference between this new contract model and the traditional ones is that, as the agile methodologies, it is executed in segments or iterations. To sum up, the objective of this document is to provide a mechanism that facilitates the inclusion of new agile management models in big companies, with a controlled transition and proposing adapted tools and metrics to have a full visibility over the project in all the phases of the project life cycle.

Outsourcing and acquisition models comparison related to IT supplier selection decision analysis

This paper presents a comparison of acquisition models related to decision analysis of IT supplier selection. The main standards are: Capability Maturity Model Integration for Acquisition (CMMI-ACQ), ISO / IEC 12207 Information Technology / Software Life Cycle Processes, IEEE 1062 Recommended Practice for Software Acquisition, the IT Infrastructure Library (ITIL) and the Project Management Body of Knowledge (PMBOK) guide. The objective of this paper is to compare the previous models to find the advantages and disadvantages of them for the future development of a decision model for IT supplier selection.

ITIL in Small to Medium-Sized Enterprises: toward a proposal based on an ITIL processes implementation sequence and a pofile scheme strategy for implementing the first process in the sequence

The backdrop of actual problematic about the implementation of Information Technology (IT) services management in Small and Medium Enterprises (SMEs) will be described. It will be exposed the reasons why reaching a maturity/capability level through well-known standards or the implementation of good software engineering practices by means of IT infrastructure Library are really difficult to achieve by SMEs. Also, the solutions to the exposed problems will be explained. Also master thesis goals are presented in terms of: purpose, research questions, research goals, objectives and scope. Finally, thesis structure is described.

A proposal for a modular and application-aware autonomic manager of private cloud infrastructures

Recientemente, el paradigma de la computación en la nube ha recibido mucho interés por parte tanto de la industria como del mundo académico. Las infraestructuras cloud públicas están posibilitando nuevos modelos de negocio y ayudando a reducir costes. Sin embargo, una compañía podría desear ubicar sus datos y servicios en sus propias instalaciones, o tener que atenerse a leyes de protección de datos. Estas circunstancias hacen a las infraestructuras cloud privadas ciertamente deseables, ya sea para complementar a las públicas o para sustituirlas por completo. Por desgracia, las carencias en materia de estándares han impedido que las soluciones para la gestión de infraestructuras privadas se hayan desarrollado adecuadamente. Además, la multitud de opciones disponibles ha creado en los clientes el miedo a depender de una tecnología concreta (technology lock-in). Una de las causas de este problema es la falta de alineación entre la investigación académica y los productos comerciales, ya que aquella está centrada en el estudio de escenarios idealizados sin correspondencia con el mundo real, mientras que éstos consisten en soluciones desarrolladas sin tener en cuenta cómo van a encajar con los estándares más comunes o sin preocuparse de hacer públicos sus resultados. Con objeto de resolver este problema, propongo un sistema de gestión modular para infraestructuras cloud privadas enfocado en tratar con las aplicaciones en lugar de centrarse únicamente en los recursos hardware. Este sistema de gestión sigue el paradigma de la computación autónoma y está diseñado en torno a un modelo de información sencillo, desarrollado para ser compatible con los estándares más comunes. Este modelo divide el entorno en dos vistas, que sirven para separar aquello que debe preocupar a cada actor involucrado del resto de información, pero al mismo tiempo permitiendo relacionar el entorno físico con las máquinas virtuales que se despliegan encima de él. En dicho modelo, las aplicaciones cloud están divididas en tres tipos genéricos (Servicios, Trabajos de Big Data y Reservas de Instancias), para que así el sistema de gestión pueda sacar partido de las características propias de cada tipo. El modelo de información está complementado por un conjunto de acciones de gestión atómicas, reversibles e independientes, que determinan las operaciones que se pueden llevar a cabo sobre el entorno y que es usado para hacer posible la escalabilidad en el entorno. También describo un motor de gestión encargado de, a partir del estado del entorno y usando el ya mencionado conjunto de acciones, la colocación de recursos. Está dividido en dos niveles: la capa de Gestores de Aplicación, encargada de tratar sólo con las aplicaciones; y la capa del Gestor de Infraestructura, responsable de los recursos físicos. Dicho motor de gestión obedece un ciclo de vida con dos fases, para así modelar mejor el comportamiento de una infraestructura real. El problema de la colocación de recursos es atacado durante una de las fases (la de consolidación) por un resolutor de programación entera, y durante la otra (la online) por un heurístico hecho ex-profeso. Varias pruebas han demostrado que este acercamiento combinado es superior a otras estrategias. Para terminar, el sistema de gestión está acoplado a arquitecturas de monitorización y de actuadores. Aquella estando encargada de recolectar información del entorno, y ésta siendo modular en su diseño y capaz de conectarse con varias tecnologías y ofrecer varios modos de acceso. ABSTRACT The cloud computing paradigm has raised in popularity within the industry and the academia. Public cloud infrastructures are enabling new business models and helping to reduce costs. However, the desire to host company’s data and services on premises, and the need to abide to data protection laws, make private cloud infrastructures desirable, either to complement or even fully substitute public oferings. Unfortunately, a lack of standardization has precluded private infrastructure management solutions to be developed to a certain level, and a myriad of diferent options have induced the fear of lock-in in customers. One of the causes of this problem is the misalignment between academic research and industry ofering, with the former focusing in studying idealized scenarios dissimilar from real-world situations, and the latter developing solutions without taking care about how they f t with common standards, or even not disseminating their results. With the aim to solve this problem I propose a modular management system for private cloud infrastructures that is focused on the applications instead of just the hardware resources. This management system follows the autonomic system paradigm, and is designed around a simple information model developed to be compatible with common standards. This model splits the environment in two views that serve to separate the concerns of the stakeholders while at the same time enabling the traceability between the physical environment and the virtual machines deployed onto it. In it, cloud applications are classifed in three broad types (Services, Big Data Jobs and Instance Reservations), in order for the management system to take advantage of each type’s features. The information model is paired with a set of atomic, reversible and independent management actions which determine the operations that can be performed over the environment and is used to realize the cloud environment’s scalability. From the environment’s state and using the aforementioned set of actions, I also describe a management engine tasked with the resource placement. It is divided in two tiers: the Application Managers layer, concerned just with applications; and the Infrastructure Manager layer, responsible of the actual physical resources. This management engine follows a lifecycle with two phases, to better model the behavior of a real infrastructure. The placement problem is tackled during one phase (consolidation) by using an integer programming solver, and during the other (online) with a custom heuristic. Tests have demonstrated that this combined approach is superior to other strategies. Finally, the management system is paired with monitoring and actuators architectures. The former able to collect the necessary information from the environment, and the later modular in design and capable of interfacing with several technologies and ofering several access interfaces.

Inclusión en modelos de riesgo de presas de una metodología de estimación hidrológica basada en técnicas de Monte Carlo

En este estudio se aplica una metodología de obtención de las leyes de frecuencia derivadas (de caudales máximo vertidos y niveles máximos alcanzados) en un entorno de simulaciones de Monte Carlo, para su inclusión en un modelo de análisis de riesgo de presas. Se compara su comportamiento respecto del uso de leyes de frecuencia obtenidas con las técnicas tradicionalmente utilizadas.

A big data platform for large scale event processing

To date, big data applications have focused on the store-and-process paradigm. In this paper we describe an initiative to deal with big data applications for continuous streams of events. In many emerging applications, the volume of data being streamed is so large that the traditional ‘store-then-process’ paradigm is either not suitable or too inefficient. Moreover, soft-real time requirements might severely limit the engineering solutions. Many scenarios fit this description. In network security for cloud data centres, for instance, very high volumes of IP packets and events from sensors at firewalls, network switches and routers and servers need to be analyzed and should detect attacks in minimal time, in order to limit the effect of the malicious activity over the IT infrastructure. Similarly, in the fraud department of a credit card company, payment requests should be processed online and need to be processed as quickly as possible in order to provide meaningful results in real-time. An ideal system would detect fraud during the authorization process that lasts hundreds of milliseconds and deny the payment authorization, minimizing the damage to the user and the credit card company.

Estructuras, Procesos, Indicadores para Gestionar el Proceso de la Demanda Estratégica en las TI

En los últimos años, el desarrollo industrial a nivel globalizado en los diferentes sectores, la difusión de la TI y el uso estratégico de la misma, han crecido de manera exponencial. El uso adecuado de esta, se ha convertido en una gran preocupación para los órganos de gobierno de las organizaciones ya que la falta de dirección y control en las inversiones que se realizan en ellas, así como un uso inadecuado de las mismas pueden comprometer la consecución de los objetivos de la organización, su competitividad y su sostenibilidad a medio-largo plazo. La preocupación de los propietarios de los negocios es mejorar su rendimiento con la ayuda de la TI frente a sus competidores, realizando los procesos de negocio de una manera eficaz y eficiente, por lo que muchas organizaciones han realizado inversiones importantes en la adquisición de tecnología para lograr sus propósitos. Sin embargo la ejecución de estas inversiones no se ha gestionado adecuadamente, conforme a las políticas y planes especificados en los planes de negocio de la organización y la entrega de los servicios de TI no ha sido conforme a los objetivos previstos, generando pérdidas importantes y lo que es peor un gran deterioro de la imagen de la organización, por lo que consideramos a la gestión de la demanda estratégica de la TI como uno de los factores claves para el éxito de los negocios, el cual no ha sido tomada en cuenta por los consejos de gobierno o los altos ejecutivos de las organizaciones. La investigación comienza con una amplia revisión de la literatura, identificando dos elementos muy importantes, la demanda y el suministro de la TI dentro de la gobernanza corporativa de la TI; notándose la escasa información relacionado con la gestión de la demanda estratégica de la TI. Se realizó un estudio exploratorio para conocer como los miembros del consejo de administración y altos ejecutivos de una organización gestionan la demanda estratégica de la TI, obteniendo una respuesta de 130 encuestados, donde se confirma que hace falta normas o metodologías para la gestión de la demanda estratégica de la TI. En base a estos resultados se ha construido un marco de trabajo para todo el proceso de la gestión de la demanda de la TI y como una solución que se plantea en esta tesis doctoral, consiste en la elaboración de una metodología, combinando e integrando marcos de trabajo y estándares relacionados con la gobernanza corporativa de la TI. La metodología propuesta está conformada por tres fases, cada fase con sus actividades principales, y cada actividad principal por un conjunto de sub-actividades. Además, se establecen los roles y responsabilidades de los altos ejecutivos para cada una de las actividades principales. Esta propuesta debe ser de fácil implantación y aplicable en las organizaciones, permitiendo a estas afrontar con éxito el desarrollo de sus negocios, con una mejor calidad, reduciendo los costes de operación y empleando el menor tiempo posible. La validación de la metodología propuesta se realizó a través de una encuesta online y un estudio de casos. En la encuesta de validación participaron 42 altos ejecutivos de diferentes empresas y el estudio de casos se realizó con 5 empresas internacionales. Las respuestas de los estudios fueron analizados, para determinar la aceptación o el rechazo de la metodología propuesta por los participantes, confirmando la validez y confiabilidad del estudio. Este es uno de los primeros estudios reportado con evidencias empíricas para el proceso de la gestión de la demanda estratégica de la TI. Los resultados de esta investigación han sido publicados en revistas y congresos internacionales. ABSTRACT In recent years, the globalized industrial development, diffusion and strategic use of IT in different sectors has grown exponentially. Proper use of IT has become a major concern for government bodies and organizations. Uncontrolled or mismanaged IT investments or improper IT use may compromise the achievement of an organization’s objectives, competitiveness and sustainability in the medium to long term. Business owners set out to use IT to outperform their competitors, enacting business processes effectively and efficiently. Many organizations have made significant investments in technology in order to achieve their aims. However, the deployment of these investments has not been managed properly in accordance with the policies and plans specified in the organizations’ business plans, and IT services have not been delivered in accordance with the specified objectives. This has generated significant losses and, worse still, has seriously damaged the image of organizations. Accordingly, we believe that IT strategic demand management is one of the key factors for business success which has not been overlooked by the boards of trustees or senior executives of organizations. The research begins with an extensive review of the literature. This review has identified two very important elements: IT demand and supply within the corporate governance of IT. We have found that information related to IT strategic demand management is scant. We conducted an exploratory study to learn how members of the board of directors and senior executives of an organization manage IT strategic demand. The survey, which was taken by 130 respondents, confirmed that standards or methodologies are needed to manage IT strategic demand. Based on the results, we have built a framework for the entire IT demand management process. The solution proposed in this thesis is to develop a methodology, combining and integrating frameworks and standards related to the corporate governance of IT. The proposed methodology is divided into three phases. Each phase is composed of a series of key activities, and each key activity is further split into minor activities. We also establish the roles and responsibilities of senior executives for each of the key activities. This proposal should be easy to implement and apply in organizations, enabling corporations to successfully conduct better quality business, reduce operating costs and save time. The proposed methodology was validated by means of an online survey and a case study. The validation survey was completed by 42 senior executives from different companies, and the case study was conducted at five international companies. The study results were analysed to determine the acceptance or rejection of the proposed methodology by the participants, confirming the validity and reliability of the study. This is one the first studies to report empirical evidence for the process of IT strategic demand management. The results of this research have been published in international journals and conferences.

Do Public Private Partnerships Improve Road Safety? The Case of Toll Concessions in Spain

El Transportation Research Board es un congreso de reconocido prestigio internacional en el ámbito de la investigación del transporte. Aunque las actas publicadas están en formato digital y sin ISSN ni ISBN, lo consideramos lo suficientemente importante como para que se considere en los indicadores. This paper focuses on the implementation of safety based incentives in Public Private Partnerships (PPPs). The aim of this paper is twofold. First, to evaluate whether PPPs lead to an improvement in road safety, when compared with other infrastructure management systems. Second, is to analyze whether the incentives to improve road safety in PPP contracts in Spain have been effective at improving safety performance. To this end, negative binomial regression models have been applied using information from the Spanish high-capacity network covering years 2007-2009. The results showed that even though road safety is highly influenced by variables that are not manageable by the private concessionaire such as the average annual daily traffic, the implementation of safety incentives in PPPs has a positive influence in the reduction of accidents.

Regulación y marcos de trabajo para la gestión de sistemas de Tecnologías de la Información

En la actualidad, a través de los sistemas de Tecnologías de la Información (TI) se ofrecen servicios muy diversos que tienen requisitos cada vez más específicos para garantizar su funcionamiento. Con el fin de cumplir dichas garantías, se han estandarizado diferentes normativas, así como marcos de trabajo, también llamadas recomendaciones o manuales de buenas prácticas, que permiten al proveedor de servicios verificar que se cumplen dichos requisitos y ofrecer tanto al cliente final como a la propia organización un servicio de calidad que permita generar valora todas las partes. Con la aplicación de dichas recomendaciones y normativas, las empresas y Administraciones Públicas garantizan que los servicios telemáticos que ofrecen, cumplen estándares de calidad permitiendo así ofrecer al usuario final una plataforma estable y adecuada al servicio prestado. Dichas normas y marcos hacen referencia tanto al servicio TI propiamente dicho como al propio sistema de gestión del servicio TI, de tal forma que, a través de una operación adecuada del sistema que gestiona el servicio, podemos hacer que dicho servicio esté continuamente mejorando. En concreto nos centramos en la norma más empleada, ISO 20000, y en el marco de trabajo o referencia de buenas prácticas, ITIL 2011, con el fin de dar una visión clara de los diferentes procesos, actividades y funciones que ambas definen para generar valor en la empresa a través de los sistemas de TI. Con el fin de ayudar a la comprensión tanto de ITIL como de ISO 20000, se ha desarrollado a modo de ejemplo la implementación tanto de ITIL inicialmente y luego ISO 20000 sobre de un servicio que ya está en funcionamiento definiendo para cada una de las cinco fases del ciclo de vida que, tanto en la norma como en el marco se utilizan, los procesos y funciones necesarias para su implementación, y su posterior revisión. ABSTRACT. Today, we’ve got a lot of different services thanks to Information Technologies (IT) service management: they have increasingly specific requirements to ensure a good operation on the service they support. In order to meet these requirements, it has been released different standardized regulations and frameworks, also called recommendations or good practice guides. They allow the service provider to verify that such requirements are met and offer both to the end customer and to the own organization that manage this system, a quality service that will generate value to both parts. In the end, with the implementation of these recommendations and regulations, companies and public authorities ensure that the telematics services offered meet the quality standards they seek, allowing the end user to offer a stable and appropriate service platform. So these standards and reference frames both implies on the IT service itself and on the IT service management, so that, through proper operation of the parts implied on the process that manages the service, we can offer a better service. In particular we focus on the most widely used standard, ISO 20000, and the reference framework or best practices, ITIL 2011, in order to give a clear overview of the different processes, activities and functions that define both to create value in the company through IT service management. To help the understanding of both ITIL and ISO 20000, it has been developed an example of an ITIL and then ISO 20000 implementation on a service that is already in operation defining for each of the five phases of the life cycle, both in the standard as used in the context, processes and functions necessary for its implementation, and later review.

Dynamic Model-based Management of Service-Oriented Infrastructure.

Models are an effective tool for systems and software design. They allow software architects to abstract from the non-relevant details. Those qualities are also useful for the technical management of networks, systems and software, such as those that compose service oriented architectures. Models can provide a set of well-defined abstractions over the distributed heterogeneous service infrastructure that enable its automated management. We propose to use the managed system as a source of dynamically generated runtime models, and decompose management processes into a composition of model transformations. We have created an autonomic service deployment and configuration architecture that obtains, analyzes, and transforms system models to apply the required actions, while being oblivious to the low-level details. An instrumentation layer automatically builds these models and interprets the planned management actions to the system. We illustrate these concepts with a distributed service update operation.

A multinational SDI-based system to facilitate disaster risk management in the Andean Community

A useful strategy for improving disaster risk management is sharing spatial data across different technical organizations using shared information systems. However, the implementation of this type of system requires a large effort, so it is difficult to find fully implemented and sustainable information systems that facilitate sharing multinational spatial data about disasters, especially in developing countries. In this paper, we describe a pioneer system for sharing spatial information that we developed for the Andean Community. This system, called SIAPAD (Andean Information System for Disaster Prevention and Relief), integrates spatial information from 37 technical organizations in the Andean countries (Bolivia, Colombia, Ecuador, and Peru). SIAPAD was based on the concept of a thematic Spatial Data Infrastructure (SDI) and includes a web application, called GEORiesgo, which helps users to find relevant information with a knowledge-based system. In the paper, we describe the design and implementation of SIAPAD together with general conclusions and future directions which we learned as a result of this work.

Riding out of the storm: How to deal with the complexity of grid and cloud management

Over the last decade, Grid computing paved the way for a new level of large scale distributed systems. This infrastructure made it possible to securely and reliably take advantage of widely separated computational resources that are part of several different organizations. Resources can be incorporated to the Grid, building a theoretical virtual supercomputer. In time, cloud computing emerged as a new type of large scale distributed system, inheriting and expanding the expertise and knowledge that have been obtained so far. Some of the main characteristics of Grids naturally evolved into clouds, others were modified and adapted and others were simply discarded or postponed. Regardless of these technical specifics, both Grids and clouds together can be considered as one of the most important advances in large scale distributed computing of the past ten years; however, this step in distributed computing has came along with a completely new level of complexity. Grid and cloud management mechanisms play a key role, and correct analysis and understanding of the system behavior are needed. Large scale distributed systems must be able to self-manage, incorporating autonomic features capable of controlling and optimizing all resources and services. Traditional distributed computing management mechanisms analyze each resource separately and adjust specific parameters of each one of them. When trying to adapt the same procedures to Grid and cloud computing, the vast complexity of these systems can make this task extremely complicated. But large scale distributed systems complexity could only be a matter of perspective. It could be possible to understand the Grid or cloud behavior as a single entity, instead of a set of resources. This abstraction could provide a different understanding of the system, describing large scale behavior and global events that probably would not be detected analyzing each resource separately. In this work we define a theoretical framework that combines both ideas, multiple resources and single entity, to develop large scale distributed systems management techniques aimed at system performance optimization, increased dependability and Quality of Service (QoS). The resulting synergy could be the key 350 J. Montes et al. to address the most important difficulties of Grid and cloud management.

An Integrated Approach to Strategic Asset Management

This paper focuses on identifying and analysing the elements of Strategic Management for infrastructure and engineering assets. These elements are contended to involve an understanding of governance, corporate policy, corporate objectives, corporate strategy and interagency collaboration and will in turn, allow the ability determine a broader and more comprehensive framework for engineering asset management, ie a ‘staged approach’ to understanding how assets are managed within organisations. While the assets themselves have often been the sole concern for good management practices, other social and contextual elements have come into the mix in order to promote strategic asset management. The development of an integrated approach to asset management is at the base of the research question. What are the considerations and implications for adopting and implementing an integrated strategic asset management (ISAM) framework? While operational matters have been given prominence, a subset of corporate governance, Asset Governance, details the policies and processes needed to acquire, utilise, maintain and account for an organisation’s assets. Asset governance stems from the organisation’s overarching corporate governance principles; as a result it defines the management context in which engineering asset management is implemented. This aspect will be examined to determine the appropriate relationship between organisational strategic management and strategic asset management to further the theoretical engagement with the maturity of strategy,policy and governance for infrastructure and engineered assets. Asset governance stems from the organisation’s overarching corporate governance principles; as a result it defines the management context in which engineering asset management is implemented. The research proceeds by a document analysis of corporate reports and policy recommendations in terms of infrastructure and engineered assets. The paper concludes that incorporating an integrated asset management framework can promote a more robust conceptualisation of public assets and how they combine to provide a comprehensive system of service outcomes.

The impact of sustainable construction and knowledge management on sustainability goals. A review of the venezuelan renewable energy sector

The recognition of the relevance of energy, especially of the renewable energies generated by the sun, water, wind, tides, modern biomass or thermal is growing significantly in the global society based on the possibility it has to improve societies′ quality of life, to support poverty reduction and sustainable development. Renewable energy, and mainly the energy generated by large hydropower generation projects that supply most of the renewable energy consumed by developing countries, requires many technical, legal, financial and social complex processes sustained by innovations and valuable knowledge. Besides these efforts, renewable energy requires a solid infrastructure to generate and distribute the energy resources needed to solve the basic needs of society. This demands a proper construction performance to deliver the energy projects planned according to specifications and respecting environmental and social concerns, which implies the observance of sustainable construction guidelines. But construction projects are complex and demanding and frequently face time and cost overruns that may cause negative impacts on the initial planning and thus on society. The renewable energy issue and the large renewable energy power generation and distribution projects are particularly significant for developing countries and for Latin America in particular, as this region concentrates an important hydropower potential and installed capacity. Using as references the performance of Venezuelan large hydropower generation projects and the Guri dam construction, this research evaluates the tight relationship existing between sustainable construction and knowledge management and their impact to achieve sustainability goals. The knowledge management processes are proposed as a basic strategy to allow learning from successes and failures obtained in previous projects and transform the enhancement opportunites into actions to improve the performance of the renewable energy power generation and distribution projects.