A balanced scorecard approach to enterprise systems performance measurement

A range of influences, both technical and organisational, has encouraged the wide spread adoption of Enterprise Systems (ES). Nevertheless, there is a growing consensus that Enterprise Systems have in many cases failed to provide expected benefits. The increasing role of, and dependency on ES (and IT in general), and the ‘uncertainty’ of these large investments, have created a strong need to monitor and measure ES performance. This paper reports on a research project aimed at deriving an ‘Enterprise Systems benefits measurement instrument’. The research seeks to identify how Enterprise Systems benefits can be usefully measured, with a ‘balance’ between qualitative and quantitative factors.

Process modelling for enterprise systems: Factors critical to success

A range of influences, both technical and organizational, has encouraged the widespread adoption of Enterprise Systems (ES). The integrated and process-oriented nature of Enterprise Systems has led organizations to use process modelling as a means of managing the complexity of these systems, and to aid in achieving business goals. Past research illustrates how process modelling is applied across different Enterprise Systems lifecycle phases. However, no empirical evidence exists to evaluate what factors are essential for a successful process modelling initiative, in general or in an ES context. This research-in-progress paper reports on an empirical investigation of the factors that influence process modelling success. It presents an a-priori process modelling critical-success-factors-model, describes its derivation, and concludes with an outlook to the next stages of the research.

A maintenance-data-model of enterprise resource planning

Two distinct maintenance-data-models are studied: a government Enterprise Resource Planning (ERP) maintenance-data-model, and the Software Engineering Industries (SEI) maintenance-data-model. The objective is to: (i) determine whether the SEI maintenance-data-model is sufficient in the context of ERP (by comparing with an ERP case), (ii) identify whether the ERP maintenance-data-model in this study has adequately captured the essential and common maintenance attributes (by comparing with the SEI), and (iii) proposed a new ERP maintenance-data-model as necessary. Our findings suggest that: (i) there are variations to the SEI model in an ERP-context, and (ii) there are rooms for improvements in our ERP case’s maintenance-data-model. Thus, a new ERP maintenance-data-model capturing the fundamental ERP maintenance attributes is proposed. This model is imperative for: (i) enhancing the reporting and visibility of maintenance activities, (ii) monitoring of the maintenance problems, resolutions and performance, and (iii) helping maintenance manager to better manage maintenance activities and make well-informed maintenance decisions.

Creative industries as a globally contestable policy field

The development of the creative industries “proposition” has caused a great deal of controversy. Even as it has been examined and adopted in several, quite diverse, jurisdictions as a policy language seeking to respond to both creative production and consumption in new economic conditions, it is subject to at times withering critique from within academic media, cultural and communication studies. It is held to promote a simplistic narrative of the merging of culture and economics and represents incoherent policy; the data sources are suspect and underdeveloped; there is a utopianization of “creative” labor; and a benign globalist narrative of the adoption of the idea. This article looks at some of these critiques of creative industries idea and argues against them.

SELinux policy management framework for HIS

Health Information Systems (HIS) make extensive use of Information and Communication Technologies (ICT). The use of ICT aids in improving the quality and efficiency of healthcare services by making healthcare information available at the point of care (Goldstein, Groen, Ponkshe, and Wine, 2007). The increasing availability of healthcare data presents security and privacy issues which have not yet been fully addressed (Liu, Caelli, May, and Croll, 2008a). Healthcare organisations have to comply with the security and privacy requirements stated in laws, regulations and ethical standards, while managing healthcare information. Protecting the security and privacy of healthcare information is a very complex task (Liu, May, Caelli and Croll, 2008b). In order to simplify the complexity of providing security and privacy in HIS, appropriate information security services and mechanisms have to be implemented. Solutions at the application layer have already been implemented in HIS such as those existing in healthcare web services (Weaver et al., 2003). In addition, Discretionary Access Control (DAC) is the most commonly implemented access control model to restrict access to resources at the OS layer (Liu, Caelli, May, Croll and Henricksen, 2007a). Nevertheless, the combination of application security mechanisms and DAC at the OS layer has been stated to be insufficient in satisfying security requirements in computer systems (Loscocco et al., 1998). This thesis investigates the feasibility of implementing Security Enhanced Linux (SELinux) to enforce a Role-Based Access Control (RBAC) policy to help protect resources at the Operating System (OS) layer. SELinux provides Mandatory Access Control (MAC) mechanisms at the OS layer. These mechanisms can contain the damage from compromised applications and restrict access to resources according to the security policy implemented. The main contribution of this research is to provide a modern framework to implement and manage SELinux in HIS. The proposed framework introduces SELinux Profiles to restrict access permissions over the system resources to authorised users. The feasibility of using SELinux profiles in HIS was demonstrated through the creation of a prototype, which was submitted to various attack scenarios. The prototype was also subjected to testing during emergency scenarios, where changes to the security policies had to be made on the spot. Attack scenarios were based on vulnerabilities common at the application layer. SELinux demonstrated that it could effectively contain attacks at the application layer and provide adequate flexibility during emergency situations. However, even with the use of current tools, the development of SELinux policies can be very complex. Further research has to be made in order to simplify the management of SELinux policies and access permissions. In addition, SELinux related technologies, such as the Policy Management Server by Tresys Technologies, need to be researched in order to provide solutions at different layers of protection.