Strategic Enterprise Architecture Management - Challenges, Best Practices, and Future Developments

The discipline of Enterprise Architecture Management (EAM) deals with the alignment of business and information systems architectures. While EAM has long been regarded as a discipline for IT managers this book takes a different stance: It explains how top executives can use EAM for leveraging their strategic planning and controlling processes and how EAM can contribute to sustainable competitive advantage. Based on the analysis of best practices from eight leading European companies from various industries the book presents crucial elements of successful EAM. It outlines what executives need to do in terms of governance, processes, methodologies and culture in order to bring their management to the next level. Beyond this, the book points how EAM might develop in the next decade allowing today's managers to prepare for the future of architecture management.

The policy-making structure of European regulatory networks and the domestic adoption of standards

European regulatory networks (ERNs) constitute the main governance instrument for the informal co-ordination of public regulation at the European Union (EU) level. They are in charge of co-ordinating national regulators and ensuring the implementation of harmonized regulatory policies across the EU, while also offering sector-specific expertise to the Commission. To this aim, ERNs develop 'best practices' and benchmarking procedures in the form of standards, norms and guidelines to be adopted in member states. In this paper, we focus on the Committee of European Securities Regulators and examine the consequences of the policy-making structure of ERNs on the domestic adoption of standards. We find that the regulators of countries with larger financial industries tend to occupy more central positions in the network, especially among newer member states. In turn, network centrality is associated with a more prompt domestic adoption of standards.

Less frequent dosing of erythropoiesis stimulating agents in patients undergoing dialysis: a European multicentre cost study.

OBJECTIVE: To calculate the variable costs involved with the process of delivering erythropoiesis stimulating agents (ESA) in European dialysis practices. METHODS: A conceptual model was developed to classify the processes and sub-processes followed in the pharmacy (ordering from supplier, receiving/storing/delivering ESA to the dialysis unit), dialysis unit (dose determination, ordering, receipt, registration, storage, administration, registration) and waste disposal unit. Time and material costs were recorded. Labour costs were derived from actual local wages while material costs came from the facilities' accounting records. Activities associated with ESA administration were listed and each activity evaluated to determine if dosing frequency affected the amount of resources required. RESULTS: A total of 21 centres in 8 European countries supplied data for 142 patients (mean) per hospital (range 42-648). Patients received various ESA regimens (thrice-weekly, twice-weekly, once-weekly, once every 2 weeks and once-monthly). Administering ESA every 2 weeks, the mean costs per patient per year for each process and the estimates of the percentage reduction in costs obtainable, respectively, were: pharmacy labour (10.1 euro, 39%); dialysis unit labour (66.0 euro, 65%); dialysis unit materials (4.11 euro, 61%) and waste unit materials (0.43 euro, 49%). LIMITATION: Impact on financial costs was not measured. CONCLUSION: ESA administration has quantifiable labour and material costs which are affected by dosing frequency.

Current multiple myeloma treatment strategies with novel agents: a European perspective.

The treatment of multiple myeloma (MM) has undergone significant developments in recent years. The availability of the novel agents thalidomide, bortezomib, and lenalidomide has expanded treatment options and has improved the outcome of patients with MM. Following the introduction of these agents in the relapsed/refractory setting, they are also undergoing investigation in the initial treatment of MM. A number of phase III trials have demonstrated the efficacy of novel agent combinations in the transplant and nontransplant settings, and based on these results standard induction regimens are being challenged and replaced. In the transplant setting, a number of newer induction regimens are now available that have been shown to be superior to the vincristine, doxorubicin, and dexamethasone regimen. Similarly, in the front-line treatment of patients not eligible for transplantation, regimens incorporating novel agents have been found to be superior to the traditional melphalan plus prednisone regimen. Importantly, some of the novel agents appear to be active in patients with high-risk disease, such as adverse cytogenetic features, and certain comorbidities, such as renal impairment. This review presents an overview of the most recent data with these novel agents and summarizes European treatment practices incorporating the novel agents.

Network governance and the domestic adoption of soft rules

European regulatory networks (ERNs) are in charge of producing and disseminating non-bindings standards, guidelines and recommendations in a number of important domains, such as banking and finance, electricity and gas, telecommunications, and competition regulation. The goal of these soft rules is to promote 'best practices', achieve co-ordination among regulatory authorities and ensure the consistent application of harmonized pro-competition rules across Europe. This contribution examines the domestic adoption of the soft rules developed within the four main ERNs. Different factors are expected to influence the process of domestic adoption: the resources of regulators; the existence of a review panel; and the interdependence of the issues at stake. The empirical analysis supports hypotheses about the relevance of network-level factors: monitoring and public reporting procedures increase the final level of adoption, while soft rules concerning highly interdependent policy areas are adopted earlier.

Impact of a telenursing service on satisfaction and health outcomes of children with inflammatory rheumatic diseases and their families: a crossover randomized trial study protocol.

BACKGROUND: Pediatric rheumatic diseases have a significant impact on children's quality of life and family functioning. Disease control and management of the symptoms are important to minimize disability and pain. Specialist clinical nurses play a key role in supporting medical teams, recognizing poor disease control and the need for treatment changes, providing a resource to patients on treatment options and access to additional support and advice, and identifying best practices to achieve optimal outcomes for patients and their families. This highlights the importance of investigating follow-up telenursing (TN) consultations with experienced, specialist clinical nurses in rheumatology to provide this support to children and their families. METHODS/DESIGN: This randomized crossover, experimental longitudinal study will compare the effects of standard care against a novel telenursing consultation on children's and family outcomes. It will examine children below 16 years old, recently diagnosed with inflammatory rheumatic diseases, who attend the pediatric rheumatology outpatient clinic of a tertiary referral hospital in western Switzerland, and one of their parents. The telenursing consultation, at least once a month, by a qualified, experienced, specialist nurse in pediatric rheumatology will consist of providing affective support, health information, and aid to decision-making. Cox's Interaction Model of Client Health Behavior serves as the theoretical framework for this study. The primary outcome measure is satisfaction and this will be assessed using mixed methods (quantitative and qualitative data). Secondary outcome measures include disease activity, quality of life, adherence to treatment, use of the telenursing service, and cost. We plan to enroll 56 children. DISCUSSION: The telenursing consultation is designed to support parents and children/adolescents during the course of the disease with regular follow-up. This project is novel because it is based on a theoretical standardized intervention, yet it allows for individualized care. We expect this trial to confirm the importance of support by a clinical specialist nurse in improving outcomes for children and adolescents with inflammatory rheumatisms. TRIAL REGISTRATION: ClinicalTrial.gov identifier: NCT01511341 (December 1st, 2012).

La planification de sortie des personnes âgées hospitalisées dans un service de médecine

Contexte: la planification infirmière de sortie des personnes âgées est une composante importante des soins pour assurer une transition optimale entre l'hôpital et la maison. Beaucoup d'événements indésirables peuvent survenir après la sortie de l'hôpital. Dans une perspective de système de santé, les facteurs qui augmentent ce risque incluent un nombre croissant de patients âgés, l'augmentation de la complexité des soins nécessitant une meilleure coordination des soins après la sortie, ainsi qu'une augmentation de la pression financière. Objectif: évaluer si les interventions infirmières liées à la planification de sortie chez les personnes âgées et leurs proches aidants sont prédictives de leur perception d'être prêts pour le départ, du niveau d'anxiété du patient le jour de la sortie de l'hôpital et du nombre de recours non programmé aux services de santé durant les trente jours après la sortie. Méthode: le devis est prédictif corrélationnel avec un échantillon de convenance de 235 patients. Les patients âgés de 65 ans de quatre unités d'hôpitaux dans le canton de Vaud en Suisse ont été recrutés entre novembre 2011 et octobre 2012. Les types et les niveaux d'interventions infirmières ont été extraits des dossiers de soins et analysés selon les composantes du modèle de Naylor. La perception d'être prêt pour la sortie et l'anxiété ont été mesurées un jour avant la sortie en utilisant l'échelle de perception d'être prêt pour la sortie et l'échelle Hospital Anxiety and Depression. Un mois après la sortie, un entretien téléphonique a été mené pour évaluer le recours non programmé aux services de santé durant cette période. Des analyses descriptives et un modèle randomisé à deux niveaux ont été utilisés pour analyser les données. Résultats: peu de patients ont reçu une planification globale de sortie. L'intervention la plus fréquente était la coordination (M = 55,0/100). et la moins fréquente était la participation du patient à la planification de sortie (M = 16,1/100). Contrairement aux hypothèses formulées, les patients ayant bénéficié d'un plus grand nombre d'interventions infirmières de préparation à la sortie ont un niveau moins élevé de perception d'être prêt pour le départ (B = -0,3, p < 0,05, IC 95% [-0,57, -0,11]); le niveau d'anxiété n'est pas associé à la planification de sortie (r = -0,21, p <0,01) et la présence de troubles cognitifs est le seul facteur prédictif d'une réhospitalisation dans les 30 jours après la sortie de l'hôpital ( OR = 1,50, p = 0,04, IC 95% [1,02, 2,22]). Discussion: en se focalisant sur chaque intervention de la planification de sortie, cette étude permet une meilleure compréhension du processus de soins infirmiers actuellement en cours dans les hôpitaux vaudois. Elle met en lumière les lacunes entre les pratiques actuelles et celles de pratiques exemplaires donnant ainsi une orientation pour des changements dans la pratique clinique et des recherches ultérieures. - Background: Nursing discharge planning in elderly patients is an important component of care to ensure optimal transition from hospital to home. Many adverse events may occur after hospital discharge. From a health care system perspective, contributing factors that increase the risk of these adverse events include a growing number of elderly patients, increased complexity of care requiring better care coordination after discharge, as well as increased financial pressure. Aim: To investigate whether older medical inpatients who receive comprehensive discharge planning interventions a) feel more ready for hospital discharge, b) have reduced anxiety at the time of discharge, c) have lower health care utilization after discharge compared to those who receive less comprehensive interventions. Methods: Using a predictive correlational design, a convenience sample of 235 patients was recruited. Patients aged 65 and older from 4 units of hospitals in the canton of Vaud in Switzerland were enrolled between November 2011 and October 2012. Types and level of interventions were extracted from the medical charts and analyzed according to the components of Naylor's model. Discharge readiness and anxiety were measured one day before discharge using the Readiness for Hospital Discharge Scale and the Hospital Anxiety and Depression scale. A telephone interview was conducted one month after hospital discharge to asses unplanned health services utilization during this follow-up period. Descriptive analyses and a two- level random model were used for statistical analyses. Results: Few patients received comprehensive discharge planning interventions. The most frequent intervention was Coordination (M = 55,0/100) and the least common was Patient participation in the discharge planning (M = 16,1/100). Contrary to our hypotheses, patients who received more nursing discharge interventions were significantly less ready to go home (B = -0,3, p < 0,05, IC 95% [-0,57, -0,11]); their anxiety level was not associated with their readiness for hospital discharge (r = -0,21, p <0,01) and cognitive impairment was the only factor that predicted rehospitalization within 30 days after discharge ( OR = 1,50, p = 0,04, IC 95% [1,02, 2,22]). Discussion: By focusing on each component of the discharge planning, this study provides a greater and more detailed insight on the usual nursing process currently performed in medical inpatients units. Results identified several gaps between current and Best practices, providing guidance to changes in clinical practice and further research.

Polyanalgesic Consensus Conference-2012: Recommendations to Reduce Morbidity and Mortality in Intrathecal Drug Delivery in the Treatment of Chronic Pain.

Introduction:  Targeted intrathecal drug infusion to treat moderate to severe chronic pain has become a standard part of treatment algorithms when more conservative options fail. This therapy is well established in the literature, has shown efficacy, and is an important tool for the treatment of both cancer and noncancer pain; however, it has become clear in recent years that intrathecal drug delivery is associated with risks for serious morbidity and mortality. Methods:  The Polyanalgesic Consensus Conference is a meeting of experienced implanting physicians who strive to improve care in those receiving implantable devices. Employing data generated through an extensive literature search combined with clinical experience, this work group formulated recommendations regarding awareness, education, and mitigation of the morbidity and mortality associated with intrathecal therapy to establish best practices for targeted intrathecal drug delivery systems. Results:  Best practices for improved patient care and outcomes with targeted intrathecal infusion are recommended to minimize the risk of morbidity and mortality. Areas of focus include respiratory depression, infection, granuloma, device-related complications, endocrinopathies, and human error. Specific guidance is given with each of these issues and the general use of the therapy. Conclusions:  Targeted intrathecal drug delivery systems are associated with risks for morbidity and mortality that can be devastating. The panel has given guidance to treating physicians and healthcare providers to reduce the incidence of these problems and to improve outcomes when problems occur.

Use of nanoparticles in Swiss industry: a targeted survey

A large number of applications using manufactured nanoparticles of less than 100 nm are currently being introduced into industrial processes. There is an urgent need to evaluate the risks of these novel particles to ensure their safe production, handling, use, and disposal. However, today we lack even rudimentary knowledge about type and quantity of industrially used manufactured nanoparticles and the level of exposure in Swiss industry. The goal of this study was to evaluate the use of nanoparticles, the currently implemented safety measures, and the number of potentially exposed workers in all types of industry. To evaluate this, a targeted telephone survey was conducted among health and safety representatives from 197 Swiss companies. The survey showed that nanoparticles are already used in many industrial sectors; not only in companies in the new field of nanotechnology, but also in more traditional sectors, such as paints. Forty-three companies declared to use or produce nanoparticles, and 11 imported and traded with prepackaged goods that contain nanoparticles. The following nanoparticles were found to be used in considerable quantities (> 1000 kg/year per company): Ag, Al-Ox, Fe-Ox, SiO2, TiO2, and ZnO. The median reported quantity of handled nanoparticles was 100 kg/year. The production of cosmetics, food, paints, powders, and the treatment of surfaces used the largest quantities of these nanoparticles. Generally, the safety measures were found to be higher in powder-based than in liquid-based applications. However, the respondents had many open questions about best practices, which points to the need for rapid development of guidelines and protection strategies

The InterActive Choice Aid: A new approach to supporting online consumer decision making

Interactive Choice Aid (ICA) is a decision aid, introduced in this paper, that systematically assists consumers with online purchase decisions. ICA integrates aspects from prescriptive decision theory, insights from descriptive decision research, and practical considerations; thereby combining pre-existing best practices with novel features. Instead of imposing an objectively ideal but unnatural decision procedure on the user, ICA assists the natural process of human decision-making by providing explicit support for the execution of the user's decision strategies. The application contains an innovative feature for in-depth comparisons of alternatives through which users' importance ratings are elicited interactively and in a playful way. The usability and general acceptance of the choice aid was studied; results show that ICA is a promising contribution and provides insights that may further improve its usability.

A guide for easy- and difficult-to-treat hypertension.

Although the blood pressure (BP) of many patients can be controlled using standard combinations, treatment of hypertension frequently represents a clinical challenge to the primary care physician. This article will review best practices for managing patients with easy- and difficult-to-treat hypertension, including preferred antihypertensive combinations, optimizing adherence and persistence, recognizing white-coat hypertension, and intensifying therapy for treatment-resistant patients. Each physician must decide based on his or her own level of experience at what point a patient becomes too challenging and would benefit from referral to a hypertension specialist for more intensive management and to complete the exclusion of secondary forms of arterial hypertension. With intensive pharmacotherapy, many patients with difficult-to-treat hypertension can achieve BP control. If it fails, interventional strategies (e.g., renal denervation) are a valid option to get BP controlled.

Epilepsy surgery in children and adults.

SUMMARY: Epilepsy surgery is the most effective way to control seizures in patients with drug-resistant focal epilepsy, often leading to improvements in cognition, behaviour, and quality of life. Risks of serious adverse events and deterioration of clinical status can be minimised in carefully selected patients. Accordingly, guidelines recommend earlier and more systematic assessment of patients' eligibility for surgery than is seen at present. The effectiveness of surgical treatment depends on epilepsy type, underlying pathology, and accurate localisation of the epileptogenic brain region by various clinical, neuroimaging, and neurophysiological investigations. Substantial progress has been made in the methods of presurgical assessment, particularly in patients with normal features on MRI, but evidence is scarce for the indication and effect of most presurgical investigations, with no biomarker precisely delineating the epileptogenic zone. A priority for the development of epilepsy surgery is the generation of high-level evidence to promote the harmonisation and dissemination of best practices.

An assurance-based model to holistically assess the information security posture

EXECUTIVE SUMMARY : Evaluating Information Security Posture within an organization is becoming a very complex task. Currently, the evaluation and assessment of Information Security are commonly performed using frameworks, methodologies and standards which often consider the various aspects of security independently. Unfortunately this is ineffective because it does not take into consideration the necessity of having a global and systemic multidimensional approach to Information Security evaluation. At the same time the overall security level is globally considered to be only as strong as its weakest link. This thesis proposes a model aiming to holistically assess all dimensions of security in order to minimize the likelihood that a given threat will exploit the weakest link. A formalized structure taking into account all security elements is presented; this is based on a methodological evaluation framework in which Information Security is evaluated from a global perspective. This dissertation is divided into three parts. Part One: Information Security Evaluation issues consists of four chapters. Chapter 1 is an introduction to the purpose of this research purpose and the Model that will be proposed. In this chapter we raise some questions with respect to "traditional evaluation methods" as well as identifying the principal elements to be addressed in this direction. Then we introduce the baseline attributes of our model and set out the expected result of evaluations according to our model. Chapter 2 is focused on the definition of Information Security to be used as a reference point for our evaluation model. The inherent concepts of the contents of a holistic and baseline Information Security Program are defined. Based on this, the most common roots-of-trust in Information Security are identified. Chapter 3 focuses on an analysis of the difference and the relationship between the concepts of Information Risk and Security Management. Comparing these two concepts allows us to identify the most relevant elements to be included within our evaluation model, while clearing situating these two notions within a defined framework is of the utmost importance for the results that will be obtained from the evaluation process. Chapter 4 sets out our evaluation model and the way it addresses issues relating to the evaluation of Information Security. Within this Chapter the underlying concepts of assurance and trust are discussed. Based on these two concepts, the structure of the model is developed in order to provide an assurance related platform as well as three evaluation attributes: "assurance structure", "quality issues", and "requirements achievement". Issues relating to each of these evaluation attributes are analysed with reference to sources such as methodologies, standards and published research papers. Then the operation of the model is discussed. Assurance levels, quality levels and maturity levels are defined in order to perform the evaluation according to the model. Part Two: Implementation of the Information Security Assurance Assessment Model (ISAAM) according to the Information Security Domains consists of four chapters. This is the section where our evaluation model is put into a welldefined context with respect to the four pre-defined Information Security dimensions: the Organizational dimension, Functional dimension, Human dimension, and Legal dimension. Each Information Security dimension is discussed in a separate chapter. For each dimension, the following two-phase evaluation path is followed. The first phase concerns the identification of the elements which will constitute the basis of the evaluation: ? Identification of the key elements within the dimension; ? Identification of the Focus Areas for each dimension, consisting of the security issues identified for each dimension; ? Identification of the Specific Factors for each dimension, consisting of the security measures or control addressing the security issues identified for each dimension. The second phase concerns the evaluation of each Information Security dimension by: ? The implementation of the evaluation model, based on the elements identified for each dimension within the first phase, by identifying the security tasks, processes, procedures, and actions that should have been performed by the organization to reach the desired level of protection; ? The maturity model for each dimension as a basis for reliance on security. For each dimension we propose a generic maturity model that could be used by every organization in order to define its own security requirements. Part three of this dissertation contains the Final Remarks, Supporting Resources and Annexes. With reference to the objectives of our thesis, the Final Remarks briefly analyse whether these objectives were achieved and suggest directions for future related research. Supporting resources comprise the bibliographic resources that were used to elaborate and justify our approach. Annexes include all the relevant topics identified within the literature to illustrate certain aspects of our approach. Our Information Security evaluation model is based on and integrates different Information Security best practices, standards, methodologies and research expertise which can be combined in order to define an reliable categorization of Information Security. After the definition of terms and requirements, an evaluation process should be performed in order to obtain evidence that the Information Security within the organization in question is adequately managed. We have specifically integrated into our model the most useful elements of these sources of information in order to provide a generic model able to be implemented in all kinds of organizations. The value added by our evaluation model is that it is easy to implement and operate and answers concrete needs in terms of reliance upon an efficient and dynamic evaluation tool through a coherent evaluation system. On that basis, our model could be implemented internally within organizations, allowing them to govern better their Information Security. RÉSUMÉ : Contexte général de la thèse L'évaluation de la sécurité en général, et plus particulièrement, celle de la sécurité de l'information, est devenue pour les organisations non seulement une mission cruciale à réaliser, mais aussi de plus en plus complexe. A l'heure actuelle, cette évaluation se base principalement sur des méthodologies, des bonnes pratiques, des normes ou des standards qui appréhendent séparément les différents aspects qui composent la sécurité de l'information. Nous pensons que cette manière d'évaluer la sécurité est inefficiente, car elle ne tient pas compte de l'interaction des différentes dimensions et composantes de la sécurité entre elles, bien qu'il soit admis depuis longtemps que le niveau de sécurité globale d'une organisation est toujours celui du maillon le plus faible de la chaîne sécuritaire. Nous avons identifié le besoin d'une approche globale, intégrée, systémique et multidimensionnelle de l'évaluation de la sécurité de l'information. En effet, et c'est le point de départ de notre thèse, nous démontrons que seule une prise en compte globale de la sécurité permettra de répondre aux exigences de sécurité optimale ainsi qu'aux besoins de protection spécifiques d'une organisation. Ainsi, notre thèse propose un nouveau paradigme d'évaluation de la sécurité afin de satisfaire aux besoins d'efficacité et d'efficience d'une organisation donnée. Nous proposons alors un modèle qui vise à évaluer d'une manière holistique toutes les dimensions de la sécurité, afin de minimiser la probabilité qu'une menace potentielle puisse exploiter des vulnérabilités et engendrer des dommages directs ou indirects. Ce modèle se base sur une structure formalisée qui prend en compte tous les éléments d'un système ou programme de sécurité. Ainsi, nous proposons un cadre méthodologique d'évaluation qui considère la sécurité de l'information à partir d'une perspective globale. Structure de la thèse et thèmes abordés Notre document est structuré en trois parties. La première intitulée : « La problématique de l'évaluation de la sécurité de l'information » est composée de quatre chapitres. Le chapitre 1 introduit l'objet de la recherche ainsi que les concepts de base du modèle d'évaluation proposé. La maniéré traditionnelle de l'évaluation de la sécurité fait l'objet d'une analyse critique pour identifier les éléments principaux et invariants à prendre en compte dans notre approche holistique. Les éléments de base de notre modèle d'évaluation ainsi que son fonctionnement attendu sont ensuite présentés pour pouvoir tracer les résultats attendus de ce modèle. Le chapitre 2 se focalise sur la définition de la notion de Sécurité de l'Information. Il ne s'agit pas d'une redéfinition de la notion de la sécurité, mais d'une mise en perspectives des dimensions, critères, indicateurs à utiliser comme base de référence, afin de déterminer l'objet de l'évaluation qui sera utilisé tout au long de notre travail. Les concepts inhérents de ce qui constitue le caractère holistique de la sécurité ainsi que les éléments constitutifs d'un niveau de référence de sécurité sont définis en conséquence. Ceci permet d'identifier ceux que nous avons dénommés « les racines de confiance ». Le chapitre 3 présente et analyse la différence et les relations qui existent entre les processus de la Gestion des Risques et de la Gestion de la Sécurité, afin d'identifier les éléments constitutifs du cadre de protection à inclure dans notre modèle d'évaluation. Le chapitre 4 est consacré à la présentation de notre modèle d'évaluation Information Security Assurance Assessment Model (ISAAM) et la manière dont il répond aux exigences de l'évaluation telle que nous les avons préalablement présentées. Dans ce chapitre les concepts sous-jacents relatifs aux notions d'assurance et de confiance sont analysés. En se basant sur ces deux concepts, la structure du modèle d'évaluation est développée pour obtenir une plateforme qui offre un certain niveau de garantie en s'appuyant sur trois attributs d'évaluation, à savoir : « la structure de confiance », « la qualité du processus », et « la réalisation des exigences et des objectifs ». Les problématiques liées à chacun de ces attributs d'évaluation sont analysées en se basant sur l'état de l'art de la recherche et de la littérature, sur les différentes méthodes existantes ainsi que sur les normes et les standards les plus courants dans le domaine de la sécurité. Sur cette base, trois différents niveaux d'évaluation sont construits, à savoir : le niveau d'assurance, le niveau de qualité et le niveau de maturité qui constituent la base de l'évaluation de l'état global de la sécurité d'une organisation. La deuxième partie: « L'application du Modèle d'évaluation de l'assurance de la sécurité de l'information par domaine de sécurité » est elle aussi composée de quatre chapitres. Le modèle d'évaluation déjà construit et analysé est, dans cette partie, mis dans un contexte spécifique selon les quatre dimensions prédéfinies de sécurité qui sont: la dimension Organisationnelle, la dimension Fonctionnelle, la dimension Humaine, et la dimension Légale. Chacune de ces dimensions et son évaluation spécifique fait l'objet d'un chapitre distinct. Pour chacune des dimensions, une évaluation en deux phases est construite comme suit. La première phase concerne l'identification des éléments qui constituent la base de l'évaluation: ? Identification des éléments clés de l'évaluation ; ? Identification des « Focus Area » pour chaque dimension qui représentent les problématiques se trouvant dans la dimension ; ? Identification des « Specific Factors » pour chaque Focus Area qui représentent les mesures de sécurité et de contrôle qui contribuent à résoudre ou à diminuer les impacts des risques. La deuxième phase concerne l'évaluation de chaque dimension précédemment présentées. Elle est constituée d'une part, de l'implémentation du modèle général d'évaluation à la dimension concernée en : ? Se basant sur les éléments spécifiés lors de la première phase ; ? Identifiant les taches sécuritaires spécifiques, les processus, les procédures qui auraient dû être effectués pour atteindre le niveau de protection souhaité. D'autre part, l'évaluation de chaque dimension est complétée par la proposition d'un modèle de maturité spécifique à chaque dimension, qui est à considérer comme une base de référence pour le niveau global de sécurité. Pour chaque dimension nous proposons un modèle de maturité générique qui peut être utilisé par chaque organisation, afin de spécifier ses propres exigences en matière de sécurité. Cela constitue une innovation dans le domaine de l'évaluation, que nous justifions pour chaque dimension et dont nous mettons systématiquement en avant la plus value apportée. La troisième partie de notre document est relative à la validation globale de notre proposition et contient en guise de conclusion, une mise en perspective critique de notre travail et des remarques finales. Cette dernière partie est complétée par une bibliographie et des annexes. Notre modèle d'évaluation de la sécurité intègre et se base sur de nombreuses sources d'expertise, telles que les bonnes pratiques, les normes, les standards, les méthodes et l'expertise de la recherche scientifique du domaine. Notre proposition constructive répond à un véritable problème non encore résolu, auquel doivent faire face toutes les organisations, indépendamment de la taille et du profil. Cela permettrait à ces dernières de spécifier leurs exigences particulières en matière du niveau de sécurité à satisfaire, d'instancier un processus d'évaluation spécifique à leurs besoins afin qu'elles puissent s'assurer que leur sécurité de l'information soit gérée d'une manière appropriée, offrant ainsi un certain niveau de confiance dans le degré de protection fourni. Nous avons intégré dans notre modèle le meilleur du savoir faire, de l'expérience et de l'expertise disponible actuellement au niveau international, dans le but de fournir un modèle d'évaluation simple, générique et applicable à un grand nombre d'organisations publiques ou privées. La valeur ajoutée de notre modèle d'évaluation réside précisément dans le fait qu'il est suffisamment générique et facile à implémenter tout en apportant des réponses sur les besoins concrets des organisations. Ainsi notre proposition constitue un outil d'évaluation fiable, efficient et dynamique découlant d'une approche d'évaluation cohérente. De ce fait, notre système d'évaluation peut être implémenté à l'interne par l'entreprise elle-même, sans recourir à des ressources supplémentaires et lui donne également ainsi la possibilité de mieux gouverner sa sécurité de l'information.

Justice and Court Administrations, Their Workings and Efficiency in Switzerland : Aspects of Sentencing And Its Outcome In Swiss Cantons

The comparison of the operations of the administration of justice among cantons shows on one side large differences in the three major types of sentencing, in the use of pre-trial detention and the unsuspended prison sanction. When combined, one finds however very weak relationships when considering absolute, percentage or weighted results. On the other side, the outcome of these different policies is much paradoxical as there are no differences when comparing recidivism rates among cantons, despite strong differences in the use of pre-trial detention and the sentencing with prison sanctions. The paradoxical outcome of crime policies in terms of recidivism - e.g. the absence of differences of the outcome based on sanctions in the domain of less severe delinquency - suggests the need for more empirically informed crime policies. The role of justice administrators could be to participate in the dissemination of those findings as well as the dissemination of best practices among cantons with regard to outcomes and the use of resources - especially with consideration to the use of the prison sanction as it is the most costly and the most inefficient of all sanctions. Furthermore, the observance of the principle of equality before the law would be most likely be promoted.