793 resultados para information security management system
Resumo:
Location information is commonly used in context-aware applications and pervasive systems. These applications and systems may require knowledge, of the location of users, devices and services. This paper presents a location management system able to gather, process and manage location information from a variety of physical and virtual location sensors. The system scales to the complexity of context-aware applications, to a variety of types and large number of location sensors and clients, and to geographical size of the system. The proposed location management system provides conflict resolution of location information and mechanisms to ensure privacy.
Resumo:
Risk and knowledge are two concepts and components of business management which have so far been studied almost independently. This is especially true where risk management (RM) is conceived mainly in financial terms, as for example, in the financial institutions sector. Financial institutions are affected by internal and external changes with the consequent accommodation to new business models, new regulations and new global competition that includes new big players. These changes induce financial institutions to develop different methodologies for managing risk, such as the enterprise risk management (ERM) approach, in order to adopt a holistic view of risk management and, consequently, to deal with different types of risk, levels of risk appetite, and policies in risk management. However, the methodologies for analysing risk do not explicitly include knowledge management (KM). This research examines the potential relationships between KM and two RM concepts: perceived quality of risk control and perceived value of ERM. To fulfill the objective of identifying how KM concepts can have a positive influence on some RM concepts, a literature review of KM and its processes and RM and its processes was performed. From this literature review eight hypotheses were analysed using a classification into people, process and technology variables. The data for this research was gathered from a survey applied to risk management employees in financial institutions and 121 answers were analysed. The analysis of the data was based on multivariate techniques, more specifically stepwise regression analysis. The results showed that the perceived quality of risk control is significantly associated with the variables: perceived quality of risk knowledge sharing, perceived quality of communication among people, web channel functionality, and risk management information system functionality. However, the relationships of the KM variables to the perceived value of ERM are not identified because of the low performance of the models describing these relationships. The analysis reveals important insights into the potential KM support to RM such as: the better adoption of KM people and technology actions, the better the perceived quality of risk control. Equally, the results suggest that the quality of risk control and the benefits of ERM follow different patterns given that there is no correlation between both concepts and the distinct influence of the KM variables in each concept. The ERM scenario is different from that of risk control because ERM, as an answer to RM failures and adaptation to new regulation in financial institutions, has led organizations to adopt new processes, technologies, and governance models. Thus, the search for factors influencing the perceived value of ERM implementation needs additional analysis because what is improved in RM processes individually is not having the same effect on the perceived value of ERM. Based on these model results and the literature review the basis of the ERKMAS (Enterprise Risk Knowledge Management System) is presented.
Resumo:
In the IS literature, commitment is typically considered to involve organizational or managerial support for a system and not that of its users. This paper however reports on a field study involving 16 organizations that attempted to build user involvement in developing a knowledge management strategy by having them design it. Twenty-two IT-supported group workshops (involving 183 users) were run to develop action plans for better knowledge management that users would like to see implemented. Each workshop adopted the same problem structuring technique to assist group members develop a politically feasible action plan to which they were psychologically and emotionally dedicated. In addition to reviewing the problem structuring method, this paper provides qualitative insight into the factors a knowledge management strategy should have to encourage user commitment. © 2004 Elsevier B.V. All rights reserved.
Resumo:
The design and implementation of data bases involve, firstly, the formulation of a conceptual data model by systematic analysis of the structure and information requirements of the organisation for which the system is being designed; secondly, the logical mapping of this conceptual model onto the data structure of the target data base management system (DBMS); and thirdly, the physical mapping of this structured model into storage structures of the target DBMS. The accuracy of both the logical and physical mapping determine the performance of the resulting systems. This thesis describes research which develops software tools to facilitate the implementation of data bases. A conceptual model describing the information structure of a hospital is derived using the Entity-Relationship (E-R) approach and this model forms the basis for mapping onto the logical model. Rules are derived for automatically mapping the conceptual model onto relational and CODASYL types of data structures. Further algorithms are developed for partly automating the implementation of these models onto INGRES, MIMER and VAX-11 DBMS.
Resumo:
This major text assumes no prior knowledge of IS or IT and builds both business and Information systems knowledge to enable the reader to choose the right systems, to develop them and to manage them effectively. The three-part structure to the book covers: Introduction to business information systems Business information systems development Business information systems management Suitable for any IS, BIS or MIS course from UG to MBA level within a Business or Computer Science Department.
Resumo:
The Indian Petroleum Industry is passing through a very dynamic business environment due to liberalization. Effective project management for developing new infrastructures and maintaining the existing facilities has been considered as one of the means for remaining competitive but these practices suffer from many shortcomings, as time, cost and quality non-achievements are part and parcel of almost every project. This study focuses on identifying the specific causes of project failure by demonstrating first the characteristics of projects in Indian Petroleum industry and suggests some remedial measures for resolving these issues. The suggested project management model is integrated through information management system and demonstrated through a case study.
Resumo:
According to the rapidly changing environment small and medium enterprises constantly need to adapt their strategies and activities. The transition from the industrial economy to knowledge-based economy results in the increasing of the volume of the available information. Therefore knowledge markets are needed and innovation centers have to be developed. An effective knowledge management system helps small and medium enterprises to overcome their disadvantages and compete with big corporations. The review of current developments in the field of knowledge markets is also made.
Resumo:
This article describes the approach, which allows to develop information systems without taking into consideration details of physical storage of the relational model and type database management system. Described in terms of graph model, this approach allows to construct several algorithms, for example, for verification application domain. This theory was introduced into operation testing as a part of CASE-system METAS.
Resumo:
A felelős vállalatirányítás egyik stratégiai jelentőségű tényezője a vállalati szintű kockázatkezelés, mely napjaink egyik legnagyobb kihívást jelentő területe a vállalatvezetés számára. A hatékony vállalati kockázatkezelés nem valósulhat meg kizárólag az általános, nemzetközi és hazai szakirodalomban megfogalmazott kockázatkezelési alapelvek követése mentén, a kockázatkezelési rendszer kialakítása során figyelembe kell venni mind az iparági, mind az adott vállalatra jellemző sajátosságokat. Mindez különösen fontos egy olyan speciális tevékenységet folytató vállalatnál, mint a villamosenergia-ipari átviteli rendszerirányító társaság (transmission system operator, TSO). A cikkben a magyar villamosenergia-ipari átviteli rendszerirányító társasággal együttműködésben készített kutatás keretében előálló olyan komplex elméleti és gyakorlati keretrendszert mutatnak be a szerzők, mely alapján az átviteli rendszerirányító társaság számára kialakítottak egy új, területenként egységes kockázatkezelési módszertant (fókuszban a kockázatok azonosításának és számszerűsítésének módszertani lépéseivel), mely alkalmas a vállalati szintű kockázati kitettség meghatározására. _______ This study handles one of today’s most challenging areas of enterprise management: the development and introduction of an integrated and efficient risk management system. For companies operating in specific network industries with a dominant market share and a key role in the national economy, such as electricity TSO’s, risk management is of stressed importance. The study introduces an innovative, mathematically and statistically grounded as well as economically reasoned management approach for the identification, individual effect calculation and summation of risk factors. Every building block is customized for the organizational structure and operating environment of the TSO. While the identification phase guarantees all-inclusivity, the calculation phase incorporates expert techniques and Monte Carlo simulation and the summation phase presents an expected combined distribution and value effect of risks on the company’s profit lines based on the previously undiscovered correlations between individual risk factors.
Resumo:
This dissertation analyzes the current status of emergency management professionalization in the United States and Florida using a qualitative case study. I investigate the efforts of various organizations at the national and state levels in the private and public sectors to organize emergency management as a profession. I conceptualize emergency management professionalization as occurring in two phases: the indirect institutionalization of the occupation of emergency management and the formal advancement toward an emergency management profession. The legislative, organizational, and procedural developments that occurred between approximately 1900 and the late 1970s became the indirect institutionalization of the occupation of emergency management. Over time, as our society developed and became increasingly complex, more disasters affect the security of the population. In order to adapt to increasing risks and vulnerabilities the emergency management system emerged and with it the necessary elements upon which a future profession could be established providing the basis for the formal advancement toward an emergency management profession. ^ During approximately the last twenty years, the formal advancement toward an emergency management profession has encompassed two primary strategies—certification and accreditation—motivated by the objective to organize a profession. Certification applies to individual emergency managers and includes all training and education. Accreditation of state and local emergency management agencies is reached by complying to a minimum level of proficiency with established standards of performance. Certification and accreditation are the mechanisms used to create an emergency management profession and thus act as axes around which the field of emergency management is organizing. ^ The purpose of this research is to provide a frame of reference for whether or not the field of emergency management is a profession. Based on sociology of professions literature, emergency management can be considered to be professionalizing. The current emergency management professionalization efforts may or may not be sufficient to achieve the ultimate goal of becoming a legitimate profession based on legal and public support for the exclusive right to perform emergency management tasks (monopoly) as well as self-regulation of those tasks (autonomy). ^
Resumo:
The purpose of this paper is to explore the use of automated inventory management systems (IMS) and identify the stage of technology adoption for restaurants in Aruba. A case study analysis involving twelve members of the Aruba Gastronomic Association was conducted using a qualitative research design to gather information on approaches currently used as well as the reasons and perceptions managers/owners have for using or not using automated systems in their facilities. This is the first study conducted using the Aruba restaurant market. Therefore, the application of two technology adoption models was used to integrate critical factors relevant to the study. Major findings indicated the use of an automated IMS in restaurants is limited, thus underscoring the lack of adoption of technology in this area. The results also indicated that two major reasons that restaurants are not adopting IMS technology are budgetary constraints and service support. This study is imperative for two reasons: (1) the results of this study can be used as a comparison for future IMS adoption, not only for Aruba’s restaurant industry but also for other Caribbean destinations and the U.S., (2) this study also provides insight into the additional training and support help needed in hospitality technology services.
Resumo:
In - Appraising Work Group Performance: New Productivity Opportunities in Hospitality Management – a discussion by Mark R. Edwards, Associate Professor, College of Engineering, Arizona State University and Leslie Edwards Cummings, Assistant Professor, College of Hotel Administration University of Nevada, Las Vegas; the authors initially provide: “Employee group performance variation accounts for a significant portion of the degree of productivity in the hotel, motel, and food service sectors of the hospitality industry. The authors discuss TEAMSG, a microcomputer based approach to appraising and interpreting group performance. TEAMSG appraisal allows an organization to profile and to evaluate groups, facilitating the targeting of training and development decisions and interventions, as well as the more equitable distribution of organizational rewards.” “The caliber of employee group performance is a major determinant in an organization's productivity and success within the hotel and food service industries,” Edwards and Cummings say. “Gaining accurate information about the quality of performance of such groups as organizational divisions, individual functional departments, or work groups can be as enlightening...” the authors further reveal. This perspective is especially important not only for strategic human resources planning purposes, but also for diagnosing development needs and for differentially distributing organizational rewards.” The authors will have you know, employee requirements in an unpredictable environment, which is what the hospitality industry largely is, are difficult to quantify. In an effort to measure elements of performance Edwards and Cummings look to TEAMSG, which is an acronym for Team Evaluation and Management System for Groups. They develop the concept. In discussing background for employees, Edwards and Cummings point-out that employees - at the individual level - must often possess and exercise varied skills. In group circumstances employees often work at locations outside of, or move from corporate unit-to-unit, as in the case of a project team. Being able to transcend individual-to-group mentality is imperative. “A solution which addresses the frustration and lack of motivation on the part of the employee is to coach, develop, appraise, and reward employees on the basis of group achievement,” say the authors. “An appraisal, effectively developed and interpreted, has at least three functions,” Edwards and Cummings suggest, and go on to define them. The authors do place a great emphasis on rewards and interventions to bolster the assertion set forth in their thesis statement. Edwards and Cummings warn that individual agendas can threaten, erode, and undermine group performance; there is no - I - in TEAM.
Resumo:
The primary purpose of this thesis was to design and develop a prototype e-commerce system where dynamic parameters are included in the decision-making process and execution of an online transaction. The system developed and implemented takes into account previous usage history, priority and associated engineering capabilities. The system was developed using three-tiered client server architecture. The interface was the Internet browser. The middle tiered web server was implemented using Active Server Pages, which form a link between the client system and other servers. A relational database management system formed the data component of the three-tiered architecture. It includes a capability for data warehousing which extracts needed information from the stored data of the customers as well as their orders. The system organizes and analyzes the data that is generated during a transaction to formulate a client's behavior model during and after a transaction. This is used for making decisions like pricing, order rescheduling during a client's forthcoming transaction. The system helps among other things to bring about predictability to a transaction execution process, which could be highly desirable in the current competitive scenario.
Resumo:
Two key solutions to reduce the greenhouse gas emissions and increase the overall energy efficiency are to maximize the utilization of renewable energy resources (RERs) to generate energy for load consumption and to shift to low or zero emission plug-in electric vehicles (PEVs) for transportation. The present U.S. aging and overburdened power grid infrastructure is under a tremendous pressure to handle the issues involved in penetration of RERS and PEVs. The future power grid should be designed with for the effective utilization of distributed RERs and distributed generations to intelligently respond to varying customer demand including PEVs with high level of security, stability and reliability. This dissertation develops and verifies such a hybrid AC-DC power system. The system will operate in a distributed manner incorporating multiple components in both AC and DC styles and work in both grid-connected and islanding modes. The verification was performed on a laboratory-based hybrid AC-DC power system testbed as hardware/software platform. In this system, RERs emulators together with their maximum power point tracking technology and power electronics converters were designed to test different energy harvesting algorithms. The Energy storage devices including lithium-ion batteries and ultra-capacitors were used to optimize the performance of the hybrid power system. A lithium-ion battery smart energy management system with thermal and state of charge self-balancing was proposed to protect the energy storage system. A grid connected DC PEVs parking garage emulator, with five lithium-ion batteries was also designed with the smart charging functions that can emulate the future vehicle-to-grid (V2G), vehicle-to-vehicle (V2V) and vehicle-to-house (V2H) services. This includes grid voltage and frequency regulations, spinning reserves, micro grid islanding detection and energy resource support. The results show successful integration of the developed techniques for control and energy management of future hybrid AC-DC power systems with high penetration of RERs and PEVs.
Resumo:
Cyber-physical systems tightly integrate physical processes and information and communication technologies. As today’s critical infrastructures, e.g., the power grid or water distribution networks, are complex cyber-physical systems, ensuring their safety and security becomes of paramount importance. Traditional safety analysis methods, such as HAZOP, are ill-suited to assess these systems. Furthermore, cybersecurity vulnerabilities are often not considered critical, because their effects on the physical processes are not fully understood. In this work, we present STPA-SafeSec, a novel analysis methodology for both safety and security. Its results show the dependencies between cybersecurity vulnerabilities and system safety. Using this information, the most effective mitigation strategies to ensure safety and security of the system can be readily identified. We apply STPA-SafeSec to a use case in the power grid domain, and highlight its benefits.
