Matthias Goeken

Towards Conceptual Metamodeling of IT Governance Frameworks Approach - Use - Benefits

Up to now, there has been little academic support for the challenges of IT governance/IT management. As a reaction, various best practice frameworks - like COBIT or CMMI - were developed. Due to their origin, these frameworks lack of a sound basis or scientific foundation. To undertake a step in this direction, we propose the use of modeling notation and techniques to represent frameworks as conceptual metamodels. Accordingly, we present the well-known framework COBIT metamodeled in a conceptual way and, thereby, represent the underlying logically and semantically rich structures. We furthermore discuss the benefits of using conceptual metamodeling to analyze frameworks coming from practice. Using the metamodel, we are also able to demonstrate ways to improve the frameworks and configure them according to the specific needs of an enterprise or an industry. To have a sound basis for any improvement we discuss the process of metamodeling and derive some requirements for “good” metamodeling.

Service identification in SOA Governance literature review and implications for a new method

Business-driven identification of services is a precondition for a successful implementation of service-oriented architectures and their subsequent governance. This article compares existing identification methods retrieved from related work and discusses the shortcomings. In particular, a lack of economic and governance aspects constitutes a problem and leaves space for improvements. Finally, the paper proposes a process-oriented method of service identification. This approach incorporates the business point of view, strategic and economic aspects as well as technical feasibility. By considering these aspects, it supports the governance of SOAs.

Resource-Based View in Empirical IT Business Value Research--An Evidence-Based Literature Review

Recently, the Resource-based View (RBV) attracts more attention in IT business value research, as it serves as a theoretical framework for the identification of IT resources impacting firm performance. Although numerous empirical studies applying the RBV can be found, systematic research structuring the obtained knowledge is hardly available. Therefore, we conduct an evidence-based literature review to structure and consolidate empirical evidence from studies using the RBV as a theoretical foundation. We illustrate how different IT resources can be distinguished and classified by considering their operationalization. With the means of our research map we illustrate our findings and their evidence pointing out contradictory results of how different classes of IT resources affect the IT business value in terms of the competitive advantage. We discuss some direct effects of IT resources on the competitive advantage as well as research gaps. Finally, we present implications regarding the RBV in IT business value research.

Referenzmodellbasierte Einführung von Führungsinformationssystemen Grundlagen, Anforderungen, Methode

Due to the fact that still many Executive Information System (EIS) Projects fail, it seems to be worthwhile to improve the likelihood that these efforts finish successfully. Reference models can foster the development of EIS because they provide reference solutions for a specific Domain. This paper presents a method for the Development of EIS based on reference models. The method includes a life cycle model which supports the adaptation of reference models and an extension of multidimensional data models allowing the management of variants and adaptation points. Furthermore, it provides construction patterns for a specific domain. The development of an EIS at Universities is used as a motivating example.

Towards an operationalisation of governance and strategy for service identification and design

Service orientation is a promising paradigm for business architectures. Implementing a service-oriented architecture (SOA) promises increasing flexibility as well as agility and decreasing development and maintenance costs of IT landscapes. Simultaneously with these advantages, the implementation of an SOA entails some inherent challenges. The flexible orchestration of services increases the complexity of the whole system significantly and can even result in decreasing performance [1]. A holistic management of technology and business processes is therefore necessary [2]. We believe that the essential SOA management tasks include topics such as strategy, governance, processes as well as infrastructure. These management topics can be addressed on different levels of granularity, e.g. at an SOA governance level or a single service level. This article focuses on individual services and shows how to support their identification and design. Therefore, we present specific deduced dimensions of the generic topics governance and strategy. In addition, we present roles and techniques in order to consider these topics already during the early phases of an SOA implementation, i.e. in the identification and design process.

Enhancing design science through empirical knowledge: framework and application

The discourse about differences between behavioral and design science still attains wide interest in the information systems research community. While design-oriented research is repeatedly subject to criticism on account of lacking transparency and rigor, behavioral research is fighting against the accusation of little relevance. It would be highly desirable to overcome the shortcomings of design science by using existing theories, empirical knowledge, etc. within the design of an artifact. For that purpose, we present a framework that shows how different ways of applying empirical knowledge can put the research of design scientists on a better grounding and thus improve the rigor of design science. Specifically we point out, how design science can be performed more rigorously on the basis of our framework by empirically motivating, guiding, evaluating, and analyzing design science research. To illustrate the application of our framework, we will provide an example from the domain of information security.

Anforderungsmanagement bei der Entwicklung von Data Warehouse-Systemen — Ein sichtenspezifischer Ansatz

Das Management der Anforderungen stellt im Rahmen der Data Warehouse-Entwicklung nach wie vor eine grose Herausforderung dar, da ein Data Warehouse-System im hohen Mase im Spannungsverhaltnis zwischen Betriebswirtschaft und IT steht. In dem vorliegenden Beitrag wird ein Ansatz entwickelt, mit dessen Hilfe versucht wird, die Bedarfe und Anforderungen verschiedener Benutzer und Benutzergruppen strukturiert zu erfassen und zu konsolidieren. Zu diesem Zweck wird ein erweiterter Anforderungsbegriff fur das Data Warehousing abgeleitet und mit dem Viewpoint-Ansatz des Requirements Engineerings eine Methode verwendet, die eine explizite Empfangerorientierung zulasst. Zusatzlich werden Grundideen des recht neuen Forschungsfeldes „aspektorientiertes Requirements Engineering“ auf die Data Warehouse-Entwicklung angewendet.

Ontology-Based Evaluation of ISO 27001

Information security risks threaten the ability of organizations of reaching their operational and strategic goals. Increasing diversification of the information security landscapes makes addressing all risks a challenging task. Information security standards have positioned themselves as generic solutions to tackle a broad range of risks and try to guide security managers in their endeav ors. However, it is not evident if such standards have the required holis tic approach to be a solid foundation. In this paper a metamodel of the ISO 27001 security standard explicating its core concepts is presented. We then compare the constructed metamodel with various information security ontolo gies and analyze for comprehensiveness. We conclude with a discussion of core concepts in the information security domain.

Referenzmodellgestütztes Compliance Reporting am Beispiel der EU-Finanzmarktrichtlinie MiFID

ZusammenfassungUnternehmen werden über Regulierungen wie z. B. die Finanzmarktrichtlinie der Europäischen Union (MiFID) und deren nationale Umsetzungen zur Herstellung von Transparenz und Publizität verpflichtet. Die Einhaltung dieser Berichtspflichten bei der Gestaltung von Data-Warehouse- und Business-Intelligence-Systemen zu gewährleisten, stellt eine wesentliche Aufgabe des Compliance Management dar. Mittels multi-dimensionaler Referenzmodelle lassen sich aus den Regulierungen resultierende Informations-bedarfe in einer für die Informationssystemgestaltung geeigneten Form explizieren. Die Referenzmodelle bilden dabei sowohl die strikten Informationserfordernisse als auch die von den Regulierungen eingeräumten Gestaltungsfreiräume ab. Durch die speziell unterstützte Anpassung der allgemeingültigen Referenzmodelle können Unternehmen effizient und effektiv zu einer Spezifikation ihres Compliance Reporting gelangen.

Benutzerorientierter Entwurf von unternehmensweiten Data-Warehouse-Systemen

Der Beitrag beschreibt eine Entwurfsmethode fur die Data-Warehouse-Entwicklung. Als Bezugsrahmen dient dabei eine erweiterte Data-Warehouse-Architektur und ein Verfahren zur Zerlegung des zu erstellenden Systems. Dies unterstutzt die Definition von Ausbaustufen fur ein inkrementelles Vorgehen. Fur die einzelnen Inkremente werden ausgehend vom Informationsbedarf der Benutzer fachkonzeptionelle Strukturen entwickelt, die wiederum schrittweise in logische Schemata transformiert werden. Diese logischen Modelle dienen der Vorbereitung der Implementierung auf physischer Ebene und der Modellierung der ETL-Prozesse.