Ändra sökning
Avgränsa sökresultatet
1234 101 - 150 av 158
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Träffar per sida
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
  • Standard (Relevans)
  • Författare A-Ö
  • Författare Ö-A
  • Titel A-Ö
  • Titel Ö-A
  • Publikationstyp A-Ö
  • Publikationstyp Ö-A
  • Äldst först
  • Nyast först
  • Skapad (Äldst först)
  • Skapad (Nyast först)
  • Senast uppdaterad (Äldst först)
  • Senast uppdaterad (Nyast först)
  • Disputationsdatum (tidigaste först)
  • Disputationsdatum (senaste först)
Markera
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 101.
    Löf, Fredrik
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Stomberg, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hallberg, Jonas
    Swedish Defence Research Agency (FOI).
    Bengtsson, Johan
    Swedish Defence Research Agency (FOI).
    An Approach to Network Security Assessment based on Probalistic Relational Models2010Ingår i: First Workshop on Secure Control Systems (SCS-1), 2010Konferensbidrag (Refereegranskat)
    Abstract [en]

    To assist rational decision making regarding network security improvements, decision makers need to be able to assess weaknesses in existing or potential new systems. This paper presents a model based assessment framework for analyzing the network security provided by different architectural scenarios. The framework uses a probabilistic relational model to express attack paths and related countermeasures. In this paper, it is demonstrated that this method can be used to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed given the instantiated architectural scenario. Moreover, the framework is scalable and can handle the uncertainties that accompany an analysis. The method has been applied in a case study of a military network.

  • 102. Mao, Xinyue
    et al.
    Ekstedt, Mathias
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Ling, Engla
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Ringdahl, Erik
    Foreseeti.
    Lagerström, Robert
    KTH, Skolan för elektroteknik och datavetenskap (EECS), Datavetenskap, Nätverk och systemteknik.
    Conceptual Abstraction of Attack Graphs: a Use Case of securiCAD2019Ingår i: Graphical Models for Security. GraMSec 2019., Springer, 2019, Vol. 11720, s. 186-202Konferensbidrag (Refereegranskat)
    Abstract [en]

    Attack graphs quickly become large and challenging to understand and overview. As a means to ease this burden this paper presents an approach to introduce conceptual hierarchies of attack graphs. In this approach several attack steps are aggregated into abstract attack steps that can be given more comprehensive names. With such abstract attack graphs, it is possible to drill down, in several steps, to gain more granularity, and to move back up. The approach has been applied to the attack graphs generated by the cyber threat modeling tool securiCAD.

  • 103.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    An enterprise architecture framework for multi-attribute information systems analysis2014Ingår i: Journal of Software and Systems Modeling (online), ISSN 1619-1366, E-ISSN 1619-1374, Vol. 13, nr 3, s. 1085-1116Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Enterprise architecture is a model-based IT and business management discipline. Enterprise architecture analysis concerns using enterprise architecture models for analysis of selected properties to provide decision support. This paper presents a framework based on the ArchiMate metamodel for the assessment of four properties, viz., application usage, system availability, service response time and data accuracy. The framework integrates four existing metamodels into one and implements these in a tool for enterprise architecture analysis. The paper presents the overall metamodel and four viewpoints, one for each property. The underlying theory and formalization of the four viewpoints is presented. In addition to the tool implementation, a running example as well as guidelines for usage makes the viewpoints easily applicable.

  • 104.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture Availability Analysis Using Fault Trees and Stakeholder Interviews2014Ingår i: Enterprise Information Systems, ISSN 1751-7575, E-ISSN 1751-7583, Vol. 8, nr 1, s. 1-25Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The availability of enterprise information systems is a key concern for many organisations. This article describes a method for availability analysis based on Fault Tree Analysis and constructs from the ArchiMate enterprise architecture (EA) language. To test the quality of the method, several case-studies within the banking and electrical utility industries were performed. Input data were collected through stakeholder interviews. The results from the case studies were compared with availability of log data to determine the accuracy of the method's predictions. In the five cases where accurate log data were available, the yearly downtime estimates were within eight hours from the actual downtimes. The cost of performing the analysis was low; no case study required more than 20 man-hours of work, making the method ideal for practitioners with an interest in obtaining rapid availability estimates of their enterprise information systems.

  • 105.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Using enterprise architecture analysis and interview data to estimate service response time2013Ingår i: Journal of strategic information systems, ISSN 0963-8687, E-ISSN 1873-1198, Vol. 22, nr 1, s. 70-85Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Insights into service response time is important for service-oriented architectures and service management. However, directly measuring the service response time is not always feasible or can be very costly. This paper extends an analytical modeling method which uses enterprise architecture modeling to support the analysis. The extensions consist of (i) a formalization using the Hybrid Probabilistic Relational Model formalism, (ii) an implementation in an analysis tool for enterprise architecture and (iii) a data collection approach using expert assessments collected via interviews and questionnaires. The accuracy and cost effectiveness of the method was tested empirically by comparing it with direct performance measurements of five services of a geographical information system at a Swedish utility company. The tests indicate that the proposed method can be a viable option for rapid service response time estimates when a moderate accuracy within 15% is sufficient.

  • 106.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Data accuracy assessment using enterprise architecture2011Ingår i: Enterprise Information Systems, ISSN 1751-7575, E-ISSN 1751-7583, Vol. 5, nr 1, s. 37-58Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Errors in business processes result in poor data accuracy. This article proposes an architecture analysis method which utilises ArchiMate and the Probabilistic Relational Model formalism to model and analyse data accuracy. Since the resources available for architecture analysis are usually quite scarce, the method advocates interviews as the primary data collection technique. A case study demonstrates that the method yields correct data accuracy estimates and is more resource-efficient than a competing sampling-based data accuracy estimation method.

  • 107.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    König, Johan
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture Analysis for Data Accuracy Assessments2009Ingår i: 2009 IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, Los Alamitos, CA: IEEE COMPUTER SOC , 2009, s. 24-33Konferensbidrag (Refereegranskat)
    Abstract [en]

    Poor data in information systems impede the quality of decision-making in many modern organizations. Manual business process activities and application services are never executed flawlessly which results in steadily deteriorating data accuracy, the further away from the source the data gets, the poorer its accuracy becomes. This paper proposes an architecture analysis method based on Bayesian Networks to assess data accuracy deterioration in a quantitative manner. The method is model-based and uses the ArchiMate language to model business processes and the way in which data objects are transformed by various operations. A case study at a Swedish utility demonstrates the approach.

    Ladda ner fulltext (pdf)
    fulltext
  • 108.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Data Collection Prioritization for System Quality Analysis2009Ingår i: Electronic Notes in Theoretical Computer Science, 2009, Vol. 233, nr C, s. 29-42Konferensbidrag (Refereegranskat)
    Abstract [en]

    When assessing software quality the cost of collecting the data needed for analysis is often quite substantial. This paper proposes the use of Bayesian networks for assessing software qualities combined with an algorithm for how to prioritize which data to collect in order to minimize the cost of the assessment. This algorithm, the Diagnosis algorithm, is implemented in the Bayesian network tool 'GeNIe'. An example evaluation of service interoperability in the paper demonstrates that using the algorithm may reduce time spent on data collection significantly.

  • 109. Närman, Per
    et al.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Gammelgård, Magnus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Validation and refinement of an asset management subset of the IEC 61968 Interface Reference Model2006Ingår i: 2006 IEEE/PES Power Systems Conference and Exposition. Vols 1-5, NEW YORK: IEEE , 2006, s. 915-922Konferensbidrag (Refereegranskat)
    Abstract [en]

    the IEC 61968 standard is being developed to facilitate integration of applications related to distribution management, i.e. the management of power distribution networks. As an important baseline the standard contains an Interface Reference Model (IRM). IRM contains functions that define the scope of distribution management. This paper presents a study that was conducted regarding the use of the IRM as a base for evaluating functionality of commercial asset management solutions. The subset of the IRM related to asset management was studied, and based on this subset a refined reference model was created. In addition to the IRM-subset, the refined functional reference model also incorporated functions present in actual asset management solutions. The model was also validated and refined by means of an extensive case study at a large Nordic distribution utility. The study shows that the IRM, with some adaptations, serves the purpose of functionally evaluating asset management applications.

  • 110.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Schönherr, Marten
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Using Enterprise Architecture Models for System Quality Analysis2008Ingår i: EDOC 2008: 12TH IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING, PROCEEDINGS  , IEEE Computer Society, 2008, s. 14-23Konferensbidrag (Refereegranskat)
    Abstract [en]

    Enterprise Architecture is a model-based approach to business-oriented IT management. To promote good IT decision making, an Enterprise Architecture framework needs to explicate what kind of analyses it supports. Since creating Enterprise Architecture models is expensive and without intrinsic value, it is desirable to only create Enterprise Architecture models based on metamodels that support well-defined analyses. This paper presents the content and extension of a metamodel which supports creating models containing the information necessary to conduct system quality analyses, specifically with respect to availability, accuracy, confidentiality and integrity. The metamodel is an extension and formalization of the metamodel underlying the ArchiMate modelling language for Enterprise Architecture. The use of the extended metamodel is demonstrated in a case study where the availability, accuracy, confidentiality and integrity of the two Service Oriented Architecture (SOA) platforms Sun JCaps and PrOSeRO were evaluated.

    Ladda ner fulltext (pdf)
    fulltext
  • 111.
    Närman, Per
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sandgren, Sofia
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Framework for Assessing the Cost of IT Investments2009Ingår i: PROCEEDINGS OF PICMET 09: TECHNOLOGY MANAGEMENT IN THE AGE OF FUNDAMENTAL CHANGE / [ed] Kocaoglu DF; Anderson TR; Daim TU; Jetter A; Weber CM, NEW YORK: IEEE , 2009, s. 3070-3082Konferensbidrag (Refereegranskat)
    Abstract [en]

    Assessing life cycle costs of IT is a difficult endeavor. There are several factors that contribute to the life cycle costs of IT. Many of these factors are of a technical nature, such as development costs or integration costs. A substantial part of the costs are, however, caused by organizational factors such as the changes the introduction of an IT-system impose on business processes and the temporary loss of productivity this causes, or the cost of training system users before taking the system into operation. This paper proposes a framework for IT investment cost assessment. The framework integrates factors as proposed by already existing IT cost estimation frameworks and literature on the subject to be able to take into account both technical and organizational factors and cost drivers related to IT life cycle costs. The framework assists in quantifying these factors together with the costs they influence thereby providing more complete and accurate decision-support to executives faced with having to make investment decisions. The paper also describes how the framework's usefulness has been validated in two case studies at a large Nordic power company.

  • 112.
    Plazaola Prado, Leonel
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Flores, Johnny
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Vargas, Norman
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Strategic Business and IT alignment assessment: a case study applying an enterprise Architectural-based metamodel2008Ingår i: Proceedings of the Annual Hawaii International Conference on System Sciences, 2008Konferensbidrag (Refereegranskat)
    Abstract [en]

    Strategic Business and IT Alignment (SBITA) is still ranked amongst the top concerns of the enterprise's management executives. Such alignment is an organization-wide issue that influences the company's overall performance and its assessment is a fundamental input for the enterprise's managers to make informed decisions on SBITA enhancement possibilities. This paper reports the application of an Enterprise Architecture-based SBITA assessment metamodel in a case study conducted in an intensive IT service enterprise. The case study addresses two research questions: How can be applied the proposed Enterprise Architecture-based SBITA assessment metamodel in enterprises? and What is the quality and use of the results of such application? The authors have published the Enterprise Architecture-based SBITA assessment metamodel as a tool that combines the comprehensive and systematic modeling practices in the field of Enterprise Architecture with the guidance of tested and benchmarked SBITA assessment expert's method. Luftman's assessment method was selected in this research project.

  • 113.
    Plazaola Prado, Leonel
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Flores, Johnny
    KTH, Skolan för datavetenskap och kommunikation (CSC).
    Vargas, Norman
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Silva, Enrique
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    An Approach to Associate Strategic Business-IT alignment Assessment to Enterprise Architecture2007Ingår i: Proceedings of the Fifth Conference on Systems Engineering 2007 (CSER2007) , 2007, s. 1-10Konferensbidrag (Refereegranskat)
    Abstract [en]

    Strategic Business and IT Alignment (SBITA) requires a holistic view and a continuous coherent interrelation between the business components, personnel and IT systems, contributing to each other’s performance over time. Several conceptual and practical methodologies to assess or achieve it has been proposed and implemented before or parallel to the advent of the Enterprise Architecture (EA), lacking to a greater or lesser degree the EA modeling characteristics.This paper explains the criteria and the process for associating the artifacts of a SBITA methodology represented as Metamodel to the Zachman Enterprise Architectural Framework (ZEAF) and reports the association pattern and statistics. This association has been done in order to find the representations of the specific concern SBITA into the EA dominion. This paper reports, among other issues, to what extent and in which perspectives and aspects the SBITA assessment concern is predominantly represented in ZEAF.

  • 114.
    Plazaola Prado, Leonel
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Silva, Enrique
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Vargas, Norman
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Flores, Johnny
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Metamodel for Strategic Business and IT Alignment Assessment.2006Ingår i: Proceedings of the Fourth Conference on Systems Engineering 2006 (CSER2006), University of Southern California, USC, California, USA. April 2006., 2006Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper proposes a metamodel based on Jerry N. Luftman’s strategic business andinformation technology (IT) alignment assessment approach. It explains how this metamodel isdeduced and how it will perform such an assessment, showing conformity with the expert’sparent approach. Since Enterprise Architecture (EA) has emerged as a feasible model-basedmanagement tool for the systematic and holistic planning and decision-making of an enterprise’sbusiness and IT system operation and evolution, this paper also argues the metamodel’saffiliation to EA as a guide or reference for identifying the relevant representations for specificconcerns, mitigating the expenses and drawbacks of the often larger modeling required to applythe EA Frameworks.

  • 115.
    Raderius, Jakob
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing System Availability Using an Enterprise Architecture Analysis Approach2009Ingår i: SERVICE-ORIENTED COMPUTING - ICSOC 2008 WORKSHOPS / [ed] Feuerlicht G, Lamersdorf W, Berlin: SPRINGER-VERLAG BERLIN , 2009, Vol. 5472, s. 351-362Konferensbidrag (Refereegranskat)
    Abstract [en]

    During the last decade, a model based technique known as enterprise architecture has grown into an established approach for management of information systems in organizations. The use of enterprise architecture primarily promotes good decision-making and communication between business and IT stakeholders. This paper visualizes a scenario where enterprise architecture models are utilized to evaluate the availability of an information system. The problem is approached by creating models based on metamodels tailored to the domain of enterprise architecture analysis. As the instantiated models are fed with data particular to the information system, one can deduce how the organization needs to act in order to improve the system's availability.

  • 116.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Antonsen, Egil
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture2014Ingår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 43, s. 90-110Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper presents an empirical investigation on what behavioral information security governance factors drives the establishment of information security knowledge sharing in organizations. Data was collected from organizations located in different geographic regions of the world, and the amount of data collected from two countries – namely, USA and Sweden – allowed us to investigate if the effect of behavioral information security governance factors on the establishment of security knowledge sharing differs based on national culture.

    The study followed a mixed methods research design, wherein qualitative data was collected to both establish the study’s research model and develop a survey instrument that was distributed to 578 information security executives. The results suggest that processes to coordinate implemented security knowledge sharing mechanisms have a major direct influence on the establishment of security knowledge sharing in organizations; the effect of organizational structure (e.g., centralized security function to develop and deploy uniform firm-wide policies, and use of steering committees to facilitate information security planning) is slightly weaker, while business-based information security management has no significant direct effect on security knowledge sharing. A mediation analysis revealed that the reason for the non-significant direct relation between business-based information security management and security knowledge sharing is the fully mediating effect of coordinating information security processes. Thus, the results disentangles the interrelated influences of behavioral information security governance factors on security knowledge sharing by showing that information security governance sets the platform to establish security knowledge sharing, and coordinating processes realize the effect of both the structure of the information security function and the alignment of information security management with business needs.

    A multigroup analysis identified that national culture had a significant moderating effect on the association between four of the six proposed relations. In Sweden – which is seen as a less individualist, feminine country – managers tend to focus their efforts on implementing controls that are aligned with business activities and employees’ need; monitoring the effectiveness of the implemented controls, and assuring that the controls are not too obtrusive to the end user. On the contrary, US organizations establish security knowledge sharing in their organization through formal arrangements and structures. These results imply that Swedish managers perceive it to be important to involve, or at least know how their employees cope with the decisions that have been made, thus favoring local participation in information security management, while US managers may feel the need to have more central control when running their information security function.

    The findings suggest that national culture should be taken into consideration in future studies – in particular when investigating organizations operating in a global environment – and understand how it affects behaviors and decision-making. 

    Ladda ner fulltext (pdf)
    Information security knowledge sharing in organizations: Investigating the effect of behavioral information security governance and national culture
  • 117.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Antonson, Egil
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Exploring the link between organizations behavioral information security governance and employee information security awareness2015Ingår i: Proceedings of the 9th International Symposium on Human Aspects of Information Security & Assurance, 2015Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper explores the relation between a set of behavioural information security governancefactors and employees’ information security awareness. To enable statistical analysis betweenproposed relations, data was collected from two different samples in 24 organisations: 24information security executives and 240 employees. The results reveal that having a formalunit with explicit responsibility for information security, utilizing coordinating committees,and sharing security knowledge through an intranet site significantly correlates withdimensions of employees’ information security awareness. However, regular identification ofvulnerabilities in information systems and related processes is significantly negativelycorrelated with employees’ information security awareness, in particular managing passwords.The effect of behavioural information security governance on employee information securityawareness is an understudied topic. Therefore, this study is explorative in nature and theresults are preliminary. Nevertheless, the paper provides implications for both research andpractice.

  • 118.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Model for Investigating Organizational Impact on Information Security Behavior2012Konferensbidrag (Refereegranskat)
    Abstract [en]

    The increased amount of attacks targeting humans accessing and using computers has made it significantly important to understand human and organizational behavior in attacks and how resilient behavior can be achieved. This paper presents a research model that attempts to understand how organizational and human factors complement each other in shaping information security behavior. The model was developed through an inductive approach, in which content domain experts were interviewed to gain a deeper understanding of the phenomena. Common patterns that were identified in the interviews were then combined with data collected through surveying the literature. Specifically, the research model includes constructs related to the organization and promotion of information security, constructs related to perceptions of information security awareness and the social conditions within an organizational setting, and individual constructs related to an individual’s perceptions of attitude, normative beliefs, and self-efficacy. Implications for continuing research and how the model will be tested empirically are discussed.

  • 119.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Countermeasures for Social Engineering-based Malware Installation Attacks2013Ingår i: CONF-IRM 2013 Proceedings, 2013Konferensbidrag (Refereegranskat)
    Abstract [en]

    Social engineering exploits vulnerabilities at different layers (i.e. technical, social layer) in an organizational defense structure. It is therefore important to understand how to defend against these attacks using a holistic defense approach including multiple countermeasures. The literature suggests a plethora of countermeasures, little research has however been done to assess their effectiveness in managing social engineering threats. In this paper we attempt to obtain a deeper understanding of how to defend against a type of social engineering attack that attempts to install malware on computers through e-mail or portable media. We explore commonly proposed countermeasures needed to prevent this type of attack, and if any dependencies between them exist. Through a combined method approach of surveying the literature and conducting semi-structured interviews with domain experts we identified a set of countermeasures that provide empirical input for future studies but could potentially also give organizations guidance on how to manage social engineering-based malware installation attacks.

  • 120.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Information Security Governance Analysis using Probabilistic Relational Models2011Ingår i: Proceedings of the 8th International Workshop on Security in Information Systems, WOSIS 2011, in Conjunction with ICEIS 2011, 2011, s. 142-150Konferensbidrag (Refereegranskat)
    Abstract [en]

    This paper proposes the use of Probabilistic Relational Models (PRM) for analyzing dependencies between Information Security Governance (ISG) components and its impact on process capability of mitigating information security vulnerabilities. Using the PRM enables inference between different ISG components expressed in probabilities, and also inference on the process capability. A concrete PRM which exemplifies how to assess the capability of the access control process is further presented, and thus showing how the PRM can be adapted to fit the analysis of a specific process in an organizational environment.

  • 121.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Shaping intention to resist social engineering through transformational leadership, information security culture and awareness2016Ingår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 59, s. 26-44Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper empirically investigates how organizational and individual factors complement each other in shaping employees' intention to resist social engineering. The study followed a mixed methods research design, wherein qualitative data were collected to both establish the study's research model and develop a survey instrument that was distributed to 4296 organizational employees from a diverse set of organizations located in Sweden. The results showed that attitude toward resisting social engineering has the strongest direct association with intention to resist social engineering, while both self-efficacy and normative beliefs showed weak relationships with intention to resist social engineering. Furthermore, the results showed that transformational leadership was strongly associated with both perceived information security culture and information security awareness. Two mediation tests showed that attitude and normative beliefs partially mediate the effect of information security culture on employees' intention to resist social engineering. This suggests that both attitude and normative beliefs play important roles in governing the relationship between information security culture and intention to resist social engineering. A third mediation test revealed that information security culture fully explains the effect of transformational leadership on employees' attitude toward resisting social engineering. Discussion of the results and practical implications of the performed research are provided.

  • 122.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Empirical Analysis of Factors Affecting the Achievement of Information Security Governance Outcomes2012Rapport (Övrigt vetenskapligt)
  • 123.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    Swedish Defense Research Agency (FOI), Sweden.
    Nohlberg, Marcus
    Högskolan i Skövde.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    An empirical investigation of the effect of target-related information in phishing attacks2014Ingår i: 2014 IEEE 18th International Enterprise Distributed Object Computing Conference Workshops and Demonstrations (EDOCW), IEEE , 2014, s. 357-363Konferensbidrag (Refereegranskat)
    Abstract [en]

    Analyzing the role of target-related information in a security attack is an understudied topic in the behavioral information security research field. This paper presents an empirical investigation of the effect of adding information about the target in phishing attacks. Data was collected by conducting two phishing experiments using a sample of 158 employees at five Swedish organizations. The first experiment included a traditional mass-email attack with no target-related information, and the second experiment was a targeted phishing attack in which we included specific information related to the targeted employees' organization. The results showed that the number of organizational employees falling victim to phishing significantly increased when target-related information was added in the attack. During the first experiment 5.1 % clicked on the malicious link compared to 27.2 % of the second phishing attack, and 8.9 % of those executed the binary compared to 3.2 % of the traditional phishing attack. Adding target-related information is an effective way for attackers to significantly increase the effectiveness of their phishing attacks. This is the first study that has showed this significant effect using organizational employees as a sample. The implications of the results are further discussed.

  • 124.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    Nohlberg, Marcus
    University of Skövde.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Investigating personal determinants of phishing and the effect of national culture2015Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 23, nr 2Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Purpose – The purpose of the study was twofold: to investigating the correlation between a sample of personal psychological and demographic factors and resistance to phishing; and to investigate if national culture moderates the strength of these correlations.

    Design/methodology/approach – To measure potential determinants, a survey was distributed to 2099 employees of nine organizations in Sweden, USA, and India. Then, we conducted unannounced phishing exercises in where a phishing attack targeted the same sample.

    Findings – Intention to resist social engineering, general information security awareness, formal IS training, and computer experience were identified to have a positive significant correlation to phishing resilience. Furthermore, the results showed that the correlation between phishing determinants and employees’ observed phishing behavior differs between Swedish, US and Indian employees in six out of fifteen cases.

    Research limitations/implications – The identified determinants all had, even though not a strong, a significant positive correlation. This suggests that more work needs to be done in order to more fully understand determinants of phishing. The study assumes that culture effects apply to all individuals in a nation. However, difference based on cultures might exist based on firm characteristics within a country. The Swedish sample is dominating, while only 40 responses from Indian employees were collected. This unequal size of samples suggests that conclusions based on the results from the cultural analysis should be drawn cautiously. A natural continuation of our research is therefore to further explore the generalizability of our findings by collecting data from other nations with similar cultures as Sweden, USA and India.

    Originality/value – Using direct observations of employees’ security behaviors has rarely been used in previous research. Furthermore, analyzing potential differences in theoretical models based on national culture is an understudied topic in the behavioral information security field. This paper addresses these both two issues.

  • 125.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    Nohlberg, Marcus
    University of Skövde.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Investigating the correlation between intention and action in the context of social engineering in two different national cultures2015Ingår i: 2015 48th Hawaii International Conference on System Sciences, IEEE Computer Society, 2015, s. 3508-3517Konferensbidrag (Refereegranskat)
    Abstract [en]

    In this paper, we shed a light on the intention-action relationship in the context of external behavioral information security threats. Specifically, external threats caused by employees' social engineering security actions were examined. This was done by examining the correlation between employees' reported intention to resist social engineering and their self-reported actions of hypothetical scenarios as well as observed action in a phishing experiment. Empirical studies including 1787 employees pertaining to six different organizations located in Sweden and USA laid the foundation for the statistical analysis. The results suggest that employees' intention to resist social engineering has a significant positive correlation of low to medium strength with both self-reported action and observed action. Furthermore, a significant positive correlation between social engineering actions captured through written scenarios and a phishing experiment was identified. Due to data being collected from employees from two different national cultures, an exploration of potential moderating effect based on national culture was also performed. Based on this analysis we identified that the examined correlations differ between Swedish, and US employees. The findings have methodological contribution to survey studies in the information security field, showing that intention and self-reported behavior using written scenarios can be used as proxies of observed behavior under certain cultural contexts rather than others. Hence, the results support managers operating in a global environment when assessing external behavioral information security threats in their organization.

  • 126.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing Future Value of Investments in Security-Related IT Governance Control Objectives: Surveying IT Professionals2011Konferensbidrag (Refereegranskat)
    Abstract [en]

    Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security-related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

  • 127.
    Rocha Flores, Waldo
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing Future Value of Investments in Security-Related IT Governance Control Objectives: Surveying IT Professionals2011Ingår i: Electronic Journal of Information Systems Evaluation, ISSN 1566-6379, E-ISSN 1566-6379, Vol. 14, nr 2, s. 216-227Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Optimizing investments in IT governance towards a better information security is an understudied topic in the academic literature. Further, collecting empirical evidence by surveying IT professionals on their relative opinion in this matter has not yet been explored to its full potential. This paper has tried to somewhat overcome this gap by surveying IT professionals on the expected future value from investments in security‑related IT governance control objectives. The paper has further investigated if there are any control objectives that provide more value than others and are therefore more beneficial to invest in. The Net Present Value (NPV) technique has been used to assess the IT professional’s relative opinion on the generated future value of investments in 19 control objectives. The empirical data was collected through a survey distributed to professionals from the IT security, governance and/or assurance domain and analyzed using standard statistical tools. The results indicate that the vast majority of investments in control objectives is expected to yield a positive NPV, and are beneficial to an organization. This result implies that investments in control objectives are expected to generate future value for a firm, which is an important finding since many of the benefits from an investment are indirectly related and may occur well into the future. The paper moreover contributes in strengthening the link between IT governance and information security.

  • 128. Saat, Jan
    et al.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise Architecture Meta Models for IT/Business Alignment Situations2010Ingår i: 14th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2010, 2010, s. 14-23Konferensbidrag (Refereegranskat)
    Abstract [en]

    Enterprise Architecture models can be used to support IT/business alignment. However, existing approaches do not distinguish between different IT/business alignment situations. Since companies face divverse challenges in achieving a high degree of IT/business alignment, a universal ?one size fits all? approach does not seem appropriate. This paper proposes to decompose the IT/business alignment problem into tangible qualities for business, IT systems, and IT governance. An explorative study among 162 professionals is used to distinguish four IT/business alignment situations, i.e. four clusters of IT/business alignment problems. These situations each represent the current state according to certain qualities and also the priorities for future development. In order to increase IT/business alignment, enterprise architecture meta models are proposed for each identified situation. One core meta model (to reflect common priorities) as well as situation-specific extensions are presented.

  • 129. Saat, Jan
    et al.
    Winter, Robert
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Analysis of IT/Business Alignment Situations as a Precondition for the Design and Engineering of Situated IT/Business Alignment Solutions2011Ingår i: Proceedings of the Hawaii International Conference on System Sciences (HICSS-44), IEEE , 2011, s. 1-9Konferensbidrag (Refereegranskat)
    Abstract [en]

    IT/business alignment has constantly been among the top priorities for IT executives. From a prescriptive, design research perspective, our analysis of related work shows that neither is IT/business alignment sufficiently specified to allow systematic artifact construction, nor are existing approaches situational to reflect the diversity of IT/business alignment problems in the real world. We use goal decomposition to characterize IT/business alignment by qualities from (i) the IT systems, (ii) the business, and (iii) the IT governance perspective. A survey-based exploratory study among 174 professionals from various European countries is conducted that helps to identify four distinct IT/business alignment situations. This knowledge can now be used to construct methods and models that do not only operationalize alignment, but also can be adapted to the different situational needs.

    Ladda ner fulltext (pdf)
    fulltext
  • 130.
    Silva Molina, Enrique Javier
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Plazaola, Leonel
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Strategic Business and IT Alignment: A Prioritized Theory Diagram2006Ingår i: In proceedings of Portland International Conference on Management of Engieering and Technology, 2006Konferensbidrag (Refereegranskat)
    Abstract [en]

    Many academic and practitioners’ studies have shown that misalignment or lack of alignment between information technology (IT) and business strategies is one of the main reasons why enterprises fail to exploit the full potential of their IT investments. Furthermore, organizations that have accomplished a high degree of alignment are often associated with better business efficiency and effectiveness performance. As a conse-quence, strategic business and IT alignment (SBITA) has consistently been one of the top concerns of the Chief Information Officer (CIO) in an enterprise.Despite these facts, there is little consensus on what SBITA really is; there are few documented theories, concepts and operational approaches for identifying, measuring, improving and maintaining the level of SBITA in an Henderson enterprise.This paper is based on the strategic alignment model (SAM) proposed by & Venkatraman in 1993, which is considered one of the most widespread and accepted models among the alignment community. Basi-cally, all later alignment models and consulting practices start from this strategic alignment model.The paper uses a method for building and prioritizing Theory Diagrams (TD) proposed by Johnsson P. et al [34]. In this case, the SAM is transformed into a hierarchical TD-SBITA, which is only a syntactic translation of it. importance of the alignment sub-topics presented by the most relevant and cited references in the field of SBITA among the academic and practitioner communities.The purpose of obtaining a prioritized TD based on SAM, in this case the TD-SBITA, is to categorize and define the topic of alignment more stringently given its current knowledge base. This prioritized TD-SBITA should gives indications on how important the alignment community finds the different topics and sub topics in the field of alignment.The prioritized TD-SBITA presented will contribute to the current assessment procedure for identifying, measuring, improving and maintaining the level of alignment between business and IT in an enterprise.

  • 131.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Getting the Priorities Right: Literature vs Practice on IT Governance2006Ingår i: Technology Managment for the Global Future, 2006: PICMET 2006, 2006, s. 18-26Konferensbidrag (Refereegranskat)
    Abstract [en]

    The field of IT governance has emerged in order to address organizational issues for IT value delivery to the business. However, a shared view of the definition of IT governance is lacking between researchers and practitioners, and support for decision-making is neither present. A commonly agreed upon definition of IT governance would be useful but has until today not been available. This article presents an IT governance definition based on an extensive literature study. IT governance is the preparation for, making of and implementation of IT-related decisions regarding goals, processes, people and technology on a tactical or strategic level. The components of the definition are prioritized in two different ways. A theoretical prioritization was made to highlight the most important concerns according to 60 different publications. Another prioritization was carried out with a group of Swedish IT governance experts. The opinions of practitioners and literature did mostly align, but differences were identified in the importance of understanding the situation at hand prior to making decisions, and monitoring of the decisions' impacts

  • 132.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    IT Governance Decision Support using the IT Organization Modeling and Assessment Tool2008Ingår i: 2008 Portland International Center for Management of Engineering and Technology, Technology Management for a Sustainable Economy, PICMET '08, New York: IEEE , 2008, s. 802-810Konferensbidrag (Refereegranskat)
    Abstract [en]

    It is important to ensure that the IT governance is not only designed to achieve internal efficiency in the IT organization, such as deploying good IT processes and making sure that the means and goals are docu-mented. The final goal of good IT governance is rather to provide the business with the support needed in order to conduct business in a good manner. This paper describes the IT Organization Modeling and As-sessment Tool (ITOMAT) and how it can be used for IT governance decision making. ITOMAT consists of an enterprise architecture metamodel that describes IT organizations. ITOMAT further contains a Bayesian network for making predictions on how changes to IT organization models will affect the IT governance performance as perceived by business stakeholders. In order to make such predictions accurately, the network learns from data on previous experience. Thorough case studies at 20 different companies have been conducted in order to calibrate the network. Finally, the paper describes a case study where ITOMAT was used to analyze the future impact of two IT organization change scenarios in a medium sized engineer-ing company.

     

  • 133.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The Effect of IT Governance Maturity on IT Governance Performance2010Ingår i: Information systems management, ISSN 1058-0530, E-ISSN 1934-8703, Vol. 27, nr 1, s. 10-24Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    There are several best practice based frameworks that detail effective arrangements for the internal structure of an IT organization. Although it is reasonable that there is a correlation between the quality of the internal structure of an IT organization - labeled IT governance maturity, and the external impact of the same IT organization on the business - labeled IT governance performance, this has not been validated. The results, based on 35 case studies, confirm the hypotheses of a positive correlation between IT governance maturity and IT governance performance. Among IT processes described in 34 references, the internal structure of the IT organization, clearly defined organizational structures and relationships, mature quality management, and cost allocation show the strongest positive correlation to IT governance performance. The maturity of project management and service level management, as well as performance and capacity management, show almost no correlation to IT governance performance. The findings can be used to improve current frameworks for IT governance.

  • 134.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The IT Organization Modeling and Assessment Tool for IT governance decision support2008Ingår i: ADVANCED INFORMATION SYSTEMS ENGINEERING, PROCEEDINGS, 2008, Vol. 5074, s. 258-261Konferensbidrag (Refereegranskat)
    Abstract [en]

    This short paper describes the IT Organization Modeling and Assessment Tool (ITOMAT) and how it can be used for IT governance decision making support. ITOMAT consists of an enterprise architecture metamodel that describes IT organizations. ITOMAT further contains a Bayesian network for making predictions on how changes to IT organization models will affect the IT governance performance as perceived by business stakeholders. In order to make such predictions accurately, the network teams from data on previous experience. Case studies at 35 companies have been utilized for calibration of the network.

  • 135.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modeling and Evaluating the Maturity of IT Governance2008Ingår i: Proceedings of the International Council on Large Electrical Systems, CIGRÉ, 2008, s. 8p-Konferensbidrag (Refereegranskat)
    Abstract [en]

    The enterprise-wide Information Technology (IT) platform at transmission network owners and electric utilities has normally been gradually developed for a long period of time. Each business unit within these companies have, unfortunately often independently, developed and acquired the IT systems needed. The IT platform is therefore normally composed of a considerable number of components, storing redundant data and implementing similar functionality. In the re-regulated power industry, the need for management of IT is made important by the frequent changes in the business environment, such as mergers, acquisitions, and new market rules. IT governance denotes how the IT organization is managed and structured and provides mechanisms that enable the development of integrated business and IT plans, allocation of responsibilities within the IT organization, and prioritization of IT initiatives. It is important to ensure that IT governance is designed not only to achieve internal efficiency in the IT organization, such as deploying good IT processes. The final goal of good IT governance is rather to provide the business with the support needed in order to conduct business in a good manner. Of particular interest is the impact on business performance that a well governed IT organization can have. The Control Objectives for Information and related Technology (CobiT) framework provides the most relevant and detailed support for IT governance processes, activities, roles, documents and metrics available. CobiT?s entities are mainly of desccriptive nature and propose how the IT organization should be structured according to best practice. Another inherent weakness is that CobiT focuses on entities inherent to the IT organization and do not address the external effectiveness of the IT organization. This article desccribes the IT Organization Modeling and Assessment Tool (ITOMAT) which is an IT governance decision support tool. It relies partly on the CobiT framework for internal maturity assessments of the IT organization and is also enhanced with information about statistical correlations to external IT governance performance metrics. This means that the ITOMAT is able to statistically predict external business effectiveness of suggested IT organization scenarios. The paper also presents an example in which ITOMAT is used to predict IT governance performance. The paper ends with discussion, conclusions and references.

  • 136.
    Simonsson, Mårten
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Rocha Flores, Waldo
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    It governance decision support using the it organization modeling and assesment tool2011Ingår i: International Journal of Innovation and Technology Management (IJITM), ISSN 0219-8770, Vol. 8, nr 2, s. 167-189Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    This paper describes the information technology (IT) organization modeling and assessment tool (ITOMAT) and how it can be used for IT governance decision making. The ITOMAT consists of an enterprise architecture metamodel that describes IT organizations. Further, ITOMAT contains a Bayesian network for making predictions on how changes to IT organization models will affect the IT governance performance as perceived by business stakeholders. Thorough case studies at 20 different companies have been conducted in order to calibrate the network. Finally, the paper describes a case study where ITOMAT was used to analyze the future impact of two IT organization change scenarios in a medium-sized engineering company.

  • 137. Sinderen, Marten van
    et al.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Preparing the Future Internet for ad-hoc business networks support2012Ingår i: Architecture Modeling for the Future Internet enabled Enterprise (AMFInE) workshop, 2012Konferensbidrag (Refereegranskat)
  • 138.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The Cyber Security Modeling Language: A Tool for Assessing the Vulnerability of Enterprise System Architectures2013Ingår i: IEEE Systems Journal, ISSN 1932-8184, E-ISSN 1937-9234, Vol. 7, nr 3, s. 363-373Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The cyber security modeling language (CySeMoL) is a modeling language for enterprise-level system architectures coupled to a probabilistic inference engine. If the computer systems of an enterprise are modeled with CySeMoL, this inference engine can assess the probability that attacks on the systems will succeed. The theory used for the attack-probability calculations in CySeMoL is a compilation of research results on a number of security domains and covers a range of attacks and countermeasures. The theory has previously been validated on a component level. In this paper, the theory is also validated on a system level. A test indicates that the reasonableness and correctness of CySeMoL assessments compare with the reasonableness and correctness of the assessments of a security professional. CySeMoL's utility has been tested in case studies.

    Ladda ner fulltext (pdf)
    fulltext
  • 139.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Afzal, Muhammad
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Security mistakes in information system deployment projects2011Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 2, s. 80-94Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Purpose - This paper aims to assess the influence of a set of human and organizational factors in information system deployments on the probability that a number of security-related mistakes are in the deployment. Design/methodology/approach - A Bayesian network (BN) is created and analyzed over the relationship between mistakes and causes. The BN is created by eliciting qualitative and quantitative data from experts of industrial control system deployments in the critical infrastructure domain. Findings - The data collected in this study show that domain experts have a shared perception of how strong the influence of human and organizational factors are. According to domain experts, this influence is strong. This study also finds that security flaws are common in industrial control systems operating critical infrastructure. Research limitations/implications - The model presented in this study is created with the help of a number of domain experts. While they agree on qualitative structure and quantitative parameters, future work should assure that their opinion is generally accurate. Practical implications - The influence of a set of important variables related to organizational/human aspects on information security flaws is presented. Social implications - The context of this study is deployments of systems that operate nations' critical infrastructure. The findings suggest that initiatives to secure such infrastructures should not be purely technical. Originality/value - Previous studies have focused on either the causes of security flaws or the actual flaws that can exist in installed information systems. However, little research has been spent on the relationship between them. The model presented in this paper quantifies such relationships.

    Ladda ner fulltext (pdf)
    fulltext
  • 140.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A probabilistic relational model for security risk analysis2010Ingår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 29, nr 6, s. 659-679Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Information system security risk, defined as the product of the monetary losses associated with security incidents and the probability that they occur, is a suitable decision criterion when considering different information system architectures. This paper describes how probabilistic relational models can be used to specify architecture metamodels so that security risk can be inferred from metamodel instantiations. A probabilistic relational model contains classes, attributes, and class-relationships. It can be used to specify architectural metamodels similar to class diagrams in the Unified Modeling Language. In addition, a probabilistic relational model makes it possible to associate a probabilistic dependency model to the attributes of classes in the architectural metamodel. This paper proposes a set of abstract classes that can be used to create probabilistic relational models so that they enable inference of security risk from instantiated architecture models. If an architecture metamodel is created by specializing the abstract classes proposed in this paper, the instantiations of the metamodel will generate a probabilistic dependency model that can be used to calculate the security risk associated with these instantiations. The abstract classes make it possible to derive the dependency model and calculate security risk from an instance model that only specifies assets and their relationships to each other. Hence, the person instantiating the architecture metamodel is not required to assess complex security attributes to quantify security risk using the instance model.

  • 141.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Combining defense graphs and enterprise architecture models for security analysis2008Ingår i: Proceedings - 12th IEEE International Enterprise Distributed Object Computing Conference, EDOC 2008, 2008, s. 349-355Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security is dependent on a mixture of interrelated concepts such as technical countermeasures, organizational policies, security procedures, and more. To facilitate rational decision making, these concepts need to be combined into an overall judgment on the current security posture, as well as potential future ones. Decision makers are, however, faced with uncertainty regarding both what countermeasures that is in place, and how well different countermeasures contribute to mitigating attacks. This paper presents a security assessment framework using the Bayesian statistics-based Extended Influence Diagrams to combine attack graphs with countermeasures into defense graphs. The approach makes it possible to calculate the probability that attacks succeed based on an enterprise architecture model. The framework also takes uncertainties of the security assessment into consideration. Moreover, using the extended influence diagram formalism the expected loss from each attack can be calculated.

  • 142.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Cyber Security Risks Assessment with Bayesian Defense Graphs and Architectural Models2009Ingår i: Proceedings of the 42nd Annual Hawaii International Conference on System Sciences, HICSS, x , 2009Konferensbidrag (Refereegranskat)
    Abstract [en]

    To facilitate rational decision making regarding cyber security investments, decision makers need to be able to assess expected losses before and after potential investments. This paper presents a model based assessment framework for analyzing the cyber security provided by different architectural scenarios. The framework uses the Bayesian statistics based Extended Influence Diagrams to express attack graphs and related countermeasures. In this paper it is demonstrated how this structure can be captured in an abstract model to support analysis based on architectural models. The approach allows calculating the probability that attacks will succeed and the expected loss of these given the instantiated architectural scenario. Moreover, the framework can handle the uncertainties that are accompanied to the analyses. In architectural analysis there are uncertainties acquainted both to the scenario and its properties, as well as to the analysis framework that stipulates how security countermeasures contribute to cyber security.

  • 143.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A case study applying the cyber security modeling language2010Ingår i: 43rd International Conference on Large High Voltage Electric Systems 2010, CIGRE 2010, 2010Konferensbidrag (Refereegranskat)
    Abstract [en]

    The operation of the power system is today highly dependent on computerized control systems. These SCADA systems resemble the central nervous system of the power system. At the same time as control systems enables more efficient, qualitative, and safe power systems, their vulnerabilities are also vulnerabilities to the power system. This paper presents a modeling language specifically developed for assessing the cyber security of SCADA systems. The modeling language uses the formalism Probabilistic Relational Models to integrate a mathematical inference engine with the modeling notation. If a SCADA system is modeled using this cyber security modeling language the cyber security of this SCADA system can be assessed probabilistically. Given a graphical description of a system, a quantitative analysis of threats is provided. This makes it possible to use the framework for evaluating the current solution as well as elaborate with what-if scenarios and the trade-offs between these. This cyber security modeling language could for example be used to model two control centers and the communication between them together with security mechanisms such as access control and communication protection The modeling language can also be used to describe a complete SCADA system and infer its security. The data associated with the probabilistic inference engine is only preliminary. In this paper we present a case study where cyber security modeling language has been applied to assess the security of a SCADA system. It is demonstrated how the modeling language can be applied and how a value for security can be inferred from architectural models (using the preliminary data). Future work will focus on the quantitative side of the modeling language. Probabilities will be elicited from literature, experiments, and field studies and through the opinion of domain experts. A tool is also being developed to support inference and analysis.

  • 144.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modeling Security of Power Communication Systems Using Defense Graphs and Influence Diagrams2009Ingår i: IEEE Transactions on Power Delivery, ISSN 0885-8977, E-ISSN 1937-4208, Vol. 24, nr 4, s. 1801-1808Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    The purpose of this paper is to present a framework for assessing the security of wide-area networks(WANs) used to operate electrical power systems. The framework is based on the formalism influence diagrams and the concept of defense graphs and facilitates a so-called consequence-based analysis of the security problem. The framework is also capable of managing uncertainties, both related to the efficacy of countermeasures and the actual posture of the supervisory control and data-acquisition system. A model over WAN attacks and countermeasures and experiences from applying the framework are described.

  • 145.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Effort estimates for vulnerability discovery projects2012Ingår i: Proceedings of the 45th Hawaii International Conference on System Sciences, 2012, s. 5564-5573Konferensbidrag (Refereegranskat)
    Abstract [en]

    Security vulnerabilities continue to be an issue in the software field and new severe vulnerabilities are discovered in software products each month. This paper analyzes estimates from domain experts on the amount of effort required for a penetration tester to find a zero-day vulnerability in a software product. Estimates are developed using Cooke's classical method for 16 types of vulnerability discovery projects – each corresponding to a configuration of four security measures. The estimates indicate that, regardless of project type, two weeks of testing are enough to discover a software vulnerability of high severity with fifty percent chance. In some project types an eight-to-five-week is enough to find a zero-day vulnerability with 95 percent probability. While all studied measures increase the effort required for the penetration tester none of them have a striking impact on the effort required to find a vulnerability.

    Ladda ner fulltext (pdf)
    fulltext
  • 146.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Estimates of Success Rates of Denial-of-Service Attacks2011Ingår i: 2011 IEEE 10th International Conference: Trust, Security and Privacy in Computing and Communications (TrustCom), IEEE conference proceedings, 2011, s. 21-28Konferensbidrag (Refereegranskat)
    Abstract [en]

    Denial-of-service (DoS) attacks are an imminent and real threat to many enterprises. Decision makers in these enterprises need be able to assess the risk associated with such attacks and to make decisions regarding measures to put in place to increase the security posture of their systems. Experiments, simulations and analytical research have produced data related to DoS attacks. However, these results have been produced for different environments and are difficult to interpret, compare, and aggregate for the purpose of decision making. This paper aims to summarize knowledge available in the field by synthesizing the judgment of 23 domain experts using an establishing method for expert judgment analysis. Different system architecture's vulnerability to DoS attacks are assessed together with the impact of a number of countermeasures against DoS attacks.

    Ladda ner fulltext (pdf)
    fulltext
  • 147.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Estimates of success rates of remote arbitrary code execution attacks2012Ingår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 20, nr 2, s. 107-122Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    Purpose: The purpose of this paper is to identify the importance of the factors that influence the success rate of remote arbitrary code execution attacks. In other words, attacks which use software vulnerabilities to execute the attacker's own code on targeted machines. Both attacks against servers and attacks against clients are studied. Design/methodology/approach: The success rates of attacks are assessed for 24 scenarios: 16 scenarios for server-side attacks and eight for client-side attacks. The assessment is made through domain experts and is synthesized using Cooke's classical method, an established method for weighting experts' judgments. The variables included in the study were selected based on the literature, a pilot study, and interviews with domain experts. Findings: Depending on the scenario in question, the expected success rate varies between 15 and 67 percent for server-side attacks and between 43 and 67 percent for client-side attacks. Based on these scenarios, the influence of different protective measures is identified. Practical implications: The results of this study offer guidance to decision makers on how to best secure their assets against remote code execution attacks. These results also indicate the overall risk posed by this type of attack. Originality/value: Attacks that use software vulnerabilities to execute code on targeted machines are common and pose a serious risk to most enterprises. However, there are no quantitative data on how difficult such attacks are to execute or on how effective security measures are against them. The paper provides such data using a structured technique to combine expert judgments.

  • 148.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Threats and vulnerabilities, final report2011Rapport (Övrigt vetenskapligt)
  • 149.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying the effectiveness of intrusion detection systems in operation through domain expertsArtikel i tidskrift (Övrigt vetenskapligt)
    Abstract [en]

    An intrusion detection system is a security measure that can help system administrators in enterprise environments to detect attacks made against networks and their hosts. Evaluating the effectiveness of IDSs by experiments or observations is however difficult and costly. This paper describes the result of a study where 165 domain experts in the intrusion detection field estimated the effectiveness of 24 different scenarios pertaining to detection of remote arbitrary code exploits.

  • 150.
    Sommestad, Teodor
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying the Effectivenness of Intrusion Detection Systems in Operation through Domain Experts2014Ingår i: Journal of Information System Security, ISSN 1551-0123, E-ISSN 1551-0808, Vol. 10, nr 2, s. 3-35Artikel i tidskrift (Refereegranskat)
    Abstract [en]

    An intrusion detection system (IDS) is a security measure that can help system administrators in enterprise environments detect attacks made against computer networks. In order to be a good enterprise security measure, the IDS solution should be effective when it comes to making system operators aware of on-going cyber-attacks. However, it is difficult and costly to evaluate the effectiveness of IDSs by experiments or observations. This paper describes the result of an alternative approach to studying this topic. The effectiveness of 24 different IDS solution scenarios pertaining to remote arbitrary code exploits is evaluated by 165 domain experts. The respondents’ answers were then combined according to Cooke’s classical method, in which respondents are weighted based on how well they perform on a set of test questions. Results show that the single most important factor is whether either a host-based IDS, or a network-based IDS is in place. Assuming that either one or the other is in place, the most important course of action is to tune the IDS to its environment. The results also show that an updated signature database influences the effectiveness of the IDS less than if the vulnerability that is being exploited is well-known and is possible to patch or not.

1234 101 - 150 av 158
RefereraExporteraLänk till träfflistan
Permanent länk
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annat format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annat språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf