Endre søk
Begrens søket
1234567 151 - 200 of 568
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf
Treff pr side
  • 5
  • 10
  • 20
  • 50
  • 100
  • 250
Sortering
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
  • Standard (Relevans)
  • Forfatter A-Ø
  • Forfatter Ø-A
  • Tittel A-Ø
  • Tittel Ø-A
  • Type publikasjon A-Ø
  • Type publikasjon Ø-A
  • Eldste først
  • Nyeste først
  • Skapad (Eldste først)
  • Skapad (Nyeste først)
  • Senast uppdaterad (Eldste først)
  • Senast uppdaterad (Nyeste først)
  • Disputationsdatum (tidligste først)
  • Disputationsdatum (siste først)
Merk
Maxantalet träffar du kan exportera från sökgränssnittet är 250. Vid större uttag använd dig av utsökningar.
  • 151.
    Gammelgård, Magnus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES).
    Ekstedt, Mathias
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES).
    Business Value Evaluation of IT Systems: Developing a Functional Reference Mode2006Inngår i: Proceedings of the the Fourth Conference on Systems Engineering, 2006Konferansepaper (Fagfellevurdert)
    Abstract [en]

    In this paper an approach to develop and refine a functional reference model for IT-systems is presented. Such reference models form a fundament on which to evaluate the business value of IT systems. The approach involves scrutinizing the functional reference model with respect to correctness, completeness, granularity and measurability. In the particular case of this study, the functional reference model represents systems functionality needed to support asset management processes in industries such as electric energy production and distribution. It is based on the IEC 61968 standard and its Interface Reference Model, IRM, which has been refined in the process described in the paper. The refinement included a comprehensive field study, interviewing experts in the field of asset management at a large European energy company, as well as vendors of asset management systems.A general method for evaluating IT investment scenarios is outlined in the paper and the refined functional reference model is an important component in this method. Creation of this IT evaluation method is an ongoing research project, where the functional reference model forms a central part. The purpose of the IT investment evaluation method is to give decision makers a tool to evaluate potential investment scenarios with respect to the value the investment would generate to the business. The first part of the method consists of evaluating the technical quality of the system scenarios. Technical quality is divided into functional and non-functional attributes, where the functional reference model is used for the functional assessment. The second part of method consists of establishing the business value based on the evaluation of the technical qualities. This paper thus focuses on the first part, and in particular the development of the functional reference model which is a central piece in the IT investment evaluation method.

  • 152.
    Gammelgård, Magnus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, M
    Lindström, Å
    An Assessment Framework for assessment of EA Scenarios2007Inngår i: Information Systems and E-Business Management, ISSN 1617-9846, E-ISSN 1617-9854, Vol. 5, nr 4, s. 415-435Artikkel i tidsskrift (Fagfellevurdert)
  • 153.
    Gammelgård, Magnus
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Simonsson, Mårten
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lindström, Åsa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    An IT management assessment framework: Evaluating enterprise architecture scenarios2007Inngår i: Information Systems and E-Business Management, ISSN 1617-9846, E-ISSN 1617-9854, Vol. 5, nr 4, s. 415-435Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Enterprise architecture, EA, is an established approach for the model-based and holistic management of IT. The scope of EA is however wide and the predominant EA frameworks suggest the creation of broad and detailed models. IT management cannot control all areas spanned by the present frameworks for EA models. In order to ensure well-informed decisions, IT management has a series of questions that need to be answered. This paper proposes an assessment framework that can be used to identify relevant questions for assessments of EA and EA scenarios, within the areas of EA that IT management can control. Three top dimensions in the proposed framework are presented: IT organization, IT systems, and Business organization. The framework further includes sub dimensions for identifying questions. An application of the assessment framework, as it was applied to assess EA scenarios in a power company, is also described.

  • 154.
    Gao, Shisong
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    An Expert System for Automatic Relay Performance Analysis2013Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    Modern electrical power system is a very large scale of complex and interconnected system that the small disturbance easily would create havoc in power system stability and sustainability without operation of power system protection. In the analysis of power system protection the protection relay IED is the crucial part in order to prevent the unexpected event and maintain the integrity and security of the system.

    It is very useful at identifying problems with the fault relay settings or the algorithm of protection which could cause undesired operation and system disturbances. By replaying the recorded fault waveform which generated from the testing devices, the unexpected performance of the relay can be changed through the resetting of the parameters. Such analysis is complicated and expertise knowledge is usually required.

    Through such test running time of testing devices would usually demand very high cost. At the same time analysis of recognize and categories the faults to determine fault location and record data about fault level and fault resistance take lots of human resources in order to evaluate the correctness of the relay operation for a fault. The objective of this paper is to verify the performance of the relay IED through post-mortem analysis, the completion of design such system will help with operational decision making while saving working hour as well as the cost of running time of testing devices.

    Fulltekst (pdf)
    fulltext
  • 155.
    Gevriye, Marlene
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Assessing Factors That Affect Successful Achievement of IT governance Goals2010Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    In today’s dynamic and often unstable business environment, Information technology (IT) and how IT is controlled has become pervasive due to the high dependency of IT within organizations.

    The IT-investments are increasingly becoming more important within the overall budget for many organizations today and are distributed all over the organizations. This dependency requires the importance of aligning between IT units and how the strategy for business direction can be realized. Thus, the alignment between IT and business is the primary goal of IT. A clear and well-defined structure of what factors affect the organization to ensure control over IT is utterly important. Today, no straightforward structure of factors to ensure successful achievement of IT governance goals within organizations exists. This thesis aims to assess and analyze the importance of IT governance factors to successfully achieve IT governance goals. The survey data gathered from 40 IT governance experts are presented in this thesis. The results show that there exist differences on how factors affect, with factors concerning the boards’ responsibility being the most important and critical factors for successfully achieving IT governance goals. This thesis also identifies and discusses some of the factors that may be less important and hence seldom prioritized within organizations.

    Fulltekst (pdf)
    fulltext
  • 156.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Develop products in half the time: Lead time reduction in Swedish organizations2014Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This article reports experiences from five Swedish product development organizations,striving to decrease the lead time of the development projects. All companies used different strategies leading to varying results. One of the studied companies managed a50% lead time reduction, another have similar results within reach. The other approaches has not, or not yet, shown satisfying results. The two winning strategies both required a high degree of top management support, however in different ways. Either the courage to make drastic changes or persistence to continue with an initiative over time seems be necessary.

    Fulltekst (pdf)
    fulltext
  • 157.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    IMPROVED VISUAL PLANNING IN A RESEARCH ENVIRONMENT2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Purpose- The purpose of the study is to investigate whether scrum can be of use in a visualplanning system in a research environment with no connection to software development.Design/Methodology/Approach- A cyclical action research approach was used, implyingthat the researchers took part in the design and development of the studied visual planningsystem.Findings- The scrum influences brought increased structure and efficiency to the studiedresearch process and increased the quality of the cooperation and communication betweenthe researchers. To function well in the non-software environment, the scrum techniqueshad to be complemented with visual long term planning.

    Fulltekst (pdf)
    Gingnell et al_Improved Visual Planning in a Research Environment
  • 158.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Case Study on Product Development Performance Measurement2012Inngår i: Proceedings of The 2012 International Conference on Innovation, Management and Technology, 2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a case study that evaluates the performance of the product development performance measurement system used in a Swedish company that is a part of a global corporate group. The study is based on internal documentation and eighteen indepth interviews with stakeholders involved in the product development process. The results from the case study include a description of what metrics that are in use, how these are employed, and its effect on the quality of the performance measurement system. Especially, the importance of having a well-defined process proved to have a major impact on the quality of the performance measurement system in this particular case.

  • 159.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    STRATEGIC PERFORMANCE MEASUREMENT IN PRODUCT DEVELOPMENT: A case study on a Swedish company2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Performance evaluation of product development processes is becoming increasingly important as many companies experience tougher competition and shorter product life cycles. This article, based on a case study on a Swedish company investigates the needs and requirements that the company have on a future performance measurement system for product development. The requirements were found to mostly consider cooperation between functions, co-worker motivation and cost-efficient product solutions. These focus areas are common problems in product development since they are addressed in development concepts like Lean Product Development and Design for Six Sigma. Therefore, more research about how they can be supported by performance measurement system for product development would be of interest.

    Fulltekst (pdf)
    Gingnell et al_Strategic performance measurement in product development
  • 160.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sörqvist, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Swedish Lean Product Development Implementation2012Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Lean Product Development is based on the same philosophy as Lean, applied in a research and development environment. The concept aims to create flow, quality and resource efficiency in the product development process. This paper investigates the implementation strategies of three Swedish companies that have been working with the concept for several years. The results from this study indicates that concrete methods like visual planning are good starting points for Lean Product Development implementation, but that the real results start to show first when the organizations work with methods and principles in parallel. Also, it may not necessarily be an advantage to have an experience of Lean in production environment before starting implement LPD.

    Fulltekst (pdf)
    Gingnell et al_Swedish Lean Product Development Implementation
  • 161.
    Gingnell, Liv
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying Success Factors for IT Projects-An Expert-Based Bayesian Model2014Inngår i: Information systems management, ISSN 1058-0530, E-ISSN 1934-8703, Vol. 31, nr 1, s. 21-36Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Large investments are made annually to develop and maintain IT systems. Successful outcome of IT projects is therefore crucial for the economy. Yet, many IT projects fail completely or are delayed or over budget, or they end up with less functionality than planned. This article describes a Bayesian decision-support model. The model is based on expert elicited data from 51 experts. Using this model, the effect management decisions have upon projects can be estimated beforehand, thus providing decision support for the improvement of IT project performance.

    Fulltekst (pdf)
    fulltext
  • 162.
    Grunow, Sebastian
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Automated Enterprise Service Bus Based Enterprise Architecture Documentation2012Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    As a consequence of the increasing requirements on enterprises caused by globalization, fusion of business and IT, new/changing technologies and especially new regulations Enterprise Architecture Management has gained increasing public attention. In this context Enterprise Architecture (EA) can be considered as a holistic view of an enterprise acting as a "collaboration force" between business aspects such as goals, visions, strategies and governance principles as well as IT aspects. For EAs to be useful and to provide business value their formal and comprehensive documentation (data collection and visualization) is essential. Due to the increasing information amount caused by the extending scope on the business as well as on the IT side the EA modelling is cost-intensive and time-consuming. Most of all the documentation is impaired by increasing linking and integration as well as by the striving for automated cross-company business processes. Consequently, the relevant data are widely scattered. Current approaches are largely determined by manual processes which are able to deal only to a limited extent with the new trends.

    However, a lot of the needed information, above all about the application landscape and the interrelations, is already present in existing Enterprise Service Bus systems used to facilitate the collaboration between applications both within and beyond boundaries. This allows avoiding the expensive task of data collection. This thesis is concerned with the automated documentation of Enterprise Architectures and the support of decision-making using the information provided by an existing Enterprise Service Bus, whereby as a concrete system SAP NetWeaver Process Integration is used. Therefore a tool-aided automated process for the creation and visualization of an Enterprise Architecture model instance is proposed. An essential aspect in this connection is the coverage of the EA information demand set up by EA frameworks such as CySeMoL and ArchiMate, the analysis of the quality as well as the implementation of the logic to transform SAP PI data into EA information. Moreover, several viewpoints are proposed to visualize the extracted data appropriately especially regarding decision problems in the area of the collaboration between applications both within and beyond boundaries.

    Fulltekst (pdf)
    fulltext
  • 163.
    Gunaratne, Dinusha
    et al.
    Vattenfall Research and Development AB.
    Chenine, Moustafa
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Närman, Per
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Framework to Evaluate a Functional Reference Model at a Nordic Distribution Utility2008Inngår i: NORDAC 2008, The 8th Nordic Electricity Distribution and Asset Management Conference. Bergen, Norway. 8-9 September 2008, 2008Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Distribution utilities have found IT systems to be indispensable for competition in the deregulated electricity market. But in order to be highly efficient, a distribution utility ought to essentially maintain a correlation between IT systems and business processes. A Functional Reference Models (FRM) is one way to achieve this correlation.A FRM is a versatile and multidisciplinary tool that could be used to create alignment between business processes and IT-systems by describing what a “business is” and in terms of business functions that are carried out. There are many utility standards and system vendors claiming to offer complete FRMs for the utility domains. In addition, of course there exist implicit FRMs in the company in terms of existing processes and IT-systems. Thus there is a growing need among distribution utilities for a method to evaluate the quality and suitability of a FRM for a given enterprise.This paper will describe the development of a framework that has been used to evaluate the quality of a FRM in a Nordic distribution utility by benchmarking against the IEC 61968-1, UCA 2.0, IFS and Oracle FRMs for the utility domain. The framework cross reference a FRM with other FRMs to get a Coverage of all the business functions used in the utility business and eliminate vendor dependence and it analyze the strengths and weakness of the FRM and what amendments to be included. Finally it evaluates the Suitability of the FRM to the utility by aligning with the IT systems. The evaluation also helps to identify redundant IT systems and maximize the IT usage in a distribution utility. This paper concludes with a motivation to distribution utilities to adopt a FRM discussing its business values.

  • 164.
    Gustafsson, Pia
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Evaluating IT benefits through modeling the organization2007Inngår i: Proceedings Of The European Conference On Information Management And Evaluation / [ed] Remenyi, D, 2007, s. 209-219Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Large information technology (IT) investments in an industrial context are made with the incentive that they will lead to monetary benefits for the organization. Earlier research has shown that these benefits are not easy to measure when evaluating the investment, and they may not always have been realized by the time the evaluation is taking place. Organizations have often identified business specific, intermediary goals that are not quantifiable in them selves but believed to lead to monetary benefits eventually. These qualitative business goals, such as higher employee satisfaction or better information for decision making etc, need to be part of the evaluation of IT to give a more complete evaluation of the IT investment. This paper suggests a quantitative method of evaluating IT investments by modeling the organizational changes new IT systems bring and the intermediary, business specific goals that are affected. The modeling language is based on a metamodel. The constructs of the metamodel and how to use them for tracing changes in business value will be explained. Since different kind of organizations have different goals and needs, the modeling language has to be adapted to suit the specific organization and its goals, and this paper presents how it could be defined for one organization. The method has been used to evaluate an IT investment to support the maintenance management process at a Swedish nuclear power plant. The general method and modeling language used for modeling are presented, and then adjusted to suit the organization of interest.

  • 165.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantifying IT Impacts on Organizational Structure and Business Value with Extended Influence Diagrams2008Inngår i: PRACTICE OF ENTERPRISE MODELING, 2008, Vol. 15, s. 138-152Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a framework for analysis of how IT systems add business value by causally affecting the structure of organizations. The well established theory of organizational behavior developed by Mintzberg combined with more recent research oil business value of IT is used to develop a quantitative theoretical framework showing which business values are affected by IT in relation to the organizational structure. This framework, which is based upon a qualitative equivalent developed in all earlier paper. describes relationships ill all Extended Influence Diagram for quantified conditional probability tables and open tip for all empirical appliance. Hence obtained data call be mathematically expressed for more Sound assessments. The intention is to create a fully functioning tool for analyses of what kind of IT system should be used by an organization with a given structure to maximize its business value.

  • 166.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Identifying IT impacts on organizational structure and business value2008Inngår i: Proceedings of the Third International Workshop on Business/IT Alignment and Interoperability, 2008, Vol. 344, s. 44-57Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper presents a framework for analysis of how IT systems add business value by causally affecting the structuring of organizations. To aid our understanding of IT benefits related to organizational structure, we put the well established theory of organizational behavior developed by Mintzberg to use. Combining Mintzberg with more recent research on the business value of IT, the result is a qualitative multi-disciplinary theoretical framework that shows which business values are affected by IT in relation to the organizational structure. This framework can be used to analyze what kind of IT system should be used by an organization with a given structure to maximize its business value.

  • 167.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Huldt, Jakob
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Löfgren, Henrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Improving the Value Assessment of IT Investments: A Case Study2009Inngår i: PROCEEDINGS OF PICMET: 09TECHNOLOGY MANAGEMENT IN THE AGE OF FUNDAMENTAL CHANGE / [ed] Kocaoglu DF; Anderson TR; Daim TU; Jetter A; Weber CM, NEW YORK: IEEE , 2009, s. 3083-3091Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A recent survey showed that 90 % of the studied companies claimed that they have full control of their IT-costs but less than 10 % have the same control of the value the IT adds. Even though the Figures can be questioned they show of a large uncertainty within the companies regarding IT value. The lack of processes and methods to support follow up of the investments lead to that companies fail to perceive if the benefits are realized or not. In order to take smarter investment decisions, companies must have better control of their investments through a proper evaluation of benefits. This work presents a framework that describes a method and suggested tools of how the business values of an IT investment can be assessed within a company. The framework combines existing methods for practitioners within the area of investment evaluation together with research findings. In a case study a gap analysis were performed between five different IT projects of different sizes and the framework. The case study show in which areas the projects fail in their value assessment work.

  • 168.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Evelina
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lilliesköld, Joakim
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Analyzing IT Impact on Organizational Structure: A Case Study2009Inngår i: PROCEEDINGS OF PICMET 09: TECHNOLOGY MANAGEMENT IN THE AGE OF FUNDAMENTAL CHANGE, NEW YORK: IEEE , 2009, s. 3113-3126Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Each year companies spend millions of dollars on IT investments hoping they will lead to higher profits. There are many methods for analyzing what these investments actually bring back to the companies, but unfortunately they are not stringent enough to make the analysis repeatable. This means that different investments cannot be compared to each other. The management paradigm of Enterprise Architecture (EA) is commonly used to structure a company from a holistic perspective. In this paper, an EA framework for assessing IT-systems' impact on an organization's business value through changes in its structure is validated. The foundation of the framework is a Bayesian inference engine allowing quantified analysis. For practical usage, this analysis framework is also expressed through modeling the organization with a metamodel. Together they form a structured method for quantitative analysis of the IT impact on organizations. An IT system for maintenance management within a European electric power utility has been used as a case study to validate the method. The organization and IT support have been modeled using the proposed metamodel and thereafter analyzed with the Bayesian network. The study has been conducted using guided interviews and a survey. The results from this study of how the business value has been influenced are compared to the user's perceptions on how the business values have changed are also presented in this paper.

  • 169.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Höök, David
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Franke, Ulrik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modeling the IT Impact on Organizational Structure: 2009 IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE2009Inngår i: EDOC: 2009 IEEE INTERNATIONAL ENTERPRISE DISTRIBUTED OBJECT COMPUTING CONFERENCE, Los Alamitos, CA: IEEE COMPUTER SOC , 2009, s. 14-23Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The impact IT systems have on organizations is widely debated, both in academia and industry. This paper describes a quantitative framework for analyzing organizational impact from IT systems. The framework consists of an abstract model that is a metamodel suitable for expressing organizational structure incorporated with an extended influence diagram for analysis. The purpose is to create enterprise architecture (EA) models that can be used for analysis of the enterprise. The framework has been validated through a case study where the framework has been used to analyze the changes in organizational structure after the introduction of an IT system.

  • 170.
    Gustafsson, Pia
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Johnson, Pontus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Enterprise architecture: A framework supporting organizational performance analysis2009Inngår i: IET Conference Publications: Issue 550 CP, 2009, Prague, 2009, nr 550 CPKonferansepaper (Fagfellevurdert)
    Abstract [en]

    Enterprise Architecture is a model-based approach to business-oriented IT management. To promote good IT decision making, an enterprise architecture framework needs to explicate what kind of analyses it supports. It is desirable to create enterprise architecture models based on metamodels that support well-defined analyses. In this paper we use enterprise models to analyze the performance of the maintenance organization. A set of performance indicators from the area is presented in the shape of an extended influence diagram. An example illustrates that the theory-based metamodel does support organizational performance analysis.

  • 171.
    Gustavsson, Rune
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hussain, Shahid
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    The Proper Role of Agents in Future Resilient Smart Grids2014Inngår i: Highlights of Practical Applications of Heterogeneous Multi-Agent Systems. The PAAMS Collection: PAAMS 2014 International Workshops, Salamanca, Spain, June 4-6, 2014. Proceedings, Springer, 2014, Vol. 430, s. 226-237Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Smart Grids are in focus of several international R&D past and present efforts since at least a decade. Smart Grids is a well-known metaphor for future power grids. However, the meaning, or semantics of the concept has, naturally, changed due to increased understanding of the inherent complexities of the subject matter. The driving forces behind the efforts on Smart Grids include: • Demands of integrating new energy sources such as Distributed Energy Resources (DER) and Renewable Energy Resources (RES) in a massive way into generation, transmission and distribution of future energy systems. • Establishment of a de-regulated customer oriented energy markets, including new types of energy based service markets. • Design and implementation of resilient and trustworthy services coordinating and monitoring use-case dependent sets of stakeholders during operations. The transition from today's mostly hierarchical power grids towards tomorrow's Smart Grids poses several challenges to be properly addressed and harnessed. We argue that proper use of agent technologies is a key technology towards this end. Furthermore, we argue that design and implementation of Smart Grids have to be supported by Configurable Experiment Platforms to carter for the under specifications of such systems. Resilience of systems has several aspects. We focus on resilience related to different kinds of cyber attacks and self-healing.

  • 172.
    Gustavsson, Rune
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hussain, Shahid
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Saleem, Arshad
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ancillary services for smart grids: Power quality markets2013Inngår i: 202013 IEEE Grenoble Conference PowerTech,, IEEE conference proceedings, 2013Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The paper addresses the roles and models of ancillary services in future Smart grids. Realization of future Smart grids is enabled by a transition from present day mainly hierarchical and regulated power systems to open market based flexible Smart grids. This transition involves new stakeholders and market opportunities related to primary and ancillary services. We suggest Service Level Agreements (SLAs) as a mechanism to coordinate and monitor primary and ancillary services and stakeholders in s given use/business case. We illustrate our approach with use cases based on Power Quality (PQ) markets with Key Performance Indicators (KPIs) or established PQ indices as coordination and negotiation mechanisms between producers and users of power. Some of our use cases are chosen from the ongoing EU project Grid4EU.

  • 173.
    Gustavsson, Rune
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Hussein, Shahid
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Engineering of trustworthy smart grids implementing service level agreements2011Inngår i: 2011 16th International Conference on Intelligent System Applications to Power Systems, ISAP 2011, 2011, s. 6082200-Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Future Smart Grids have to meet high expectations from our societies on improved energy efficiency and sustainability. However, system uptake and acceptance will to a large extent depend on the perceived trust by different stakeholders. In the paper we address issues related to engineering of trustworthy systems. This type of Engineering will be grounded in reliable models of interoperability. A key issue is here interoperability of information exchange and sharing. Based on analysis of trust concerns, we propose a model of coordinating and monitoring by Service Level Agreements (SLAs) between stakeholders to ensure trustworthiness of system performance and behavior. We illustrate our methods on case related to trustworthy inclusion of DERs in Smart Grids.

  • 174.
    Gustavsson, Rune
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem. Blekinge Institute of Technology, Ronneby, Sweden .
    Ståhl, B.
    The empowered user - The critical interface to critical infrastructures2010Inngår i: 2010 5th International Conference on Critical Infrastructure, CRIS 2010 - Proceedings, 2010, s. 5617575-Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Future smart grids will enable increased energy efficiency due to utilization of vast amounts of Distributed Energy Sources (DER) and Renewable Energy Sources (RES) partially controlled by empowered customers. Smart generation and distribution systems will connect energy providers with customers and other stakeholders utilizing new kinds of smart monitoring, coordination and data management infrastructures in service clouds. The service clouds are based on suitable virtualization techniques that could to used to harness critical interdependencies between critical infrastructures by introducing smart programmable interfaces. Smart meters enable empowerment of end users. Smart meters are, however, also access points to the service cloud. The paper addresses some security challenges of energy service clouds and smart meters.

  • 175.
    Hammarbäck, Erik
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Analyzing the Impacts of Future Requirements From the Energy Sector on Vattenfall's IT Landscape2012Independent thesis Advanced level (professional degree), 20 poäng / 30 hpOppgave
    Abstract [en]

    In the next five to ten years, the electricity market is facing a number of challenging changes. This study has taken a closer look on a portion of these and some of their likely consequences. In summary, the changes are either related to an increase in frequency at which meter readings are collected or to the expansion of the electricity market to cover the whole Nordic. The goal has been to investigate what is on the horizon from an IT perspective in terms of performance and security requirements that Vattenfall needs to prepare for. Requirements related to these quality attributes are extra important for companies in the utility business as the amounts of data being managed are very big and because of the private nature of the information.

    The main source for elicitation of data has been interviews. In order to elicit as many requirements as possible, stakeholders with diverging backgrounds from different departments at Vattenfall have been interviewed. The performance results are presented and analyzed using ArchiMate and Quantitative analysis. The corresponding method used for the security risks is CORAS. The performance analysis technique was also used to create models of the current system situation, in order to make it easier to perform a comparison. In conclusion, the results show that Vattenfall will have to implement big improvements for certain parts of its IT in order to cope with future market changes.

  • 176.
    Han, Xue
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Quantitative Analysis of Distributed Energy Resources in Future Distribution Networks2012Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    There has been a large body of statements claiming that the large scale deployment of Distributed Energy Resources (DERs) will eventually reshape the future distribution grid operation in numerous ways. However, there is a lack of evidence specifying to what extent the power system operation will be alternated. In this project, quantitative results in terms of how the future distribution grid will be changed by the deployment of distributed generation, active demand and electric vehicles, are presented. The quantitative analysis is based on the conditions for both a radial and a meshed distribution network. The input parameters are on the basis of the current and envisioned DER deployment scenarios proposed for Sweden.

    The simulation results indicate that the deployment of DERs can significantly reduce the power losses and voltage drops by compensating power from the local energy resources, and limiting the power transmitted from the external grid. However, it is notable that the opposite results (e.g., severe voltage uctuations, larger power losses) can be obtained due to the intermittent characteristics of DERs and the irrational management of different types of DERs in the DNs. Subsequently, this will lead to challenges for the Distribution System Operator (DSO).

    Fulltekst (pdf)
    fulltext
  • 177.
    Han, Xue
    et al.
    Technical University of Denmark (DTU), Denmark.
    Sandels, Claes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Kun, Zhu
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Modelling Framework and the Quantitative Analysis of Distributed Energy Resources in Future Distribution Networks2013Inngår i: International Journal of Emerging Electric Power Systems, ISSN 2194-5756, E-ISSN 1553-779X, Vol. 14, nr 5, s. 421-431Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    There has been a large body of statements claiming that the large-scale deployment of Distributed Energy Resources (DERs) could eventually reshape the future distribution grid operation in numerous ways. Thus, it is necessary to introduce a framework to measure to what extent the power system operation will be changed by various parameters of DERs. This article proposed a modelling framework for an overview analysis on the correlation between DERs. Furthermore, to validate the framework, the authors described the reference models of different categories of DERs with their unique characteristics, comprising distributed generation, active demand and electric vehicles. Subsequently, quantitative analysis was made on the basis of the current and envisioned DER deployment scenarios proposed for Sweden. Simulations are performed in two typical distribution network models for four seasons. The simulation results show that in general the DER deployment brings in the possibilities to reduce the power losses and voltage drops by compensating power from the local generation and optimizing the local load profiles.

  • 178.
    Han, Xue
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sandels, Claes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Zhu, Kun
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Söderström, Peter
    Vattenfall AB, Sweden.
    Empirical analysis for Distributed Energy Resources' impact on future distribution network2012Inngår i: Energy Conference and Exhibition (ENERGYCON), 2012 IEEE International, IEEE , 2012, s. 731-737Konferansepaper (Fagfellevurdert)
    Abstract [en]

    There has been a large body of statements claiming that the large scale deployment of Distributed Energy Resources (DERs) will eventually reshape the future distribution grid operation in various ways. Thus, it is interesting to introduce a platform to interpret to what extent the power system operation will be alternated. In this paper, quantitative results in terms of how the future distribution grid will be changed by the deployment of distributed generation, active demand and electric vehicles, are presented. The analysis is based on the conditions for both a radial and a meshed distribution network. The input parameters are based on the current and envisioned DER deployment scenarios proposed for Sweden.

  • 179.
    Heiser, Franz
    et al.
    Ericsson.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Addibpour, Mattin
    Ericsson.
    Revealing Hidden Structures in Organizational Transformation: A Case Study2015Konferansepaper (Fagfellevurdert)
    Abstract [en]

    EA initiatives are usually spanning the entire enterprise on high level. While, a typical development organization (could be a business unit within a larger enterprise) often has detailed models describing their product, the enterprise architecture on the business unit level is handled in an ad hoc or detached way. However, research shows that there is a tight link between the product architecture and its developing organization. In this paper we have studied an organization within Ericsson, which focuses on the development of large software and hardware products. We have applied the hidden structure method, which is based on the Design Structure Matrix approach, to analyze of organizational transformations. The to-be scenarios are possible alternatives in trying to become more agile and lean. Our analysis shows that one scenario likely increases the complexity of developing the product, while the other two suggestions are both promising to-be scenarios.

  • 180.
    Hjalmarsson, Alexander
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Software Development Cost Estimation Using COCOMO II Based Meta Model2013Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    Large amounts of software are running on what is considered to be legacy platforms. These systems are often business critical and cannot be phased out without a proper replacement. The generations of developers that have developed, maintained and supported these systems are leaving the workforce leaving an estimated shortfall of developers in the near time. Migration of these legacy applications can be troublesome due poor documentation and estimating the sizes of the projects is nontrivial. Expert estimates are the most common method of estimation when it comes to software projects but the method is heavily relying on the experience, knowledge and intuition of the estimator. The use of a complementary estimation method can increase the accuracy of the estimation. This thesis constructs a meta model that combines enterprise architecture concepts with the COCOMO II estimation model in order to utilize the benefits of architectural overviews and tested models with the purpose of supporting the migration process. The study proposes a method combining expert cost estimation with model based estimation which increases the estimation accuracy. The combination method on the four project samples resulted in a mean magnitude of relative error of 10%.

    Fulltekst (pdf)
    fulltext
  • 181.
    Hjalmarsson, Alexander
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Software Migration Project Cost Estimation using COCOMO II and Enterprise Architecture Modeling2013Inngår i: CEUR Workshop Proceedings, 2013, s. 39-48Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Large amounts of software are running on what is considered to be legacy platforms. These systems are often business critical and cannot be phased out without a proper replacement. Migration of these legacy applications can be troublesome due to poor documentation and a changing workforce. Estimating the costof suchprojects is nontrivial. Expert estimationis the most common method, but the method is heavily relying on the experience, knowledge,and intuition of the estimator. The use of a complementary estimation method can increase the accuracy of the assessment. This paper presents a metamodel that combines enterprise architecture modeling concepts with the COCOMO II estimation model. Ourstudy proposes a method combining expert estimation with the metamodel-based approachtoincrease the estimation accuracy. The combination was tested with four project samples at a large Nordic manufacturing company, which resulted in a mean magnitude of relative error of 10%.

  • 182.
    Hohn, Fabian
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Development of a Directional Definite-Time Overcurrent and Earth Fault Protection based on COTS Components2015Independent thesis Advanced level (degree of Master (Two Years)), 20 poäng / 30 hpOppgave
    Abstract [en]

    Manufactures of power system products face an increased pressure to reduce the time to market of their development process without compromising quality. Moreover the operationof power systems needs to be performed in a secure and reliable manner. One ofthe key systems to guarantee those stringent requirements is the protection system. Theobjective of this Master’s thesis is the development of a protection system, which solidlyrelies on Commerciall-o↵-the-Shelf (COTS) components as well as on the developed protection functions. Thereby it is shown that the tight cost requirements can be fulfilled without jeopardising the reliability and security performance.This project comprises the development of a definite-time directional overcurrent andearth fault protection. The applied development process is based on a model-based-designapproach, which comprises the definition of the requirements, the design phase, the implementationon the target system and the test phase. As part of this thesis each stageis described and executed. Moreover MATLAB/Simulink was used as development environment,since it perfectly supports the model-based-design approach. The considered functional requirements are mostly based on the standard IEC 60255-151. The developed protection algorithm runs on a realtime linux system and the interface to the process isbased on the EtherCAT protocol and their corresponding I/O modules. Lastly, the testphase is based on a functional performance test, a type test according to IEC 60255-151,a longterm test and an evaluation of the EMC performance of the used I/O modules.The results of the type tests showed that a IEC 60255-151 compliant solution is yield. Moreover the functional performance test proofed that the developed protection function operate as intended for various fault scenarios. Lastly, the realtime performance of protection system has to be further analysed and adapted in order to achieve satisfactory behaviour.i

    Fulltekst (pdf)
    fulltext
  • 183.
    Hohn, Fabian
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Elkraftteknik.
    Honeth, Nicholas
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Nordström, Lars
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Directional definite-time earth fault protection based on virtual polarisation and COTS components2016Inngår i: IEEE Power and Energy Society General Meeting, IEEE, 2016Konferansepaper (Fagfellevurdert)
    Abstract [en]

    This paper comprises the development of a directional definite-time earth fault protection based on virtual polarisation and Commercial-off-the-Shelf (COTS) components. The earth fault protection is intended to be sensitive for high-resistive and remote faults. The challenge of those type of faults is the low magnitude of the zero-sequence voltage measured at the relay location, which is often used as the polarising quantity for directional sensing. A conventional approach is to use a current transformer (CT) in the neutral-to-ground path of a wye-connected power transformer at the corresponding substation. Since this approach exposes some additional costs and efforts in terms of CT installations and engineering, a virtual polarisation approach has been implemented, which has been introduced by the IEEE Power System Relay Committee. Thus a reliable polarising quantity is gained. The platform architecture has been design based on standardised hardware and software products, considered as COTS components. This effort has been made in order to yield a cost-efficient solution as well as to reduce the time-to-market of the development process. In the end the functional performance of the protection system has been tested utilising a hardware-in-the-loop (HIL) approach.

  • 184.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Framework and Calculation Engine for Modeling and Predicting the Cyber Security of Enterprise Architectures2014Doktoravhandling, med artikler (Annet vitenskapelig)
    Abstract [en]

    Information Technology (IT) is a cornerstone of our modern society and essential for governments' management of public services, economic growth and national security. Consequently, it is of importance that IT systems are kept in a dependable and secure state. Unfortunately, as modern IT systems typically are composed of numerous interconnected components, including personnel and processes that use or support it (often referred to as an enterprise architecture), this is not a simple endeavor. To make matters worse, there are malicious actors who seek to exploit vulnerabilities in the enterprise architecture to conduct unauthorized activity within it. Various models have been proposed by academia and industry to identify and mitigate vulnerabilities in enterprise architectures, however, so far none has provided a sufficiently comprehensive scope.

    The contribution of this thesis is a modeling framework and calculation engine that can be used as support by enterprise decision makers in regard to cyber security matters, e.g., chief information security officers. In summary, the contribution can be used to model and analyze the vulnerability of enterprise architectures, and provide mitigation suggestions based on the resulting estimates. The contribution has been tested in real-world cases and has been validated on both a component level and system level; the results of these studies show that it is adequate in terms of supporting enterprise decision making.

    This thesis is a composite thesis of eight papers. Paper 1 describes a method and dataset that can be used to validate the contribution described in this thesis and models similar to it. Paper 2 presents what statistical distributions that are best fit for modeling the time required to compromise computer systems. Paper 3 describes estimates on the effort required to discover novel web application vulnerabilities. Paper 4 describes estimates on the possibility of circumventing web application firewalls. Paper 5 describes a study of the time required by an attacker to obtain critical vulnerabilities and exploits for compiled software. Paper 6 presents the effectiveness of seven commonly used automated network vulnerability scanners. Paper 7 describes the ability of the signature-based intrusion detection system Snort at detecting attacks that are more novel, or older than its rule set. Finally, paper 8 describes a tool that can be used to estimate the vulnerability of enterprise architectures; this tool is founded upon the results presented in papers 1-7.

    Fulltekst (pdf)
    fulltext
  • 185.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Large-Scale Study of the Time Required To Compromise a Computer System2014Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 11, nr 1, s. 6506084-Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    A frequent assumption in the domain of cybersecurity is that cyberintrusions follow the properties of a Poisson process, i.e., that the number of intrusions is well modeled by a Poisson distribution and that the time between intrusions is exponentially distributed. This paper studies this property by analyzing all cyberintrusions that have been detected across more than 260,000 computer systems over a period of almost three years. The results show that the assumption of a Poisson process model might be unoptimalâthe log-normal distribution is a significantly better fit in terms of modeling both the number of detected intrusions and the time between intrusions, and the Pareto distribution is a significantly better fit in terms of modeling the time to first intrusion. The paper also analyzes whether time to compromise (TTC) increase for each successful intrusion of a computer system. The results regarding this property suggest that time to compromise decrease along the number of intrusions of a system.

    Fulltekst (pdf)
    fulltext
  • 186.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Baltic Cyber Shield: Research from a Red Team versus Blue Team Exercise2012Inngår i: PenTest Magazine, ISSN 2084-1116, Vol. 9, s. 80-86Artikkel i tidsskrift (Annet (populærvitenskap, debatt, mm))
    Abstract [en]

    This article describes one of the few red team versus blue team exercises to date that focused on producing research, namely, the Baltic Cyber Shield (BCS). Various research have been conducted based on the data gathered during this exercise – this article describes two of these studies.

    Fulltekst (pdf)
    BCS
  • 187.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Performance of automated network vulnerability scanning at remediating security issues2012Inngår i: Computers & security (Print), ISSN 0167-4048, E-ISSN 1872-6208, Vol. 31, nr 2, s. 164-175Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    This paper evaluates how large portion of an enterprises network security holes that would be remediated if one would follow the remediation guidelines provided by seven automated network vulnerability scanners. Remediation performance was assessed for both authenticated and unauthenticated scans. The overall findings suggest that a vulnerability scanner is a usable security assessment tool, given that credentials are available for the systems in the network. However, there are issues with the method: manual effort is needed to reach complete accuracy and the remediation guidelines are oftentimes very cumbersome to study. Results also show that a scanner more accurate in terms of remediating vulnerabilities generally also is better at detecting vulnerabilities, but is in turn also more prone to false alarms. This is independent of whether the scanner is provided system credentials or not.

  • 188.
    Holm, Hannes
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Signature Based Intrusion Detection for Zero-Day Attacks: (Not) A Closed Chapter?2014Inngår i: 2014 47th Hawaii International Conference on System Sciences, HICSS, IEEE Computer Society, 2014, s. 4895-4904Konferansepaper (Fagfellevurdert)
    Abstract [en]

    A frequent claim that has not been validated is that signature based network intrusion detection systems (SNIDS) cannot detect zero-day attacks. This paper studies this property by testing 356 severe attacks on the SNIDS Snort, configured with an old official rule set. Of these attacks, 183 attacks are zero-days’ to the rule set and 173 attacks are theoretically known to it. The results from the study show that Snort clearly is able to detect zero-days’ (a mean of 17% detection). The detection rate is however on overall greater for theoretically known attacks (a mean of 54% detection). The paper then investigates how the zero-days’ aredetected, how prone the correspondingsignaturesare to false alarms,and how easily they can be evaded. Analyses of these aspects suggest that a conservative estimate on zero-day detection by Snortis 8.2%.

    Fulltekst (pdf)
    HOLM_0DAYS
  • 189.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Lagerström, Robert
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Automatic data collection for enterprise architecture models2014Inngår i: Software and Systems Modeling, ISSN 1619-1366, E-ISSN 1619-1374, Vol. 13, nr 2, s. 825-841Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Enterprise Architecture (EA) is an approach used to provide decision support based on organization-wide models. The creation of such models is, however, cumbersome as multiple aspects of an organization need to be considered, making manual efforts time-consuming, and error prone. Thus, the EA approach would be significantly more promising if the data used when creating the models could be collected automatically-a topic not yet properly addressed by either academia or industry. This paper proposes network scanning for automatic data collection and uses an existing software tool for generating EA models (ArchiMate is employed as an example) based on the IT infrastructure of enterprises. While some manual effort is required to make the models fully useful to many practical scenarios (e.g., to detail the actual services provided by IT components), empirical results show that the methodology is accurate and (in its default state) require little effort to carry out.

  • 190.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A metamodel for web application injection attacks and countermeasures2012Inngår i: Trends in Enterprise Architecture Research and Practice-Driven Research on Enterprise Transformation: 7th Workshop, TEAR 2012, and 5th Working Conference, PRET 2012, Held at The Open Group Conference 2012, Barcelona, Spain, October 23-24, 2012. Proceedings / [ed] Stephan Aier, Mathias Ekstedt, Florian Matthes, Erik Proper, Jorge L. Sanz, Springer, 2012, s. 198-217Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Web application injection attacks such as cross site scripting and SQL injection are common and problematic for enterprises. In order to defend against them, practitioners with large heterogeneous system architectures and limited resources struggle to understand the effectiveness of different countermeasures under various conditions. This paper presents an enterprise architecture metamodel that can be used by enterprise decision makers when deciding between different countermeasures for web application injection attacks. The scope of the model is to provide low-effort guidance on an abstraction level of use for an enterprise decision maker. This metamodel is based on a literature review and revised according to the judgment by six domain experts identified through peer-review.

    Fulltekst (pdf)
    fulltext
  • 191.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Estimates on the effectiveness of web application firewalls against targeted attacks2013Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 21, nr 4, s. 250-265Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose – The purpose of this paper is to estimate the effectiveness of web application firewalls (WAFs) at preventing injection attacks by professional penetration testers given presence or absence of four conditions: whether there is an experienced operator monitoring the WAF; whether an automated black box tool has been used when tuning the WAF; whether the individual tuning the WAF is an experienced professional; and whether significant effort has been spent tuning the WAF.

    Design/methodology/approach – Estimates on the effectiveness of WAFs are made for 16 operational scenarios utilizing judgments by 49 domain experts participating in a web survey. The judgments of these experts are pooled using Cooke's classical method.

    Findings – The results show that the median prevention rate of a WAF is 80 percent if all measures have been employed. If no measure is employed then its median prevention rate is 25 percent. Also, there are no strong dependencies between any of the studied measures.

    Research limitations/implications – The results are only valid for the attacker profile of a professional penetration tester who prepares one week for attacking a WA protected by a WAF.

    Practical implications – The competence of the individual(s) tuning a WAF, employment of an automated black box tool for tuning and the manual effort spent on tuning are of great importance for the effectiveness of a WAF. The presence of an operator monitoring it has minor positive influence on its effectiveness.

    Originality/value – WA vulnerabilities are widely considered a serious concern. To manage them in deployed software, many enterprises employ WAFs. However, the effectiveness of this type of countermeasure under different operational scenarios is largely unknown.

  • 192.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Andersson, Dennis
    Swedish Defense Research Agency.
    Empirical Analysis of System-Level Vulnerability Metrics through Actual Attacks2012Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 9, nr 6, s. 825-837Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    The Common Vulnerability Scoring System (CVSS) is a widely used and well-established standard for classifying the severity of security vulnerabilities. For instance, all vulnerabilities in the US National Vulnerability Database (NVD) are scored according to this method. As computer systems typically have multiple vulnerabilities, it is often desirable to aggregate the score of individual vulnerabilities to a system level. Several such metrics have been proposed, but their quality has not been studied. This paper presents a statistical analysis of how 18 security estimation metrics based on CVSS data correlate with the time-to-compromise of 34 successful attacks. The empirical data originates from an international cyber defense exercise involving over 100 participants and were collected by studying network traffic logs, attacker logs, observer logs, and network vulnerabilities. The results suggest that security modeling with CVSS data alone does not accurately portray the time-to-compromise of a system. However, results also show that metrics employing more CVSS data are more correlated with time-to-compromise. As a consequence, models that only use the weakest link (most severe vulnerability) to compose a metric are less promising than those that consider all vulnerabilities.

  • 193.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    Swedish Defense Research Agency.
    Effort estimates on web application vulnerability discovery2013Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Web application vulnerabilities are widely considered a serious concern. However, there are as of yet scarce data comparing the effectiveness of different security countermeasures or detailing the magnitude of the security issues associated with web applications. This paper studies the effort that is required by a professional penetration tester to find an input validation vulnerability in an enterprise web application that has been developed in the presence or absence of four security measures: (i) developer web application security training, (ii) type-safe API’s, (iii) black box testing tools, or (iv) static code analyzers. The judgments of 21 experts are collected and combined using Cooke’s classical method. The results show that 53 hours is enough to find a vulnerability with a certainty of 95% even though all measures have been employed during development. If no measure is employed 7 hours is enough to find a vulnerability with 95% certainty.

    Fulltekst (pdf)
    Effort estimates on web application vulnerability discovery
  • 194.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Manual for the Cyber Security Modeling Language2013Rapport (Annet vitenskapelig)
    Abstract [en]

    The Cyber Security Modeling Language (CySeMoL) is an attack graph toolthat can be used to estimate the cyber security of enterprise architectures. Cy-SeMoL includes theory on how attacks and defenses relate quantitatively; thus,users must only model their assets and how these are connected in order to enablecalculations. This report functions as a manual to facilitate practical usage andunderstanding of CySeMoL.

  • 195.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Bayesian Model for Likelihood Estimations of Acquirement of Critical Software Vulnerabilities and ExploitsManuskript (preprint) (Annet vitenskapelig)
  • 196.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Korman, Matus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    A Bayesian network model for likelihood estimations of acquirement of critical software vulnerabilities and exploits2015Inngår i: Information and Software Technology, ISSN 0950-5849, E-ISSN 1873-6025, Vol. 58, s. 304-318Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Context: Software vulnerabilities in general, and software vulnerabilities with publicly available exploits in particular, are important to manage for both developers and users. This is however a difficult matter to address as time is limited and vulnerabilities are frequent. Objective: This paper presents a Bayesian network based model that can be used by enterprise decision makers to estimate the likelihood that a professional penetration tester is able to obtain knowledge of critical vulnerabilities and exploits for these vulnerabilities for software under different circumstances. Method: Data on the activities in the model are gathered from previous empirical studies, vulnerability databases and a survey with 58 individuals who all have been credited for the discovery of critical software vulnerabilities. Results: The proposed model describes 13 states related by 17 activities, and a total of 33 different datasets. Conclusion: Estimates by the model can be used to support decisions regarding what software to acquire, or what measures to invest in during software development projects.

  • 197.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Rocha Flores, Waldo
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ericsson, Göran
    Cyber Security for a Smart Grid: What About Phishing?2013Inngår i: 2013 4th IEEE/PES Innovative Smart Grid Technologies Europe, ISGT Europe 2013, IEEE , 2013, s. 6695407-Konferansepaper (Fagfellevurdert)
    Abstract [en]

    Lack of awareness for cyber security threats is an important topic to address for the future smart grid. A particularly troubling issue is social engineering by email, or as it is more commonly depicted, phishing. This study analyzes important aspects of phishing using two unannounced experiments. The results show that applying more context specific information to an attack is not necessarily effective; users still get deceived but nobody reports of the occurrence of phishing. From an enterprise perspective, a phishing exercise rouse discussions on security awareness without significantly agitating participants.

  • 198.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Shahzad, Khurram
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Buschle, Markus
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    P2CySeMoL: Predictive, Probabilistic Cyber Security Modeling Language2015Inngår i: IEEE Transactions on Dependable and Secure Computing, ISSN 1545-5971, E-ISSN 1941-0018, Vol. 12, nr 6, s. 626-639Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    This paper presents the Predictive, Probabilistic Cyber Security Modeling Language ((PCySeMoL)-Cy-2), an attack graph tool that can be used to estimate the cyber security of enterprise architectures. (PCySeMoL)-Cy-2 includes theory on how attacks and defenses relate quantitatively; thus, users must only model their assets and how these are connected in order to enable calculations. The performance of (PCySeMoL)-Cy-2 enables quick calculations of large object models. It has been validated on both a component level and a system level using literature, domain experts, surveys, observations, experiments and case studies.

  • 199.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Almroth, Jonas
    Swedish Research Defense Agency.
    Persson, Mats
    Swedish Research Defense Agency.
    A quantitative evaluation of vulnerability scanning2011Inngår i: Information Management & Computer Security, ISSN 0968-5227, E-ISSN 1758-5805, Vol. 19, nr 4, s. 231-247Artikkel i tidsskrift (Fagfellevurdert)
    Abstract [en]

    Purpose – The purpose of this paper is to evaluate if automated vulnerability scanning accurately identifies vulnerabilities in computer networks and if this accuracy is contingent on the platforms used.

    Design/methodology/approach – Both qualitative comparisons of functionality and quantitative comparisons of false positives and false negatives are made for seven different scanners. The quantitative assessment includes data from both authenticated and unauthenticated scans. Experiments were conducted on a computer network of 28 hosts with various operating systems, services and vulnerabilities. This network was set up by a team of security researchers and professionals.

    Findings – The data collected in this study show that authenticated vulnerability scanning is usable. However, automated scanning is not able to accurately identify all vulnerabilities present in computer networks. Also, scans of hosts running Windows are more accurate than scans of hosts running Linux.

    Research limitations/implications – This paper focuses on the direct output of automated scans with respect to the vulnerabilities they identify. Areas such as how to interpret the results assessed by each scanner (e.g. regarding remediation guidelines) or aggregating information about individual vulnerabilities into risk measures are out of scope.

    Practical implications – This paper describes how well automated vulnerability scanners perform when it comes to identifying security issues in a network. The findings suggest that a vulnerability scanner is a useable tool to have in your security toolbox given that user credentials are available for the hosts in your network. Manual effort is however needed to complement automated scanning in order to get satisfactory accuracy regarding network security problems.

    Originality/value – Previous studies have focused on the qualitative aspects on vulnerability assessment. This study presents a quantitative evaluation of seven of the most popular vulnerability scanners available on the market.

    Fulltekst (pdf)
    fulltext
  • 200.
    Holm, Hannes
    et al.
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Sommestad, Teodor
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    Ekstedt, Mathias
    KTH, Skolan för elektro- och systemteknik (EES), Industriella informations- och styrsystem.
    CySeMoL: A tool for cyber security analysis of enterprises2013Inngår i: CIRED, 2013Konferansepaper (Fagfellevurdert)
    Abstract [en]

    The Cyber Security ModellingLanguage (CySeMoL) is a tool for quantitative cyber security analyses of enterprise architectures. This paper describes the CySeMoL and illustrates its use through an example scenario involving cyber attacks against protection and control assets located inan electrical substation.

1234567 151 - 200 of 568
RefereraExporteraLink til resultatlisten
Permanent link
Referera
Referensformat
  • apa
  • ieee
  • modern-language-association-8th-edition
  • vancouver
  • Annet format
Fler format
Språk
  • de-DE
  • en-GB
  • en-US
  • fi-FI
  • nn-NO
  • nn-NB
  • sv-SE
  • Annet språk
Fler språk
Utmatningsformat
  • html
  • text
  • asciidoc
  • rtf