Workshop Program

Prof. Mark Burgess

What is business alignment? As computer scientists and system engineers we think immediately of rationally implementable processes, workflows, performance and efficiency. But business research since the 1980s has told a different story about what makes businesses successful. Are we looking in the wrong places to realize the vision of Business Driven IT Management? The speaker is Professor of Network and System Administration at Oslo University College, and in 2004 introduced the idea of a theory of promises. Promise theory suggests that we should be looking more closely to that research - to discover what really makes businesses tick.

Celia Ralha (University of Brasilia),
Rafael Gostinski (University of Brasilia)

Organizations are characterized by the usage of multiple applications and heterogeneous technological environments. Although business and IT processes are defined quite good, the processes themselves are quite different and locked in the specific application areas. As a result the language of those areas are also specific what helps to maintain the distance of the processes and make hard the mutual understanding between business and IT units. Conscious that the frequent interaction among business and IT units in any organization turned out to be the single most important factor of IT usage, this article presents a methodological framework for business-IT alignment, based on process modeling and ontology theory. The aim of the proposed methodological framework is to combine different domain ontologies - specifically business and IT, with organization processes, to achieve better organization productivity through the use of a common language.

Kenia Sousa (Université catholique de Louvain),
Hildeberto Mendonca (Université catholique de Louvain),
Jean Vanderdonckt (Université catholique de Louvain))

This paper defines an approach to keep the work of process designers aligned with the work of UI designers. With this approach, models are derived from each other and aligned in order to more efficiently propagate changes when needed. In this way, each model modification could be adequately propagated in the rest of the chain. By applying this model-driven approach, the user interfaces of the information systems are abstracted from models and their interrelationships, thus directly meeting the requirements of the business processes. This approach has been validated on a case study in a large bank-insurance organization and with the implementation of a traceability tool.

Stewart Wan (Hong Kong Science and Technology Parks Corporation),
Yuk-Hee Chan (Hong Kong Polytechnic University)

For any fault of the same severity level, traditional fault discovery and notification tools provide equal weighting from business points of view. To improve the fault correlation from business perspectives, we proposed a framework to automate network and system alerts with respect to its business service impact for proactive notification to IT operations management. This paper outlines the value of BCP during the course of service impact analysis, placing particular emphasis on the business perspective in the processes of IT service management. The framework explicitly employs BCP relevant processes in order to identify the relationships between business services and IT resources A practical case in IT operations to illustrate the concept was then conducted.

Ayse Morali (University of Twente),
Emmanuele Zambon (University of Twente),
Sandro Etalle (University of Twente),
Paul Overbeek (OIS Information Risk & Security Management)

Information systems require awareness of risks and a good understanding of vulnerabilities and their exploitations. In this paper, we propose a novel approach for the systematic assessment and analysis of confidentiality risks caused by disclosure of operational and functional information. The approach is modeldriven integrating information assets and the IT infrastructure that they rely on for distributed systems. IT infrastructures enable one to analyse risk propagation possibilities and calculate the impact for confidentiality incidents. Furthermore, depending on the monetary value of an information asset, we bridge the technical and business-oriented views of information security.

Antonio Alencar (Federal University of Rio de Janeiro),
Carlos Henrique Alves (Federal University of Rio de Janeiro),
Eber Schmitz (Federal University of Rio de Janeiro),
Armando Ferreira (Coppead School of Business)

Offshoring IT services has become a key factor in building successful business strategies, allowing companies to better position themselves in today's highly competitive markets. Nevertheless, offshoring brings to the table a brand new set of possibilities and risks regarding its management and execution. This article presents a method for the elaboration of a quantitative risk model for offshoring IT applications, which, in turn, increases the likelihood of being successful in such initiatives.

Antonio Alencar (Federal University of Rio de Janeiro),
Leôncio Cruz (Federal University of Rio de Janeiro),
Eber Schmitz (Federal University of Rio de Janeiro),
Armando Ferreira (Coppead School of Business)

This work presents a method that provides organizations and their project managers with a better understanding of the implications of the risks that software projects are subjected to. The method, which is based upon a novel approach to cluster analysis, generates a set of business rules indicating how risk factors may influence project performance. These rules are easy to read and understand, making it easier for managers to identify what needs to be done and when it needs to be done, before the worst happens.

Alvaro Coêlho (State University of Santa Cruz),
Paulo Ditarso Maciel Jr. (Federal University of Campina Grande),
Flavio de Figueiredo (Federal University of Campina Grande),
David Candeia (Federal University of Campina Grande),
Francisco Brasileiro (Federal University of Campina Grande)

In this paper we consider a peer-to-peer grid system which provides multiple services to its users. In this system, an incentive mechanism promotes collaboration among peers. It has been shown that the use of a reciprocation mechanism in such a system is able to prevent free riding and, at the same time, promotes the clustering of peers that have mutually profitable interactions. However, when peers are subject to a budget limitation, each peer must select a subset of all services that can possibly be offered. This work shows that, in such conditions, there are many different sets of services that can be selected and the received utility is strongly dependent of the offered services.

Chern Har Yew (University of Western Ontario),
Vladimir Tosic (NICTA),
Hanan Lutfiyya (University of Western Ontario)

This paper discusses why trust is an essential as-pect for business-driven IT management, as well as how it impacts management of web services and their compositions. We summarize two ongoing projects which will enable the use of trust for business-driven management of web services.

Jacques Sauvé (Federal University of Campina Grande)

Initial ideas are presented concerning the application of risk to IT Service Management. Focus is on the process of testing changes to a service where risk considerations are paramount. In particular, the decision problem of which tests to perform after a change is discussed. Several approaches to formalizing this decision problem are presented with particular reference to the numerical representation of risk metrics and of risk appetite. The paper offers no final results but a rich set of alternatives for discussion by the research community.

Andreas Hanemann (German Research Network),
Patricia Marcu (Leibniz Supercomputing Center)

The timely and efficient management of faults that affect the quality of services delivered to customers is an important issue for service providers with respect to their business goals. It includes the diagnosis of service faults which deals with the localization of their root causes within subservices and resources being part of the service realization. In this paper our service-oriented event correlation approach is detailed which uses event correlation techniques to automate the diagnosis on the service layer. Our algorithm for the hybrid rule-based/case-based correlation methodology that also includes recently proposed active probing techniques is presented as well as its prototypical implementation at the Leibniz Supercomputing Center. This implementation is not limited to a small testbed, but has been carried out for requirements of the environment of this large service provider.

Thomas Schaaf (MNM Team),
Michael Brenner (MNM Team)

Service Level Management (SLM) is a vital discipline in customer-oriented IT Service Management. Covering technical as well as organizational and economic aspects, this multi-dimensional management area has become even more important against the background of the business-driven IT Management (BDIM) paradigm. Today, tools and management solutions available for SLM face three major challenges: First, the lack of an established platform-independent model (PIM) for SLM entails the existence of hard-to-integrate “islands” of support tools and makes an integrated approach to SLM tool support all but impossible. Secondly, the current solutions are mostly focused on SLA-specific issues, neglecting significant SLM responsibilities such as the deployment of service catalogs. Lastly, the limited perspective of many existing SLM solutions disregards the important links between SLM-related management tasks and those of other management disciplines such as Fault or Performance Management. This paper presents first results of a project aiming at developing a practicable, integrated solution for SLM, addressing above mentioned challenges. To this end, essential requirements are pointed out, and four common modules of a management architecture for SLM are outlined.

Genady Grabarnik (IBM Thomas J. Watson Research Center),
Heiko Ludwig (IBM Thomas J. Watson Research Center),
Larisa Shwartz (IBM Thomas J. Watson Research Center)

IT service providers typically must comply with Service Level Agreements that are part of their usage contracts with customers. Not only IT infrastructure is subject to service level guarantees such as availability or response time but also service management processes as defined by the IT Infrastructure Library (ITIL) such as change and incident processes and the fulfillment of service requests. SLAs relating to service management processes typically address metrics such as initial response time and fulfillment time. Large service providers have the choice of which internal service delivery team or external service provider they assign to parts of a service process, each provider having different costs or prices associated with it for different turn-around times at different risk. This choice in QoS and cost of different service providers can be used to manage the trade-off between penalty costs and fulfillment cost. This paper proposes a model as a basis for service provider choice at process runtime, taking into account the progress of a process so far and the availability of service capacity at service suppliers. This model can be used to reduce total service costs of IT service providers deciding on alternative delivery teams and external service providers when needed and based on current process performance.