To see the other types of publications on this topic, follow the link: ISO/IEC 25010 Standard.
Dissertations / Theses on the topic 'ISO/IEC 25010 Standard'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 38 dissertations / theses for your research on the topic 'ISO/IEC 25010 Standard.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Alila, Patrick. "Complementing network security to the ISO/IEC 27000 standard." Thesis, Linköpings universitet, Institutionen för teknik och naturvetenskap, 2007. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-96298.
Full textAbstract:
I syfte att öppna upp nya affärsmöjligheter för informationssäkerhetsföretaget Secure State AB, har detta arbete bedrivits för att komplettera företagets nuvarande standard för informationssäkerhetsarbete med ytterligare nätverkssäkerhet. Krav på slutresultatet var att dokumentet eller standarden skulle kunna komplettera ISO 27000, samt vara kostnadseffektivt. Efter en undersökning av den nämnda standarden konstaterades att enbart ISO 27000 i sig inte är ett fullgott verktyg för nätverkssäkerhetsarbete, på grund av dess icke-tekniska inriktning och målgrupp. Att komplettera ISO 27000 med av författaren utarbetade krav var inte heller att föredra, då syftet med ett standardiserat arbetssätt därmed försvinner. Det är bättre och attraktivare för kunden att använda sig av specifika tekniska standarder och rekommendationer. Sökandet efter en kompletterande standard påbörjades däför enligt dessa kriterier Kompatibilitet med ISO 27000 Teknisk inriktning Kostnadseffektiv Attraktiv att arbeta efter ISO 18028 uppfyller dessa krav mycket bra på samtliga punkter och är därmed bäst lämpad att arbeta efter av de tre standarder/rekommendationer som undersöktes mot kravlistan. Därför bör också Secure State välja att utföra nätverkssäkerhetsarbetet förankrat i ISO 18028 med följande förväntade resultat. Fig. 10, Förväntat resultat av komplettering till ISO 27000. Högst upp ser vi de allmäna informationssäkerhetspolicies samtliga anställda följer. Som nivå två finns ISO 27000, vilket är ledningens system för hur informationssäkerhetsarbetet övergripande ska hanteras. Längst ned ser vi den tekniska skyddsutrustningen som administreras av tekniker som följer lämpliga dokument. Denna rapport har identifierat ISO 18028 för säkerheten i nätverk, övriga återstår att vid behov identifiera för annan teknisk utrustning.
2
Alley, Krista I. "Defining the Industrial Designer's Role in the ISO/IEC 62366 Standard." University of Cincinnati / OhioLINK, 2014. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1397235614.
Full text
3
Coetzer, Christo. "An investigation of ISO/IEC 27001 adoption in South Africa." Thesis, Rhodes University, 2015. http://hdl.handle.net/10962/d1018669.
Full textAbstract:
The research objective of this study is to investigate the low adoption of the ISO/IEC 27001 standard in South African organisations. This study does not differentiate between the ISO/IEC 27001:2005 and ISO/IEC 27001:2013 versions, as the focus is on adoption of the ISO/IEC 27001 standard. A survey-based research design was selected as the data collection method. The research instruments used in this study include a web-based questionnaire and in-person interviews with the participants. Based on the findings of this research, the organisations that participated in this study have an understanding of the ISO/IEC 27001 standard; however, fewer than a quarter of these have fully adopted the ISO/IEC 27001 standard. Furthermore, the main business objectives for organisations that have adopted the ISO/IEC 27001 standard were to ensure legal and regulatory compliance, and to fulfil client requirements. An Information Security Management System management guide based on the ISO/IEC 27001 Plan-Do-Check-Act model is developed to help organisations interested in the standard move towards ISO/IEC 27001 compliance.
4
Frost, Per. "Utvärdering av den upplevda användbarheten hos CySeMoL och EAAT med hjälp av ramverk för ändamålet och ISO/IEC 25010:2011." Thesis, KTH, Industriella informations- och styrsystem, 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-138576.
Full textAbstract:
This report describes a study aimed at uncovering flaws and finding potential improvements from when the modelling tool EAAT is used in conjunction with the modelling language CySeMoL. The study was performed by developing a framework and applying it on CySeMoL and EAAT in real life context networks. The framework was developed in order to increase the number of flaws uncovered as well as gather potential improvements to both EAAT and CySeMoL. The basis of the framework is a modified version of the Quality in use model from ISO/IEC 25010:2011 standard. Upon the characteristics and sub characteristics of this modified model different values for measuring usability where attached. The purpose of these values is to measure usability from the perspectives of both creating and interpreting models. Furthermore these values are based on several different sources on how to measure usability. The complete contents of the framework and the underlying ideas, upon which the framework is based, are presented in this report. The framework in this study was designed in order to enable it to be used universally with any modelling language in conjunction with a modelling tool. Its design is also not limited to the field of computer security and computer networks, although that is the intended context of CySeMoL as well as the context described in this report. However, utilization outside the intended area of usage will most likely require some modifications, in order to work in a fully satisfying. Several flaws where uncovered regarding the usability of CySeMoL and EAAT, but this is also accompanied by several recommendations on how to improve both CySeMoL and EAAT. Because of the outline of the framework, the most severe flaws have been identified and recommendations on how to rectify these shortcomings have been suggested.
5
Byrne, Bernadette M. "A longitudinal study of the diffusion of the ISO/IEC information resource dictionary system standard (IRDS.)." Thesis, Aston University, 2001. http://publications.aston.ac.uk/10610/.
Full textAbstract:
The IRDS standard is an international standard produced by the International Organisation for Standardisation (ISO). In this work the process for producing standards in formal standards organisations, for example the ISO, and in more informal bodies, for example the Object Management Group (OMG), is examined. This thesis examines previous models and classifications of standards. The previous models and classifications are then combined to produce a new classification. The IRDS standard is then placed in a class in the new model as a reference anticipatory standard. Anticipatory standards are standards which are developed ahead of the technology in order to attempt to guide the market. The diffusion of the IRDS is traced over a period of eleven years. The economic conditions which affect the diffusion of standards are examined, particularly the economic conditions which prevail in compatibility markets such as the IT and ICT markets. Additionally the consequences of the introduction of gateway or converter devices into a market where a standard has not yet been established is examined. The IRDS standard did not have an installed base and this hindered its diffusion. The thesis concludes that the IRDS standard was overtaken by new developments such as object oriented technologies and middleware. This was partly because of the slow development process of developing standards in traditional organisations which operate on a consensus basis and partly because the IRDS standard did not have an installed base. Also the rise and proliferation of middleware products resulted in exchange mechanisms becoming dominant rather than repository solutions. The research method used in this work is a longitudinal study of the development and diffusion of the ISO/EEC IRDS standard. The research is regarded as a single case study and follows the interpretative epistemological point of view.
6
García, Paucar Luis Hernán, Claude Y. Laporte, Yaylli Arteaga, and Marco Bruggmann. "Implementation and Certification of ISO/IEC 29110 in an IT Startup in Peru." American Society for Quality (ASQ), 2015. http://hdl.handle.net/10757/346851.
Full textAbstract:
This article presents the implementation of
ISO/IEC 29110 in a four-person IT startup
company in Peru. After completing the
implementation of the ISO/IEC 29110 project
management and software implementation
processes using an agile approach, the next
step was to execute these processes in a
project with an actual customer: software
that facilitates communication between
clients and legal consultants at the second-largest
insurance companies in Peru.
Managing the project and developing the
software took about 900 hours. Using ISO/
IEC 29110 software engineering practices
enabled the startup to plan and execute
the project while expending only 18 percent
of the total project effort on rework
(i.e., wasted effort). In this article, the
authors also describe the steps and the effort
required by the VSE to be granted an ISO/IEC
29110 certificate of conformity. The startup
became the first Peruvian VSE to obtain
an ISO/IEC 29110 certification. The ISO/IEC
29110 certification facilitated access to new
clients and larger projects.
7
Dlugošová, Simona. "Publikace Základního profilu normy ISO/IEC 29110 v Eclipse Process Framework Composer." Master's thesis, Vysoká škola ekonomická v Praze, 2013. http://www.nusl.cz/ntk/nusl-192438.
Full textAbstract:
This diploma thesis focus on matters of improving the software processes in very small enterprises sector. Its main goal is to provide the instruction for implementation of systematic processes and operations in project management and software implementation sphere to that type of company in Czech Republic. It is accomplished by the publication Basic profile of the ISO/IEC 29110 standard translated to Czech. The creation of this publication has been done in open source tool for control of methodical content Eclipse Process Framework Composer. Published profile is simultaneously referencing itself to other manuals, methods and documents created for simplification of its use. The main acquisition of this diploma thesis consists in the manual presentation for improving of the software processes which is available, understandable and also matching with specific needs of very small enterprises. By the application of Basic profile for the ISO/IEC 29110 standard can they prove their processes and in the same time receive the certification ISO/IEC 29110 and increase its competitiveness and role in the market. The thesis is structured in four thematic parts. The first concerns itself on improving of software processes, matters of using the standards and methods and initiatives ensued for its support in very small enterprises. In the other two parts is the ISO/IEC 29110 standard presented and all elements and processes of the published profile are described in detail. The final part contains description of the creation of publication Basic profile ISO/IEC 29110 in Eclipse Process Framework Composer tool.
8
Bartoš, Lukáš. "Návrh metodiky bezpečnosti informací v podniku." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224223.
Full textAbstract:
This thesis proposes a design of information security methodology in the company. After the theoretical bases of this thesis is introduced company for which is intended this work. Then is performed analysis of risks based on selected assets and potential threats. Followed by design of the measures to minimize the creation of possible risks in the company.
9
Bystrianska, Lucia. "Vplyv regulácií ISO 27001 a SOX na riadenie bezpečnosti informácií podniku." Master's thesis, Vysoká škola ekonomická v Praze, 2015. http://www.nusl.cz/ntk/nusl-203998.
Full textAbstract:
The master thesis has analytical character and focuses on information security issues in enterprises. The mail goal of this thesis is to evaluate the impact of implemented standard ISO/IEC 27001 and regulation by American law SOX to overall information security. In order to preform the analysis, two medium-sized companies from the segment of services were selected: the first one with ISO/IEC 27001 certification and the second one regulated by SOX. The structure of the thesis contributes gradually with its steps to meet the goal. The first three chapters provide a theoretical basis for the analysis of information security. They contain a summary of key processes and tools essential for ensuring the information security and are based on the best practices included within the latest standards and methodologies and on practical experience. These chapters provide the basis for an evaluation guidance including criteria groups and defined variants of implemented security, which is described in the fourth chapter. The analysis of information security and the impact of regulations is part of the fifth chapter of this document. The sixth chapter contains final assessment and comparison of the impact, which the regulations have on information security of the selected companies. The final chapter summarizes and evaluates the results achieved with regards to the goal.
10
Nemec, Tomáš. "Návrh metodiky pro příručku ISMS a opatření aplikované na vybrané oblasti." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224225.
Full textAbstract:
Content of this thesis is a methodology for creating ISMS Security Manual. Implementation of the proposal is supported by theoretical knowledge in the introductory part of this work. Practical process design methodology is conditional on the structure of the international standard ISO/IEC 27001:2005.
11
Consiglio, Michele. "Proposta di un modello organizzativo aziendale per una efficace risposta agli incidenti informatici alla luce degli standard ISO/IEC 27035:2011 e 27037:2012." Master's thesis, Alma Mater Studiorum - Università di Bologna, 2014. http://amslaurea.unibo.it/7260/.
Full textAbstract:
L'obiettivo di questo lavoro è quello di fornire una metodologia operativa, esposta sotto forma di modello organizzativo strutturato per casi, che le aziende possono utilizzare per definire le azioni immediate di risposta da intraprendere al verificarsi di un evento informatico di sicurezza, che potrebbe trasformarsi, come vedremo, in incidente informatico di sicurezza.
La strutturazione di questo modello si basa principalmente su due standard prodotti dall'ISO/IEC ed appartenenti alla famiglia 27000, che delinea il sistema di gestione della sicurezza delle informazioni in azienda e che ha come scopo principale la protezione di riservatezza, integrità e disponibilità dei dati in azienda.
Il contenuto di tali standard non può però prescindere dagli ordinamenti giuridici di ogni paese in cui vengono applicati, motivo per cui all'interno del lavoro sono stati integrati i riferimenti alle normative di rilevante interesse, soprattutto quelle collegate alla privacy e ai casi presi in esame all'interno del modello sviluppato.
In prima battuta vengono quindi introdotti gli standard di riferimento, illustrati all'interno del Capitolo 1, proseguendo poi con la descrizione di concetti fondamentali per la strutturazione del modello organizzativo, come sicurezza informatica, incident response e informatica forense, che vengono esposti nel Capitolo 2.
Nel Capitolo 3 vengono invece descritti gli aspetti normativi in merito alla privacy dei dati aziendali, dettagliando anche le motivazioni che portano alla creazione del modello organizzativo obiettivo di questo lavoro.
Nel Capitolo 4 viene illustrato il modello organizzativo proposto, che presenta una struttra per casi e contiene una analisi dei casi più rilevanti dal punto di vista del business aziendale.
Infine, nel Capitolo 5 vengono descritte le caratteristiche e le funzionalità di un software sviluppato sotto forma di Windows Service, nato in seguito a delle considerazioni basate sulle analisi di rischio svolte nel Capitolo 4.
12
PIMENTEL, Cristiane Agra. "Diagnóstico para acreditação na norma NBR ISO-IEC 17025:2005: estudo de caso das próteses mamárias no laboratório CERTBIO." Universidade Federal de Campina Grande, 2016. http://dspace.sti.ufcg.edu.br:8080/jspui/handle/riufcg/1266.
Full textAbstract:
Submitted by Emanuel Varela Cardoso (emanuel.varela@ufcg.edu.br) on 2018-07-26T22:44:22Z
No. of bitstreams: 1
CRISTIANE AGRA PIMENTEL – DISSERTAÇÃO (UAEMa) 2016.pdf: 1843438 bytes, checksum: 753df6133976145dbe21cffc31c69065 (MD5)<br>Made available in DSpace on 2018-07-26T22:44:22Z (GMT). No. of bitstreams: 1
CRISTIANE AGRA PIMENTEL – DISSERTAÇÃO (UAEMa) 2016.pdf: 1843438 bytes, checksum: 753df6133976145dbe21cffc31c69065 (MD5)
Previous issue date: 2016-02-16<br>Os biomateriais produzidos para serem aplicados como dispositivos médicos devem
atender a exigências de qualidade, segurança e eficácia. Dentre estes, se inclui as
próteses mamárias. A padronização de processos em laboratórios de ensaios
responsáveis pela certificação destes biomateriais a partir da implantação de normas
específicas tem impacto importante na segurança e qualidade do processo e no
desempenho estratégico dos laboratórios. Neste contexto, este trabalho tem como
objetivo realizar um diagnóstico no processo de acreditação do Laboratório
CERTBIO na norma NBR ISO/IEC 17025:2005 para avaliação das próteses
mamárias. Também será realizado um estudo detalhado do ensaio de determinação
da matéria volátil quanto ao desempenho dos fornecedores e validação do método
de ensaio. Em termos metodológicos foi realizado um estudo de caso de natureza
descritiva e exploratória. Os resultados demonstram que a implantação da norma
supracitada associada a um sistema de gestão no processo de certificação de
próteses mamárias no CERTBIO, promoveu a redução no prazo de entrega dos
resultados de ensaio, maior padronização dos processos, maior satisfação do cliente
externo e melhor controle no processo de aquisição de suprimentos. Além disso, nos
estudos da parte técnica, comprovou-se que apesar de todos os fornecedores terem
atendido à especificação do ensaio de determinação de matéria volátil, o de número
1 foi extremamente melhor quanto à performance nos resultados. Enquanto que na
validação de método, recomendou-se continuar analisando gel e membrana. Dessa
forma, pôde-se comprovar que após o processo de acreditação o laboratório
CERTBIO se tornou uma referência internacional em biomateriais, além da
excelência em qualidade e confiabilidade nos serviços executados.<br>Biomaterials produced to be applied as medical devices must attend the
requirements of quality, safety and efficacy. In this context includes breast implants.
The standardization processes in laboratories responsible for the certification of
these biomaterials through the implementation of specific rules have major impact on
process quality and safety and strategic performance of laboratories. Thus, this study
aims to conduct a diagnosis at CERTBIO Laboratory to have an accreditation
process on breast implants in the standard ISO / IEC 17025: 2005. An addition study
at technical part was conducted to see the performance of suppliers at volatile
material determination and validation the method of this test. In terms of methodology
we conducted a case study of descriptive and exploratory nature. The results
demonstrate that the implementation of the above requirement associated with a
management system in the certification process of breast implants in CERTBIO,
promoted the reduction in the delivery performance, greater standardization of
processes, greater customer satisfaction and better control the supply procurement
process. Moreover, in the part of technical studies, it was shown that all suppliers
have attended to the determination of volatile matter test specification, but the
number 1 was extremely better performance as to the results; however it did not see
any difference between these variances. While the validated test of this method,
recommended to continue analyzing gel and membrane. Thus, it could be proved
that after accreditation process, the CERTBIO laboratory has become an
international reference in biomaterials , as well as excellence in quality and reliability
of the services performed.
13
Bårnås, Kristin Stanwick. "To trender møtes – ISO og miljøstandardene : The International Organization for Standardization (ISO) og deres miljøstandarder (14000 familien)." Thesis, Norges teknisk-naturvitenskapelige universitet, Institutt for historie og klassiske fag, 2013. http://urn.kb.se/resolve?urn=urn:nbn:no:ntnu:diva-21484.
Full textAbstract:
ISO sine miljøstandarder ble først publisert i 1996. Arbeidet derimot hadde startet alt i 1991, på bakgrunn av at ISO hadde blitt en annerkjent organisasjon for også ikke-tekniske standarder og på bakgrunn av det økte internasjonale miljøfokuset. Hoveddeltagerne i arbeidet var ledere og viktige personer i mellomstore og store bedrifter, og dette bidro til at fokuset ble på miljøstyringsystemer istedenfor på konkrete miljøkrav. Arbeidet de første 2 årene ble gjort gjennom Strategic Advisory Group on the Environment (SAGE), som var et sammarbeid mellom ISO og IEC. I 1993 ble en teknisk komitee opprettet. Denne fikk navn TC 207: miljøstyring, og har sitt hovedkontor i Canada.
14
Fernández, Martínez Adrián. "A Usability Inspection Method for Model-driven Web Development Processes." Doctoral thesis, Universitat Politècnica de València, 2012. http://hdl.handle.net/10251/17845.
Full textAbstract:
Las aplicaciones Web son consideradas actualmente un elemento esencial e indispensable en toda actividad empresarial, intercambio de información y motor de redes sociales. La usabilidad, en este tipo de aplicaciones, es reconocida como uno de los factores clave más importantes, puesto que la facilidad o dificultad que los usuarios experimentan con estas aplicaciones determinan en gran medida su éxito o fracaso. Sin embargo, existen varias limitaciones en las propuestas actuales de evaluación de usabilidad Web, tales como: el concepto de usabilidad sólo se soporta parcialmente, las evaluaciones de usabilidad se realizan principalmente cuando la aplicación Web se ha desarrollado, hay una carencia de guías sobre cómo integrar adecuadamente la usabilidad en el desarrollo Web, y también existe una carencia de métodos de evaluación de la usabilidad Web que hayan sido validados empíricamente. Además, la mayoría de los procesos de desarrollo Web no aprovechan los artefactos producidos en las fases de diseño. Estos artefactos software intermedios se utilizan principalmente para guiar a los desarrolladores y para documentar la aplicación Web, pero no para realizar evaluaciones de usabilidad. Dado que la trazabilidad entre estos artefactos y la aplicación Web final no está bien definida, la realización de evaluaciones de usabilidad de estos artefactos resulta difícil. Este problema se mitiga en el desarrollo Web dirigido por modelos (DWDM), donde los artefactos intermedios (modelos) que representan diferentes perspectivas de una aplicación Web, se utilizan en todas las etapas del proceso de desarrollo, y el código fuente final se genera automáticamente a partir estos modelos. Al tener en cuenta la trazabilidad entre estos modelos, la evaluación de estos modelos permite detectar problemas de usabilidad que experimentaran los usuarios finales de la aplicación Web final, y proveer recomendaciones para corregir estos problemas de usabilidad durante fases tempranas del proceso de desarrollo Web.
Esta tesis tiene como objetivo, tratando las anteriores limitaciones detectadas, el proponer un método de inspección de usabilidad que se puede integrar en diferentes procesos de desarrollo Web dirigido por modelos. El método se compone de un modelo de usabilidad Web que descompone el concepto de usabilidad en sub-características, atributos y métricas genéricas, y un proceso de evaluación de usabilidad Web (WUEP), que proporciona directrices sobre cómo el modelo de usabilidad se puede utilizar para llevar a cabo evaluaciones específicas. Las métricas genéricas del modelo de usabilidad deben operacionalizarse con el fin de ser aplicables a los artefactos software de diferentes métodos de desarrollo Web y en diferentes niveles de abstracción, lo que permite evaluar la usabilidad en varias etapas del proceso de desarrollo Web, especialmente en las etapas tempranas. Tanto el modelo de usabilidad como el proceso de evaluación están alineados con la última norma ISO/IEC 25000 estándar para la evaluación de la calidad de productos de software (SQuaRE).
El método de inspección de usabilidad propuesto (WUEP) se ha instanciado en dos procesos de desarrollo Web dirigido por modelos diferentes (OO-H y WebML) a fin de demostrar la factibilidad de nuestra propuesta. Además, WUEP fue validado empíricamente mediante la realización de una familia de experimentos en OO-H y un experimento controlado en WebML. El objetivo de nuestros estudios empíricos fue evaluar la efectividad, la eficiencia, facilidad de uso percibida y la satisfacción percibida de los participantes; cuando utilizaron WUEP en comparación con un método de inspección industrial ampliamente utilizado: La Evaluación Heurística (HE). El análisis estadístico y meta-análisis de los datos obtenidos por separado de cada experimento indicaron que WUEP es más eficaz y eficiente que HE en la detección de problemas de usabilidad. Los evaluadores también percibieron más satisfacción cuando se aplicaron WUEP, y les<br>Fernández Martínez, A. (2012). A Usability Inspection Method for Model-driven Web Development Processes [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/17845<br>Palancia
15
Ribeiro, Ãrick AragÃo. "Uma contribuiÃÃo ao desenvolvimento e avaliaÃÃo da qualidade de sistemas de supervisÃo industrial à luz das normas ISO/IEC 9126 e 14598." Universidade Federal do CearÃ, 2013. http://www.teses.ufc.br/tde_busca/arquivo.php?codArquivo=10627.
Full textAbstract:
Os sistemas supervisÃrios estÃo cada vez mais presentes no cotidiano da indÃstria, pois a garantia de se ter informaÃÃo sobre os processos de produÃÃo em diversos locais simultaneamente à essencial para um bom monitoramento e controle. Contudo, a maioria dos desenvolvedores destas ferramentas nÃo utilizam modelos de desenvolvimento, tampouco mÃtodos de avaliaÃÃo da qualidade de softwares, tornando os projetos mais dispendiosos, devido ao retrabalho, e causando insatisfaÃÃo aos clientes devido ao nÃo cumprimento aos requisitos fundamentais. Portanto, existe uma necessidade de organizaÃÃo do processo de desenvolvimento e avaliaÃÃo de supervisÃrios. As normas ISO/IEC 9126 e 14598 sÃo utilizadas na metodologia proposta, pois fornecem um bom suporte para a identificaÃÃo das caracterÃsticas essenciais de um supervisÃrio, para a criaÃÃo de um padrÃo de qualidade e para o desenvolvimento de uma metodologia de avaliaÃÃo. Este trabalho apresenta uma proposta de modelo para o desenvolvimento de softwares supervisÃrios, acompanhado por um mÃtodo de avaliaÃÃo da qualidade baseado em lÃgica fuzzy para analisar as opiniÃes subjetivas de especialistas da Ãrea a respeito de requisitos de supervisÃrios. A eficiÃncia do uso do modelo foi verificada em Ãmbito educacional atravÃs de um projeto realizado por estudantes. A avaliaÃÃo revelou a qualidade de cada requisito e mostrou que o software completo atendeu a 69% do padrÃo de qualidade. Os atributos que estavam com ou sem falhas foram identificados e a avaliaÃÃo mostra quais erros precisam ser sanados para que o software seja entregue ao cliente.<br>The supervisory systems are increasingly present in everyday industry, because the guarantee of having information about production processes in diverse locations simultaneously is essential to good monitoring and control. However, developers these tools do not utilize development models, nor methods for assessing software quality, making projects more expensive, due to rework, and causing client dissatisfaction for not meeting fundamental requirements. Therefore, there is a need to organize the process of development and evaluation for supervision softwares. ISO / IEC 9126 and 14598 are used in methodology, as they provide good support to identify essential characteristics of supervisory software, to create quality standard and to development of evaluation methodology. This research proposes model for development of supervisory software, accompanied by method of quality assessment based on fuzzy logic to analyze subjective opinions of specialists about supervisory requirements. The efficiency to use model was verified in educational field through a project realized by students. The assessment revealed quality of each requirement and showed that the complete software attended 69% of the standard of quality. The attributes that were with or without failures were identified, and the evaluation shows errors that need to be solved for software can be delivered for client.
16
Andersson, Lanas Frida, and Jacob Fagerström. "Informationssäkerhet bland småhustillverkare med inriktning trä: en kvantitativ studie." Thesis, Linnéuniversitetet, Institutionen för maskinteknik (MT), 2021. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-104453.
Full textAbstract:
Information är ett väsentligt och stort organ inom organisationer och inom tillverkningsindustrin används det till all kommunikation som sker. För att säkerställa att informationen är säker krävs informationssäkerhet. Målet med informationssäkerhet anses vara uppfyllt när informationens integritet, tillgänglighet samt konfidentialitet kan garanteras. I dagens industri är informationssäkerhet ytterst viktigt på grund av att den fjärde revolutionen (Industri 4.0) kräver data i realtid. Ett problem med informationssäkerheten är att resurser främst läggs på tekniska lösningar men inte på att minska den mänskliga faktorns påverkan som står för cirka 85% av alla organisatoriska olyckor. En bransch som är i behov att moderniseras är småhustillverkare med inriktning trä (SIT). SIT-branschen behöver moderniseras för att följa med i den nya digitala generationen. Branschen i sitt nuläge kräver en ökad produktivitet för att fortsätta vara konkurrenskraftiga på marknaden men även för att öka sin lönsamhet. Det kan verkställas genom att öka förståelsen för hur SIT arbetar med informationssäkerhet och vilka förbättringar som kan implementeras för att uppnå målet. Metoden som används för att öka förståelsen över hur arbetet med informationssäkerhet sker inom SIT-branschen är en kvantitativ enkätstudie. Enkätfrågorna skapades utifrån teori om standarden ISO/IEC 27000 samt CIA-triadens komponenter (konfidentialitet, integritet samt tillgänglighet). Standarden bedömer om informationssäkerheten har en god nivå medan CIAtriadens komponenter påvisar om målet med informationssäkerhet är uppfyllt. Svarsfrekvensen som studien gav var 20,83%. En bedömningsmodell gjordes för att kategorisera resultatet i en skala från icke-uppfylld nivå till uppfylld nivå. Resultatet visar på att branschen är i behov av att förbättra sitt informationssäkerhetsarbete. Frågorna kring standarden ISO/IEC 27000 uppgav att branschen tenderar mot en icke uppfylld nivå och CIA-triadens komponenter hamnade på ett mellanläge för varken uppfylld eller icke-uppfylld nivå. Enkätstudien visade att den mänskliga faktorn har en påverkan på informationssäkerheten vilket överensstämmer med teorin angående att mer resurser läggs på tekniska lösningar. Slutsatsen blev att SIT-branschen har en bristfällig nivå på informationssäkerheten. Genom att implementera förbättringsförslagen ges förutsättningar för branschen att nå upp till en väldigt god informationssäkerhetsnivå.
17
Menezes, Jislane Silva Santos de. "Processo de avaliação de software aplicado à seleção de sistemas gerenciadores de conteúdo." Universidade Federal de Sergipe, 2016. https://ri.ufs.br/handle/riufs/3380.
Full textAbstract:
Content Management Systems (CMS) are information systems used to facilitate the maintenance
of content on the Internet using a central interface. This ease of use allows users of organizations
without programming knowledge and software development make use of this type of system.
Over the years, the CMSs progressed to robust development platforms that have provided a wide
range of added features. There are CMSs of the most varied characteristics, free or commercial
applications developed using programming languages such as Java, PHP, Python and dotNET
using various database management systems such as Oracle, MySQL , SQL Server and Postgree.
Considering the importance of acquiring a solution that meets user expectations among many
CMSs available, ISO/IEC 25040 provides a process for evaluating quality of the software
product for developers, acquirers and independent evaluators. This evaluation process is based on
a number of criteria. This research project proposes an approach to identify, analyze and classify
tools Content Management System , according to development criteria and maintenance websites
to governmental organizations, based the model proposed by ISO/IEC 25010 and technology
acceptance model (TAM). Using the methodology proposed by ISO / IEC 25040, the CMSs were
identified by means of literature and two evaluation approaches were defined approaches based
on functional and non functional requirements and based on TAM. The definition of criteria
was created from interviews and questionnaires with stakeholders. As case study, five CMSs
open source and free participate of the evaluation process under the two approaches to meet
the needs of EMGETIS government company. To perform the evaluation questionnaires were
created and the measurement was performed by using descriptive statistics of variables such
as frequency, positive count and average on the results of evaluations. TAM approach has also
evaluated the relationship between your variables through the coefficient of Spearman. Finally, a
comparison between the CMSs for each approach was generated. The Plone CMS answered the
highest number of requirements in the evaluation requirements. The WordPress CMS had the
best result in TAM approach. The XOOPS CMS had lower attendance in the two approaches.
The EMGETIS chose the Wordpress CMS, because besides the ease of use and installation,
the CMS was developed in PHP language that the company already has knowledge and the
secretariats was getting training to use. The research was funded by Fapitec in partnership with
EMGETIS and participates in the Program of Support and Development of Public Policy for
the State of Sergipe contributing to the process of selection and acquisition of CMSs for public
departments of the state.<br>Content Management Systems (CMS) são sistemas de informação utilizados para facilitar a manutenção
do conteúdo na Internet, usando uma interface central. Esta facilidade de uso permite que
usuários de organizações, sem conhecimento em programação e desenvolvimento de software,
façam uso deste tipo de sistema. Ao longo dos anos, os CMSs evoluíram para plataformas de desenvolvimento
robustas que proporcionaram um grande conjunto de recursos agregados. Existem
CMSs das mais variadas características, aplicações gratuitas ou pagas, construídas em linguagens
de programação como Java, PHP, Python e dotNET, utilizando variados sistemas gerenciadores
de bancos de dados tais como Oracle, MySQL, SQL Server e PostgreSQL. Considerando a
importância de adquirir uma solução que satisfaça às expectativas do usuário em meio a tantos
CMSs disponíveis, a ISO/IEC 25040 fornece um processo de avaliação da qualidade do produto
de software para desenvolvedores, adquirentes e avaliadores independentes. Este processo de
avaliação é baseado em critérios de verificação. Este projeto de pesquisa propõe uma abordagem
para identificar, analisar e classificar ferramentas de Content Management System (Sistema de
Gerenciamento de Conteúdo), segundo critérios de desenvolvimento e manutenção de web sites
para organizações governamentais, baseados no modelo proposto pela ISO/IEC 25010 e no modelo
de aceitação de tecnologia (TAM). Com o uso da metodologia proposta pela norma ISO/IEC
25040, os CMSs foram identificados por meio de pesquisa bibliográfica e duas abordagens de
avaliação foram definidas, baseadas em requisitos funcionais e não funcionais e baseadas no
modelo TAM. A definição dos critérios foi elaborada a partir de entrevistas e questionários com
os stakeholders. Como estudo de caso, cinco CMSs open source e gratuitos participaram do
processo de avaliação sob as duas abordagens para o atendimento das necessidades da empresa
governamental EMGETIS. Para executar a avaliação foram criados questionários e a medição foi
realizada por meio de variáveis de estatística descritiva como frequência, contagem de positivos
e média sob os resultados das avaliações. Na abordagem TAM também foi avaliada a relação
entre suas variáveis por meio do coeficiente de Spearman. Por fim, foi gerado um comparativo
entre os CMSs para cada abordagem. O CMS Plone atendeu o maior número de requisitos na
avaliação requisitos. O CMS WordPress obteve o melhor resultado na abordagem TAM. O Xoops
foi o CMS que apresentou menor atendimento nas duas abordagens. A EMGETIS escolheu
o CMS Wordpress, pois além da facilidade de uso e instalação, o CMS foi desenvolvido na
linguagem PHP que a empresa já possui conhecimento e uma das secretarias estava adquirindo
treinamento para uso. A pesquisa foi financiada pela Fapitec em parceria com a EMGETIS
e participou do Programa de Apoio e Desenvolvimento de Políticas Públicas para o Estado
de Sergipe, contribuindo para o processo de seleção e aquisição de CMSs para as secretarias
públicas do estado.
18
Nordström, Roger. "Framtagning av en informationssäkerhetspolicy." Thesis, Jönköping University, JTH, Computer and Electrical Engineering, 2005. http://urn.kb.se/resolve?urn=urn:nbn:se:hj:diva-521.
Full textAbstract:
<p>This report was made for the company HordaGruppen AB to investigate how information security was handled. This report fits in the Master program of Internet Technology at School of Engineering in Jönköping University in Sweden.</p><p>The question at issue was how you protect your information against different threats. One question was how to make an information security policy and which guidelines you can follow in the Swedish Standard, SS-ISO/IEC 17799:2000.</p><p>Another question was to investigate the information sources at the company and which threats there are against it.</p><p>The work begins with a presentation about information security for the chief of information and the chief of quality in the company. The next thing was to do a survey of as thing are at present with a tool from Länsteknikcentrum called “Infosäkpulsen”. After the analysis was made of the survey, two reports were present with action plan for better information security for the company. The most important measures were of administrative kind and consist of a risk analysis of information resources and to make an information security policy with instructions for the users.</p><p>The risk analysis was made with the tool BITS from Krisberedskapsmyndigheten and the consequence was that base level for IT-security was enough for the company.</p><p>To fulfil the demand from the analyses so was an information security policy made and after that so create we information security instructions for the different kind of user group. One instruction was for ordinary users and the other was for management users.</p><p>Besides the part with policy and instructions so recommend the company to initiate incident management and register all kind of changes in their IT-system.</p><p>For further research it suggests to investigate how different standards can integrate to be only one standard that fulfils the goals in quality, environment and security standard</p><br><p>Rapporten var gjord som examensarbete på HordaGruppen AB och ingår i Breddmagisterprogrammet i Internetteknik på Ingenjörshögskolan i Jönköping.</p><p>Problemställningen som rapporten handlar om är hur man skyddar företagets information mot olika sorters hot. Frågeställningen var dels hur man tar fram en informationssäkerhetspolicy och vilka riktlinjer det finns i svensk standard för informationssäkerhet. Frågeställningen skulle också ta reda på företagets informationstillgångar och vilka hot det fanns mot dessa.</p><p>Arbetets inleds med en presentation på företaget om informationssäkerhet för Kvalitetschefen och IT-ansvarig. Därefter görs en nulägesanalys över informationssäkerheten med hjälp av verktyget Infosäkpulsen, en enkätundersökning från Länsteknikcentrum i Jönköping AB. Efter att svaren samlats in så sammanställdes en åtgärdsrapport och presenterades för företaget. De åtgärder som ansågs mest aktuella var av det administrativa slaget och bestod i att riskanalysera informationstillgångarna och att ta fram en informationssäkerhetspolicy med anvisningar för användarna.</p><p>Riskanalysen gjordes med verktyget BITS från Krisberedskapsmyndigheten och resulterade i att basnivå för it säkerhet räckte överlag för företaget.</p><p>För att uppfylla kraven från analyserna så togs en informationssäkerhetspolicy fram och därefter skapades informationssäkerhetsanvisningar till användare och till drift och förvaltning för att kunna uppfölja policyn.</p><p>Förutom att följa policyn och anvisningarna så rekommenderas företaget att införa incidenthantering och öka spårbarheten genom att dokumentera vilka ändringar som görs i IT-systemen. Ett uppslag för fortsatt arbete skulle kunna vara att integrera de olika standarderna till en anvisning som uppfyller målen för både kvalitet, miljön och säkerheten.</p>
19
Dokoupil, Ondřej. "Návrh metodiky pro zavedení ISMS." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2016. http://www.nusl.cz/ntk/nusl-254270.
Full textAbstract:
This master’s thesis deals with the design of methodology for implementation of ISMS (Information Security Management System). The theoretical part describes the basic principles and procedures for processing of this domain, including normative and legal - legislative aspects. The next section is an analysis of the current state of the organization. On its basis the practical part is drafted, including an economic evaluation of the project and possible benefits of implementation.
20
Češek, Jakub. "Návrh vhodného etalonu délky pro oblast nanometrologie na pracovištích ČMI Brno a CEITEC Brno." Master's thesis, Vysoké učení technické v Brně. Fakulta strojního inženýrství, 2019. http://www.nusl.cz/ntk/nusl-402562.
Full textAbstract:
The thesis deals with the design of a suitable length standard for nanometrology. This length standard will be used for metrological traceability of the Rigaku nano3DX located at CEITEC Brno and the SIOS NMM-1 device which is located at ČMI Brno. The first part is focused on the description of these measuring instruments, the analysis of their metrological traceability requirements and the requirements for the material length standard. The second part is devoted to the concrete possibilities of the etalon design, 3D printing of the prototype of the standard and verification of its dimensional compatibility. At the end of the thesis, the evaluation and selection of the appropriate standard design is made.
21
Saleh, Mohamed S. M. "Analysis of Information Security Risks and Protection Management Requirements for Enterprise Networks." Thesis, University of Bradford, 2011. http://hdl.handle.net/10454/5414.
Full textAbstract:
With widespread of harmful attacks against enterprises¿ electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures.
This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed.
The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.
22
Saleh, Mohamed Saad Morsy. "Analysis of information security risks and protection management requirements for enterprise networks." Thesis, University of Bradford, 2011. http://hdl.handle.net/10454/5414.
Full textAbstract:
With widespread of harmful attacks against enterprises' electronic services, information security readiness of these enterprises is becoming of increasing importance for establishing the required safe environment for such services. Various approaches are proposed to manage enterprise information security risks and to assess its information security readiness. These approaches are, however, not adequate to manage information security risks, as all required information security components of its structural and procedural dimensions have not considered. In addition, current assessment approaches lack numerical indicators in assessing enterprise information security readiness. Furthermore, there is no standard approach for analysing cost versus benefit in selecting recommended protection measures. This thesis aims at contributing to the knowledge by developing comprehensive Enterprise Information Security Risk Management (EISRM) framework that integrates typical approaches for information security risk management, and incorporates main components of key risk management methodologies. In addition, for supporting phases of the proposed EISRM framework, analytical models for enterprise information security readiness assessment and cost-benefit analysis are developed. The practical evaluation, using the proposed enterprise information security readiness assessment model has been performed depending on a developed investigation form that used to investigate nine enterprises inside Saudi Arabia. The results demonstrate the effectiveness of the model in assessing and comparing enterprises information security readiness at all levels of the model, using numerical indicators and graphical representations. The EISRM framework and the analytical models presented in this research can be used by enterprises as single point of reference for assessing and cost effectively improving their information security readiness.
23
Rocca, Lorenzo. "Ottimizzazione delle performance del framework biolabicaocheck." Bachelor's thesis, Alma Mater Studiorum - Università di Bologna, 2013. http://amslaurea.unibo.it/6026/.
Full textAbstract:
I documenti cartacei vengono attualmente rimpiazzati dalle loro versioni elettroniche, che contengono anche alcune caratteristiche biometriche; questo ha permesso il controllo automatico, sia quando il documento viene rilasciato, sia quando l'identità della persona deve essere verificata. Per rendere questo possibile è necessario che la fotografia rispetti degli standard di qualità.
Lo standard ISO/IEC 19794-5 fornisce alcune guide linea ed esempi di immagini di volto accettabili e non-accettabili. Negli ultimi anni, molte aziende hanno sviluppato SDK con lo scopo di implementare i test proposti dallo standard.
La tesi si prefigura il compito di fornire un framework che fornisca buone prestazioni, sia per quanto riguarda i tempi sia per l'accuratezza dei risultati.
24
Bielik, Branislav. "Systém pro podporu managementu softwarových aktiv." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2011. http://www.nusl.cz/ntk/nusl-235521.
Full textAbstract:
This work deals with software asset management, types of managed software licenses and also the standards that are related to processes of software asset management. There are specified requirements for a system for SAM (Software Asset Management) and also the design of the system. It deals with the description of the system implementation with the chosen implementation environment, followed with testing of this system and evaluation of results.
25
Trčka, Martin. "Řešení interních hrozeb v managementu bezpečnosti informací." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2013. http://www.nusl.cz/ntk/nusl-224219.
Full textAbstract:
This diploma thesis deals with internal threats in the organization and their restriction with the assistance of DLP system. The first part of the thesis discusses the information security management system and describes requirements for the introduction of the ISO/IEC 27000 standards series. Next chapters detail internal threats and technical description of the DLP system. The second part of the thesis analyzes the organization and describes the process of implementation of DLP solution, which aims to reduce internal threats. The conclusion of the thesis describes acceptance agreement and financial evaluation of the implementation.
26
Peoples, Bruce E. "Méthodologie d'analyse du centre de gravité de normes internationales publiées : une démarche innovante de recommandation." Thesis, Paris 8, 2016. http://www.theses.fr/2016PA080023.
Full textAbstract:
.../<br>“Standards make a positive contribution to the world we live in. They facilitate trade, spreadknowledge, disseminate innovative advances in technology, and share good management andconformity assessment practices”7. There are a multitude of standard and standard consortiaorganizations producing market relevant standards, specifications, and technical reports in thedomain of Information Communication Technology (ICT). With the number of ICT relatedstandards and specifications numbering in the thousands, it is not readily apparent to users howthese standards inter-relate to form the basis of technical interoperability. There is a need todevelop and document a process to identify how standards inter-relate to form a basis ofinteroperability in multiple contexts; at a general horizontal technology level that covers alldomains, and within specific vertical technology domains and sub-domains. By analyzing whichstandards inter-relate through normative referencing, key standards can be identified as technicalcenters of gravity, allowing identification of specific standards that are required for thesuccessful implementation of standards that normatively reference them, and form a basis forinteroperability across horizontal and vertical technology domains. This Thesis focuses on defining a methodology to analyze ICT standards to identifynormatively referenced standards that form technical centers of gravity utilizing Data Mining(DM) and Social Network Analysis (SNA) graph technologies as a basis of analysis. As a proofof concept, the methodology focuses on the published International Standards (IS) published bythe International Organization of Standards/International Electrotechnical Committee; JointTechnical Committee 1, Sub-committee 36 Learning Education, and Training (ISO/IEC JTC1 SC36). The process is designed to be scalable for larger document sets within ISO/IEC JTC1 that covers all JTC1 Sub-Committees, and possibly other Standard Development Organizations(SDOs).Chapter 1 provides a review of literature of previous standard analysis projects and analysisof components used in this Thesis, such as data mining and graph theory. Identification of adataset for testing the developed methodology containing published International Standardsneeded for analysis and form specific technology domains and sub-domains is the focus ofChapter 2. Chapter 3 describes the specific methodology developed to analyze publishedInternational Standards documents, and to create and analyze the graphs to identify technicalcenters of gravity. Chapter 4 presents analysis of data which identifies technical center of gravitystandards for ICT learning, education, and training standards produced in ISO/IEC JTC1 SC 36.Conclusions of the analysis are contained in Chapter 5. Recommendations for further researchusing the output of the developed methodology are contained in Chapter 6
27
Petrusic, Dejan. "En studie av SSL." Thesis, Blekinge Tekniska Högskola, Avdelningen för för interaktion och systemdesign, 2004. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3537.
Full textAbstract:
Dokumentet är ett resultat av studier gjorda under kursen Kandidatarbete I Datavetenskap. Arbetet utforskade, genom fallstudie, två egenskaper av distribuerade informationssystem och relation mellan dessa: säkerhet och prestanda. Målet med fallstudien har varit att belysa nackdelen med användning av Secure Socker Layer (SSL) dvs. dess effekt på hastigheten och fördelen med SSL, dvs. SSL:s roll i informationssäkerhetsarbetet. Arbetet visar hur prestanda i ett tillämpad distribuerat informationssystem kan påverkas av en SSL tillämpning. Systemets responstid testades för skillnader mellan en SSL säkrad uppkoppling och utan. Det testade systemet var ett bokningssystem som används för administration av resor, utvecklat i DotNet utvecklingsplattform. Arbetet har dessutom visat genom studien av informationssäkerhetsstandarden ledningssystem för informationssäkerhet (LIS) vilken plats som SSL protokollet har i informationssäkerhetsarbetet i organisationer. Metoden för jämförelse utvecklades och baserades på interaktionsmodellen. Hypotesen för arbetet var att mjukvara som tillämpar SSL gör att responstiden blir längre men gör också att informationssystemet uppfyller krav enligt standarden för ledningssystem av informationssäkerhet SS-ISO/IEC 17799 och SS 62 77 99-2. Hypotesen bekräftades då resultatet för mätningen visade en ökning på 37,5 % i medel för klienten med säkrad SSL uppkoppling och att resultatet av LIS studien visade att organisationer uppfyller viktiga krav ställda i standarden genom at ha en SSL säkrad kommunikation i sitt informationssystem.<br>This study shows the impact of SSL application on performance in a distributed information system. Further, the case study shows also, through studies of information security standard SS-ISO/IEC 17799, the place that SSL has in applying information security in organisations.<br>dejanpetrusic@hotmail.com, is00dpe@student.bth.se
28
Peoples, Bruce E. "Méthodologie d'analyse du centre de gravité de normes internationales publiées : une démarche innovante de recommandation." Electronic Thesis or Diss., Paris 8, 2016. http://www.theses.fr/2016PA080023.
Full textAbstract:
.../<br>“Standards make a positive contribution to the world we live in. They facilitate trade, spreadknowledge, disseminate innovative advances in technology, and share good management andconformity assessment practices”7. There are a multitude of standard and standard consortiaorganizations producing market relevant standards, specifications, and technical reports in thedomain of Information Communication Technology (ICT). With the number of ICT relatedstandards and specifications numbering in the thousands, it is not readily apparent to users howthese standards inter-relate to form the basis of technical interoperability. There is a need todevelop and document a process to identify how standards inter-relate to form a basis ofinteroperability in multiple contexts; at a general horizontal technology level that covers alldomains, and within specific vertical technology domains and sub-domains. By analyzing whichstandards inter-relate through normative referencing, key standards can be identified as technicalcenters of gravity, allowing identification of specific standards that are required for thesuccessful implementation of standards that normatively reference them, and form a basis forinteroperability across horizontal and vertical technology domains. This Thesis focuses on defining a methodology to analyze ICT standards to identifynormatively referenced standards that form technical centers of gravity utilizing Data Mining(DM) and Social Network Analysis (SNA) graph technologies as a basis of analysis. As a proofof concept, the methodology focuses on the published International Standards (IS) published bythe International Organization of Standards/International Electrotechnical Committee; JointTechnical Committee 1, Sub-committee 36 Learning Education, and Training (ISO/IEC JTC1 SC36). The process is designed to be scalable for larger document sets within ISO/IEC JTC1 that covers all JTC1 Sub-Committees, and possibly other Standard Development Organizations(SDOs).Chapter 1 provides a review of literature of previous standard analysis projects and analysisof components used in this Thesis, such as data mining and graph theory. Identification of adataset for testing the developed methodology containing published International Standardsneeded for analysis and form specific technology domains and sub-domains is the focus ofChapter 2. Chapter 3 describes the specific methodology developed to analyze publishedInternational Standards documents, and to create and analyze the graphs to identify technicalcenters of gravity. Chapter 4 presents analysis of data which identifies technical center of gravitystandards for ICT learning, education, and training standards produced in ISO/IEC JTC1 SC 36.Conclusions of the analysis are contained in Chapter 5. Recommendations for further researchusing the output of the developed methodology are contained in Chapter 6
29
Zacarias, Marta Isabel Gonçalves. "Verification and maintenance of analytical instruments according to ISO/IEC 17025 standard." Master's thesis, 2010. http://hdl.handle.net/10400.1/10727.
Full textAbstract:
Equipment verification and preparation of the documents related to this activity were
made. The equipment verification was performed on balances and analytical balances,
liquid chromatographs and gas chromatographs.
With respect to the balances and analytical balances verification, repeatability,
trueness and drift assays were performed. A SOP containing the instructions for the
verification, forms to register the primary data obtained from the verification assays,
excel sheets to carry out the calculations for the assays, verification notebooks including
the form mentioned above and archives to save all the results obtained from such assays
were prepared.
The performance verification was carried out for two liquid chromatographs. The
following verification assays were performed: injector precision, flow rate precision,
injector linearity and carryover, detector linearity, noise and drift, flow rate trueness and
gradient accuracy. A SOP containing the instructions for the verification, an excel sheet
to carry out the necessary calculations for the verification assays and an archive to save
the obtained chromatograms and results were prepared for each instrument. For one of
the liquid chromatographs a SOP containing the maintenance instructions was written.
Two gas chromatographs were verified, one with Thermal Conductivity Detector
(TCD) and another one with Flame Ionization Detector (FID). The documents related
to the verification and mentioned for the liquid chromatographs were also prepared for
these equipments. The following verification assays were performed: flow rate
precision, detector linearity, noise and drift, oven temperature precision, trueness,
linearity and stability. A SOP containing the maintenance instructions was prepared for
both gas chromatographs.
The proposed objectives were achieved.
30
Su, Yun-yong, and 蘇韵詠. "Preliminary Study on ISO/IEC 31010:2009 Risk management-Risk assessment techniques Standard Clauses." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/xhwdu2.
Full textAbstract:
碩士<br>國立臺灣科技大學<br>營建工程系<br>99<br>Since the 19th century, risk management has developed progressively in various kind of technology due to the resurgence of risk awareness. As different Nations announced their Risk Management Standards, risk assessment techniques and tools for application and selection principle need to be integrated by Influential organization for standardization, thus, the International Organization for standardization and International Electrotechnical Commission joint preparation "ISO/IEC 31010:2009, risk management-risk assessment techniques" standard in 2009. This standard is based on the Risk Management Principles of ISO 31000: 2009 "Risk Management - Principles and Guidelines", and it is also scheduled by the consensus of professional risk assessment techniques, providing a selection concept for all types of organizations and system to applications.
Therefore, in this study, we reference to risk assessment activities of these standards in various standards organization at first, collate and compare the relativity between the risk assessment and the process of risk management standards. After that, We will focus on ISO / IEC 31010 standard and proceed preliminary study on the description of standard contents, and understand the concept of practical reference on risk assessment standards; We expect to provide the concepts, processes and options of a highest level of domestic to international standards of risk management assessment within the country, facilitate all organizations to control the risks effectively, achieve organizational goals by choosing their own methods of risk assessment appropriately.
31
Frangopoulos, Evangelos D. "Social engineering and the ISO/IEC 17799:2005 security standard: a study on effectiveness." Diss., 2007. http://hdl.handle.net/10500/2142.
Full textAbstract:
As Information Security (IS) standards do not always effectively cater for
Social Engineering (SE) attacks, the expected results of an Information
Security Management System (ISMS), based on such standards, can be
seriously undermined by uncontrolled SE vulnerabilities.
ISO/IEC 17799:2005 is the subject of the current analysis as it is the type of
standard not restricted to technical controls, while encompassing proposals
from other standards and generally-accepted sets of recommendations in the
field.
Following an analysis of key characteristics of SE and based on the study of
Psychological and Social aspects of SE and IS, a detailed examination of
ISO/IEC 17799:2005 is presented and an assessment of the efficiency of its
controls with respect to SE is provided. Furthermore, enhancements to
existing controls and inclusion of new controls aimed at strengthening the
defense against Social Engineering are suggested.
Measurement and quantification issues of IS with respect to SE are also dealt
with. A novel way of assessing the level of Information Assurance in a system
is proposed and sets the basis for future work on this subject.<br>Information Systems<br>M. Sc. (Information Systems)
32
Huong, Bui Thi, and 裴氏香. "Impact of Service Quality on Standard ISO/IEC 17025 Implement Process of Test Laboratories in Vietnam." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/04669697101770575404.
Full textAbstract:
碩士<br>樹德科技大學<br>資訊管理系碩士班<br>99<br>Standard ISO/IEC 17025 has been applied in many Testing laboratories in Vietnam as well as in Laboratories worldwide for the past years. This study aimed at assessing the impact of implementation to ISO/IEC 17025 in testing laboratories in Vietnam.
Thus, the very aim of this study is to investigate the impact of ISO/IEC 17025 application on testing performance, or simply stated, how the application of ISO/IEC 17025 can influence the internal staff and the company’s partner as well as external customers about the company’s identity, customers’ satisfaction and their loyalty to the company.
One of the key factors leading to the success implementation of Standard ISO/IEC 17025 is the internal human resources, equipment. Thus, the very aim of this study is to investigate the impact of Standard ISO/IEC 17025 application on testing performance, or simply stated, how the application of Standard ISO/IEC 17025 can influence the internal staff and the company’s partner as well as external customers about the company’s identity, customers’ satisfaction and their loyalty to the company. Besides, the thesis closely looks into the impact of Standard ISO/IEC 17025 on the testing performance of testing service, especially with a focus on the service quality of implementation. In this thesis, a sample model has been developed and suggested by conducting a survey questionnaires on employees, among 120 Testing laboratories in Vietnam, and their employees performing tests.
33
Peet, Michael Andrew. "Technical barriers to trade created for small laboratories with reference to the new international standard ISO/IEC 17025." Thesis, 2014. http://hdl.handle.net/10210/9011.
Full textAbstract:
M.B.A.<br>Laboratories have historically been required to demonstrate competence to test or calibrate against a scope of accreditation that details specific tests and/or measurements in order to ensure equivalence of technical output. The international standardisation community appears to believe that greater focus on quality system elements will contribute to increased confidence in the work performed by organisations that implement them. Unfortunately, a valid system only guarantees consistent output. The potential danger of laboratory tests that are consistent but wrong is too great to be ignored. These fundamentally conflicting philosophies of competence versus compliance are now being combined into one document, the recent revision of ISOIIEC Guide 25 into the ISOIIEC FDIS 17025 General requirements for the competence of testing and calibration laboratories. In preparing for the change to the new standard, smaller laboratories are faced with a potential disproportionate increase in documentation requirements even though their demonstrated competence is already accepted internationally. The primary aim of this research is to determine if there are differences between implementation of the revised standard in a smaller laboratory to that of the larger laboratory that should be considered in order to ensure that the smaller facility is not subject to a potential technical barrier to trade. As part of the research, a questionnaire was created and distributed to test assumptions about the current knowledge of quality requirements within laboratories, the value obtained to date with implementing such systems and the ability of the laboratory staff to cope with more in-depth or any additional quality criteria that might be introduced...
34
Putra, Novreza Utama, and 吳承諾. "Applying quality function deployment (QFD) and failure mode and effect analysis (FMEA) to subcontractor selection in ISO/IEC 17025 standard." Thesis, 2017. http://ndltd.ncl.edu.tw/handle/nra33u.
Full textAbstract:
碩士<br>國立臺灣科技大學<br>工業管理系<br>105<br>In clause 4.5 of ISO/IEC 17025, it outlines the requirements that will be met to ensure the competence of the subcontractor to complete any required test(s) that may impact the quality of results. To evaluate subcontractor competence is usually conducted by assessing the readiness of equipment and manpower involved in production activities. The process of assessing the laboratory by considering the readiness of equipment and manpower of laboratory has been done. However, other factors that significantly affect laboratory performance are to analyze the risk of failure that may occur in every production process in the laboratory, from the process of receiving samples to reports test results sent to the customer. In this study, we apply the quality function deployment (QFD) and failure mode and effect analysis (FMEA) methods for subcontractor selection in ISO/IEC 17025 standard. Our proposed method provides the score of a readiness of equipment and manpower (RoEM) and the risk priority number (RPN) of laboratory for selecting laboratory subcontractor process.
35
Ferreira, Alexandre José Henriques. "Implementação de um Sistema de Gestão de Segurança da Informação em Conformidade com a ISO/IEC 27001." Master's thesis, 2020. http://hdl.handle.net/10316/94643.
Full textAbstract:
Relatório de Estágio do Mestrado em Gestão apresentado à Faculdade de Economia<br>Este relatório de estágio surge no âmbito do Mestrado em Gestão na Faculdade de Economia da Universidade de Coimbra. O objetivo é apresentar as atividades desenvolvidas durante o estágio curricular, levado a cabo na consultora Pahl Consulting, Lda. A Pahl Consulting, Lda. foi contratada por uma entidade pública para estabelecer e implementar um sistema de gestão de segurança da informação (SGSI) que cumprisse os requisitos da norma ISO/IEC 27001. Um SGSI pode ajudar a que uma organização reduza os seus custos ao prevenir e tratar de forma eficaz os incidentes de segurança da informação. Ao cumprir os requisitos da norma ISO/IEC 27001, uma organização consegue não só assegurar a confidencialidade, integridade e disponibilidade das suas informações, mas também aperfeiçoar a sua performance operacional e de mercado. Com o auxílio das normas ISO/IEC 27002 e ISO/IEC 27005, é possível estabelecer, implementar e controlar um sistema de gestão do risco e os controlos de segurança da informação propostos pela norma ISO/IEC 27001 para responder aos seus requisitos. Na maior parte das vezes isso acontece através da criação de políticas e procedimentos que deverão ser adotados por toda a organização. Durante este estágio curricular foi desenvolvido um vasto conjunto de atividades, com particular destaque para a redação dos manuais de procedimentos, que pretendem estabelecer as políticas e os procedimentos que certificam o cumprimento dos controlos de segurança da informação por parte da organização que pretende adotar este SGSI. Para além disso, este relatório retrata, ainda, a metodologia de gestão do risco desenvolvida no âmbito deste projeto. A preocupação com a segurança da informação tem crescido nos últimos anos e espera-se que continue a aumentar. Assim, este relatório pode tornar-se relevante e útil para quem pensa adotar um SGSI e a certificação ISO/IEC 27001. Por outro lado, este estágio contribuiu para um valioso crescimento pessoal e profissional.<br>This report comes under the Master's in Management at the Faculty of Economics of the University of Coimbra. The objective is to present the activities developed during the curricular internship, which took place at Pahl Consulting, Lda. The Pahl Consulting, Lda. was contracted by a public entity to establish and implement an information security management system (ISMS) that complies with the requirements of the ISO/IEC 27001 standard. An ISMS can help an organization to reduce its costs by preventing and effectively handling information security incidents. By meeting the requirements of the ISO/IEC 27001 standard, an organization is able to not only ensure the confidentiality, integrity and availability of its information, but also improve its operational and market performance. With the support of ISO/IEC 27002 and ISO/IEC 27005, it is possible to establish, implement and control a risk management system and the information security controls proposed by ISO/IEC 27001 to meet its requirements. Most of the time this happens through the creation of policies and procedures that must be adopted by the entire organization. During this curricular internship, a wide range of activities was developed, with particular emphasis on writing the manuals aimed to establish the policies and procedures that certify an organization intending to adopt this ISMS in compliance with information security controls. In addition, this report also portrays the risk management methodology developed within the scope of this project. Concern about information security has grown in recent years and is expected to continue increasing. Thus, this report can become relevant and useful for anyone concerning of adopting an ISMS and ISO/IEC 27001 certification. On the other hand, this internship has contributed to a valuable personal and professional growth.
36
Rodrigues, Miguel Afonso Monteiro. "Análise de soluções informáticas para nivelamento da produção numa empresa de produtos eletrónicos para a indústria automóvel." Master's thesis, 2015. http://hdl.handle.net/1822/37127.
Full textAbstract:
Dissertação de mestrado integrado em Engenharia e Gestão Industrial<br>O principal objetivo desta dissertação é realizar a análise e teste de soluções informáticas para
implementação de uma nova ferramenta de nivelamento da produção na área da montagem final.
Com a realização de uma análise crítica à situação atual foi possível verificar que o processo de
nivelamento da produção com recurso a folhas de cálculo Excel é muito moroso e pouco flexível.
Devido ao mercado exigente que as empresas enfrentam, estas tentam otimizar os seus processos de
forma a minimizar o tempo de resposta às solicitações do mercado. Com esta dissertação, pretende-se
realizar toda a análise necessária para apoiar a tomada de decisão sobre qual a melhor solução que
permita um planeamento e nivelamento da produção mais eficiente. Para tal efetuou-se o levantamento
dos requisitos através da caracterização da situação atual. De seguida avaliaram-se as soluções
possíveis (nivelamento da produção no SAP, add-on LMPC, add-on NivPLuS e continuar com o sistema
atual), com recurso ao modelo de qualidade ISO/IEC 25010. Esta norma apresenta e define um
conjunto de parâmetros com o objetivo de padronizar a avaliação da qualidade de um software. Ainda
no âmbito da análise das soluções, realizaram-se testes às duas melhor pontuadas, SAP e o add-on
NivPLuS, de acordo com o modelo mencionado. Na solução SAP, as características melhor
classificadas foram a segurança e a manutenção, enquanto na solução add-on NivPLuS, as
características que se destacaram foram a adequação funcional, confiança e manutenção.
Depois de realizado todo o estudo às soluções possíveis, concluiu-se que a melhor opção é a adoção
do add-on NivPLuS, pois cumpre com todos os requisitos identificados, além de possuir outras
potencialidades suscetíveis de serem utilizadas como mais-valias para a empresa. A implementação
desta ferramenta informática irá permitir que os processos de planeamento sejam realizados de forma
mais eficaz e diminuir o tempo de resposta a variações do mercado. Através da integração do add-on
NivPLuS com os atuais sistemas informáticos será possível obter informação mais fiável e menos
propícia a erros. As avaliações e conclusões apresentadas neste documento foram tidas em conta
pelos responsáveis da empresa, os quais tomaram a decisão de prosseguir com a implementação da
solução sugerida.<br>The main goal of this work is to do a feasibility study of the implementation of a new software solution
for production levelling in final assembly areas.
After conducting a critical analysis of the current situation, it was possible to verify that the production
planning process using Excel spreadsheets was very time consuming and inflexible. Due to the
demanding market that companies face, they try to optimize their processes so that their response
times to market requests can be minimized. With this work, it is intended to perform all the analysis
required to support the decision making on the best solution that will allow a more efficient production
planning and levelling. With this in mind, it was performed a survey of the requirements through the
characterization of the current situation. In the next step, it was evaluated the possible solution
(production levelling on SAP, LMPC add-on, NivPLuS add-on and continue with the actual system),
using the software quality model ISO/IEC 25010. This standard presents and defines a number of
characteristics to standardise the evaluation of a software’s quality. In what the solution analysis still
concerns, some trials were executed to the two highest scored solutions, SAP and NivPLuS add-on, in
accordance with the mentioned standard. In SAP’s solution, the characteristics that were better ranked
were its security and its maintenance, while in NivPLuS’ add-on solution, the characteristics that were
highlighted were its functional suitability, its reliability and its maintenance.
After the study of the possible solutions, it can be concluded that the best option is the adoption of
NivPLuS add-on because not only does it fulfil all the requirements identified but it does also have other
functionalities that could be assets to the company. The implementation of this tool will allow the
planning process to be done in a more effective way and to reduce response times to the variations of
the market. By integrating NivPLuS’ add-on with the current informatic systems, it will be possible to get
more reliable information and which would be less prone to errors. The assessments and conclusions
presented in this document were taken into account by the company, which took the decision to go
forward with the implementation of the suggested solution.
37
Azevedo, João Pedro Basílio. "Análise de segurança e aperfeiçoamento de uma rede universitária de telecomunicações." Master's thesis, 2019. http://hdl.handle.net/10400.13/2342.
Full textAbstract:
A Segurança da Informação é hoje uma vertente fundamental da segurança dos recursos e ativos das empresas, das organizações e das instituições, visto todo o mundo estar totalmente interligado através da internet. A mesma é alcançada pela implementação de um conjunto adequado de controlos, incluindo políticas, processos, procedimentos, estrutura organizacional e funções de software e hardware. Estes controlos precisam ser estabelecidos, implementados, monitorizados, analisados criticamente e melhorados para assegurar que os objetivos da empresa/organização bem como da sua segurança no geral sejam atendidos. O cumprimento das normas não é suficiente, é necessário provar que estão a ser cumpridas com auditorias regulares que produzem os relatórios com as melhores práticas de segurança.
A UMa é uma universidade complexa na medida em que apresenta uma rede de telecomunicações com um grau de complexidade médio alto, por os sistemas da universidade envolverem três edifícios, equipamentos de rede, sistemas de informação, onde milhares de utilizadores (alunos, docentes, funcionários, convidados, etc…) estão diariamente em contacto com eles. Dessa forma, o nível de segurança da universidade, também complexo, apresenta alguns problemas/defeitos. O cerne deste trabalho foi identificar quais os problemas de segurança que a universidade enfrenta, atualmente, tais como a inexistência de normas, processos e/ou procedimentos, formais, para uma boa gestão de segurança, entre outros.
Nesta sequência, efetuou-se um levantamento e um estudo de vários conceitos, normas, metodologias e processos por forma a ver qual seria a melhor abordagem a esses problemas da UMa. Embora terem sido identificadas inúmeras formas de abordar os problemas, optou-se por abordar especificamente a família das normas 27000 por ser vocacionada para a área da segurança da informação, sistemas de gestão.
Deste modo foi efetuada a caracterização à UMa, recorrendo ao levantamento de várias informações sobre a situação e estado atual da rede da UMa, onde foram identificados um conjunto de problemas. Foi definida uma metodologia de análise por forma a analisar e avaliar esse conjunto de problemas para a obtenção do nível de risco de segurança que a UMa enfrenta e por fim foi proposto a definição de um conjunto de políticas para os mitigar.
Como resultados do trabalho, foram definidas seis políticas de segurança, complementadas com onze controlos, associadas aos domínios (Política de Segurança da Informação; Organização de Segurança da Informação; Controlo de Acesso; Segurança Física e Ambiental) das normas abordadas (ISO/IEC 27001 e ISO/IEC 27002).<br>Information Security is today a fundamental aspect of the security of resources and assets of companies, organizations and institutions, since the whole world is totally interconnected through the internet. It is achieved by implementing an adequate set of controls, including policies, processes, procedures, organizational structure, and software and hardware functions. These controls need to be established, implemented, monitored, critically reviewed and improved to ensure that the objectives of the company/organization as well as their overall safety are met. Compliance with standards is not enough, it is necessary to prove that they are being met with regular audits that produce reports with best security practices.
The University of Madeira is a complex university in that it has a medium-high complexity telecommunications network, because the university's systems involve three buildings, network equipment, information systems, where thousands of users (students, teachers , employees, guests, etc ...) are in daily contact with them. In this way, the university security is also complex and presents some problems/faults. The core of this work was to identify the security problems that the university currently faces, such as the lack of formal norms, processes and/or procedures, for good security management, among others.
In this sequence, a survey and a study of several concepts, standards, methodologies and processes was carried out in order to see what would be the best approach to these UMa problems. Although many ways of addressing problems have been identified, it was decided to specifically address the 27000 family of standards because it is geared to the area of information security, management systems.
In this way, the UMa was characterized, using a survey of various information about the current situation and state of the UMa network, where a set of problems were identified. An methodology analysis was defined in order to analyze and evaluate this set of problems to obtain the level of security risk faced by UMa and finally it was proposed the definition of a set of policies to mitigate them.
As a result of the work, six security policies, supplemented by eleven controls, associated to the domains (Information Security Policy, Information Security Organization, Access Control, Physical and Environmental Security) were defined as standards (ISO / IEC 27001 and ISO / IEC 27002).
38
Carvalho, Carla Margarida da Rocha. "Segurança e auditoria em sistemas de informação e comunicação: implementação numa entidade pública." Master's thesis, 2018. http://hdl.handle.net/10400.13/2231.
Full textAbstract:
O incremento da produção de informação digital, os desafios à comunicação segura e à manutenção e salvaguarda dos dados estão a par com o aumento da criminalidade informática manifestada através de técnicas de intrusão e aproveitamento de vulnerabilidades. Este cenário impõe às empresas a realização de melhorias aos paradigmas da segurança, sob pena de verem comprometido um bem fundamental à sua própria existência: a INFORMAÇÃO.
Para melhor enfrentar os perigos e desafios da presença no ciberespaço, pretendeu a empresa pública Investimentos Habitacionais da Madeira, EPERAM (IHM) analisar e elevar o nível de segurança da informação e das comunicações seguindo as boas práticas desta área, pois, não obstante os procedimentos já aplicados, os eventos de segurança são ainda abordados maioritariamente a jusante e de forma reativa.
Investigado o estado da arte sobre normas, frameworks e certificações para a segurança da informação, consultada legislação relacionada e realizada uma análise à situação atual da empresa, foi proposta uma metodologia, fundamentada na gestão do risco, para o estabelecimento, implementação, manutenção e melhoria, de forma contínua, de um sistema de gestão de segurança da informação, através de um conjunto de 18 processos com enquadramento na norma NP ISO/IEC 27001:2013. Paralelamente, para garantir a sua sustentabilidade, foi aplicado o ciclo contínuo PDCA, que foi útil para que os controlos de segurança pudessem ser já implementados e medidos. Foi incorporada na metodologia proposta a norma NIST SP 800-61r2, com 4 processos, pela especificidade no campo da gestão de incidentes.
A implementação resultou na definição de 8 políticas, acompanhadas de 47 controlos de segurança, dos quais 37 foram medidos. Os resultados permitiram identificar as melhorias necessárias mais prementes através de um esquema de cores. O recurso ao modelo corporativo de governança e gestão de tecnologias de informação - COBIT 5 - contribuiu para a realização posterior de uma análise à capacidade dos processos e aferição da sua maturidade.<br>The increase in the production of digital information, the challenges to communication’s security and to the maintenance and safeguarding of data are in line with the increase in computer crime manifested through intrusion techniques and exploitation of vulnerabilities. This scenario imposes on companies the realization of improvements to the security paradigms, under penalty of being compromised a fundamental asset to their own existence: INFORMATION.
To better face the dangers and challenges of the presence in cyberspace, the public company Investimentos Habitacionais da Madeira, EPERAM (IHM) intended to analyze and raise the level of information and communications security following good practices in this area, since, despite the procedures already applied, security events are still mostly addressed downstream and reactively.
After an investigation to the state of the art on norms, frameworks and certifications for information security, the examination of related legislation and the carried out an analysis to the current situation of the company, a methodology, based on risk management, was proposed for the establishment, implementation, maintenance and improvement in a continuous way, of an information security management system, through a set of 18 processes covered by the NP ISO/IEC 27001:2013 standard. In parallel, to ensure its sustainability, the PDCA continuous cycle was applied, which was useful so that the safety controls could be already implemented and measured. The NIST SP 800-61r2 standard was incorporated into the proposed methodology, with 4 processes, for its specificity in the field of incident management.
The implementation resulted in the definition of 8 policies, accompanied by 47 safety controls, of which 37 were measured. The results allowed the identification of the necessary improvements through a color scheme. The use of the corporate governance and information technology management model - COBIT 5 - contributed to the subsequent accomplishment of an analysis of the processes’ capacity and measurement of their maturity.