About
455
Publications
159,164
Reads
How we measure 'reads'
A 'read' is counted each time someone views a publication summary (such as the title, abstract, and list of authors), clicks on a figure, or views or downloads the full-text. Learn more
11,661
Citations
Publications
Publications (455)
Digital ecosystems and platforms require a business model, which is a model of how a business creates, delivers, and captures value. We argue that the business model should be a networked business model, as ecosystems and platforms are connected networks of organizations and consumers. Furthermore, we emphasize that a business model should be a con...
The design of digital platforms and ecosystems is a challenging problem that involves technical, organizational, and business aspects. In this context, modeling languages for creating conceptualizations are crucial to support the design of comprehensive ecosystems. However, the creation of conceptual models requires the input and expertise of pract...
For many companies, information and communication technology (ICT) is an essential part of the value proposition. Netflix and Spotify would not have been possible without internet technology.
Over the past decade, we have seen the rise of many centralized ecosystems. Examples include Facebook, Amazon, Google, WhatsApp, WeChat, Uber, and many more. We call these centralized ecosystems because they are controlled (a.k.a. governed) by companies after which the entire ecosystem is named. The controlling party usually takes an intermediate p...
For many companies, information and communication technology (ICT) is an essential part of the value proposition. Netflix and Spotify would not have been possible without internet technology. Business model upscaling often requires a different ICT architecture, because an up-scaled business model imposes different performance requirements. This new...
Information and communication technology (ICT) is a significant part of business value propositions. Netflix and Spotify would not have been possible without internet technology. Therefore, it is not sufficient to consider the ICT of a business as a cost center only. Rather it drives profit, and hence should be considered in concert with the busine...
Quality Requirements (QRs) pose challenges in many agile large-scale distributed enterprise systems. Often, enterprises counter such challenges by borrowing some heavyweight practices, e.g. adding more documentation. At the same time, agile methodologists proposed several scaled agile frameworks to specifically serve agile enterprises working on la...
Quality Requirements (QRs) pose challenges in many agile large-scale distributed projects. Often, project organizations counter these challenges by borrowing some heavyweight practices, e.g. adding more documentation. At the same time, agile methodologists proposed a few scaled agile frameworks to specifically serve agile organizations working on l...
An enterprise architecture (EA) is a high-level representation of an enterprise, used for managing the relation between business and IT. In order to improve the contribution of IT to the business, all elements of an EA should be traceable to the business model and vice versa. However, in practice this is not the case. In addition to reasoning about...
Increasingly, large tech firms dominate ecosystems. From a societal perspective this is not always beneficial since these companies behave as value extractors; they charge an unreasonable high fee for their services and they can do so because they are monopolists. A possible solution to this substantial power concentration can be decentralized ecos...
Cloud computing is a growing part of the IT industry and is seen collectively as a solution to manage data and systems effectively. In numerous areas, cloud computing is being used as the standard for deploying application areas include; banking, telecommunications, and logistics. However, migrating IT infrastructure and applications to the cloud c...
Increasingly, large tech firms dominate ecosystems. This domination is from a societal perspective not always beneficial since these companies behave as value extractors; they charge an unreasonably high fee for their services because they become monopolists. A possible solution to this substantial power concentration can be decentralized ecosystem...
Peer-to-peer networks are gaining momentum, and its revolution is accelerating. Examples of peer-to-peer systems are Bitcoin and Corda, which are enabled by blockchain technology. Even the firmest supporters of blockchain, acknowledge the most significant challenge for successful adoption and growth of peer-to-peer networks is governance in a decen...
Increasingly, large tech firms dominate eco-systems. From a societal perspective this is not always beneficial since these companies behave as value extractors; they charge an unreasonable high fee for their services and they can do so because they are monopolists. A possible solution to this substantial power concentration can be decentralized eco...
Distributed Ledger Technology (DLT) is an emerging technology to remove middlemen from an ecosystem. However, many DLT/BC projects are very technologically oriented and fail to address the business case and the redesign of its ecosystem. Therefore, many DLT/BC projects do fail. We propose a minimalistic decision tree to check whether a business cas...
An enterprise architecture (EA) is a high-level representation of the enterprise, used for managing the relation between business and IT. In order to improve reasoning about the contribution of IT to the business, all elements of an EA should be traceable to the business model and vice versa. However, in practice this is not the case. Realizing thi...
Risk management is today a major steering tool for any organisation wanting to deal with information system (IS) security. However, IS security risk management (ISSRM) remains a difficult process to establish and maintain, mainly in a context of multi-regulations with complex and inter-connected IS. We claim that a connection with enterprise archit...
After a large incident on a telecommunications network, the operator typically executes an incident analysis to prevent future incidents. Research suggests that these analyses are done ad hoc, without a structured approach. In this paper, we conduct an investigation of a large incident according to the AcciMap method. We find that this method can b...
Many blockchain applications do not survive the proof-of-
concept phase. We argue that most of these applications do not have a
high potential business use case. As blockchain is an expensive technology
to deploy and develop, it calls for disruptive use cases. These use cases
should exploit the philosophy of blockchain technology, namely (1)
remova...
Context: Requirements Engineering (RE) has established itself as a software engineering discipline over the past decades. While researchers have been investigating the RE discipline with a plethora of empirical studies, attempts to systematically derive an empirical theory in context of the RE discipline have just recently been started. However, su...
Context
Engineering quality requirements in agile projects does not fit organically with agile methods. Despite the agile community acknowledges this, little empirical evidence has been published on this topic.
Objective
This exploratory qualitative interview-based study explicates the challenging situations experienced by practitioners in enginee...
An early warning system (EWS) is a distributed system that monitors the physical world and issues warnings if it detects abnormal situations. The Internet of Things (IoT) offers opportunities to improve monitoring capabilities of EWS and to realize (near) real-time warning and response. This paper presents the development of an interoperable IoT-ba...
The application of agile practices for requirements prioritization in distributed and outsourced projects is a relatively recent trend. Hence, not all of its facets are well-understood. This exploratory study sets out to uncover the concepts that practitioners in a large software organization use in the prioritization process and the practices that...
This chapter reports on the design of an integration platform that supports the collection and analysis of third‐party, real‐time data for the dynamic planning of cargo transportation. Especially, flexible allocation of cargo to transportation modes and routes is targeted, also known as synchromodal transportation. The chapter presents a domain mod...
In the last few years, agile development methods are getting increasingly popular in large-scale distributed contexts. Despite this popularity, empirical studies have reported several challenges that large-scale distributed agile projects face regarding the implementation of quality requirements. However, there is little known about the mechanisms...
After a risk has manifested itself and has led to an accident, valuable lessons can be learned to reduce the risk of a similar accident occurring again. This calls for accident analysis methods. In the past 20 years, a large number of accident analysis methods have been proposed and it is difficult to find the right method to apply in a specific ci...
Modern e-services are provided by networks of collaborating businesses. However, collaborators, and even customers, don't always behave as expected or agreed upon, and fraudsters attempt unfair exploitation, legally or illegally.Profitability assessments of e-services should therefore look beyond revenue streams and also consider threats to the fin...
Requirements Engineering (RE) has established itself as a software engineering discipline during the past decades. While researchers have been investigating the RE discipline with a plethora of empirical studies, attempts to systematically derive an empirically-based theory in context of the RE discipline have just recently been started. However, s...
[Context and Motivation] Focusing single-mindedly on delivering functional requirements while neglecting quality requirements has been a point of criticism of Agile software development methods since their introduction. [Question/problem] Empirical evidence on the challenges that organizations currently face when dealing with quality requirements i...
Design problem: How toimprove the semantic interoperability of IoTEarly Warning Systems (EWSs) for emergency services?
Identifying threats and risks to complex systems often requires some form of brainstorming. In addition, eliciting security requirements involves making traceable decisions about which risks to mitigate and how. Due do their complexity, system security cannot be formally proven. Instead, some researchers have turned to modelling the claims underpin...
Agile software development methods have become increasingly popular in the last years. Despite its popularity, Agile has been criticized for focusing on delivering functional requirements and neglecting the quality requirements. Several studies have reported this shortcoming. However, there is little know about the challenges organizations currentl...
Coordination processes are business processes that involve independent profit-and-loss responsible business actors who collectively provide something of value to a customer. Coordination processes are meant to be profitable for the business actors that execute them. However, because business actors are independent, there is also an increased risk o...
Design problem:improve interoperability of IoT Early Warning Systems (EWSs) to detect emergency risks. Collaboration (open call): scenario of detecting accidents at the port of Valencia, interoperating wearable medical devices with IoT platforms to react quickly, reducing time responses during accidents.
In addition to in-house applications, networked
enterprises are increasingly using data and services from various
external sources. Conversion of data to useful information
and IT alignment with business goals are big challenges faced
by these enterprises. Integration platforms (IPs) aid enterprises
in solving such challenges. However, the large nu...
As part of our co-operation with the Telecommunication Agency of the Netherlands, we want to formulate an accident analysis method and model for use in incidents in telecommunications that cause service unavailability. In order to not re-invent the wheel, we wanted to first get an overview of all existing accident analysis methods and models to see...
As we have described in Chap. 1, achieving alignment between business and IT is one of the most important drivers for architecture. Architecture alignment is the problem of designing architectures at the infrastructure, application, and business levels such that each fits optimally with the other architectures. By studying project documentation obt...
The file is freely available at: http://www.ceur-ws.org/Vol-1796/resacs-paper-2.pdf.
Self-adaptive systems need to be designed with respect to threats within their operating conditions. Identifying such threats during the design phase can benefit from the involvement of stakeholders. Using a system model, the stakeholders, who may neither be IT exp...
Context and Motivation: Agile development methods have become increasingly popular in the last years. However, these methods hardly pay attention to quality requirements (QRs), which could undermine the profits of fast delivery by introducing high rework efforts later on. This risk is high especially in agile large-scale distributed settings. Quest...
Enterprise modelling (EM) is concerned with discovering, structuring and representing domain knowledge pertaining to different aspects of an organization. Participative EM, in particular, is a useful approach to eliciting this knowledge from domain experts with different backgrounds. In related work, tangible modelling (modelling with physical obje...
Coordination processes are business processes that involve independent profit-and-loss responsible business actors who collectively provide something of value to a customer. Coordination processes are meant to be profitable for the business actors that execute them. However, because business actors are independent, there is also an increased risk o...
Most established security risk assessment method-ologies aim to produce ranked lists of risks. But ranking requires quantification of risks, which in turn relies on data which may not be available or estimations which might not be accurate. As an alternative, we have previously proposed argumentation-based risk assessment. In this paper, based on p...
Requirements Engineering (RE) has received much attention in research and practice due to its importance to software project success. Its inter-disciplinary nature, the dependency to the customer, and its inherent uncertainty still render the discipline dicult to investigate. This results in a lack of empirical data. These are necessary, however, t...
Modern e-service providers rely on service innovation to stay relevant. Once a new service package is designed, implementation-specific aspects such as value (co-)creation and cost/benefit analysis are investigated. However, due to time-to-market or competitive advantage constraints, innovative services are rarely assessed for potential risks of fr...
How to improve the semantic interoperability among early warning systems (EWS) for epidemiological surveillance: How to design and implement the detection of pre-epidemic situations and the adequate response actions? How to exchange the detected situation messages among EWS and their components? How to identify pre-epidemic situations not specif...
Software requirements specifications (SRSs) often lack the detail needed to make informed architectural decisions. Architects therefore either make assumptions, which can lead to incorrect decisions, or conduct additional stakeholder interviews, resulting in potential project delays. We previously observed that software architects ask Probing Quest...
Commercially provided electronic services commonly operate on top of a complex, highly-interconnected infrastructure, which provides a multitude of entry points for attackers. Providers of e-services also operate in dynamic, highly competitive markets, which provides fertile ground for fraud. Before a business idea to provide commercial e-services...
Conceptual models represent social and technical aspects of the world relevant to a variety of technical and non-technical stakeholders. To build these models, knowledge might have to be collected from domain experts who are rarely modelling experts and don’t usually have the time or desire to learn a modelling language. We investigate an approach...
Failure to identify and analyze architecturally significant functional and non-functional requirements (NFRs) early on in the life cycle of a project can result in costly rework in later stages of software development. While NFRs indicate an explicit architectural impact, the impact that functional requirements may have on architecture is often imp...
Abstract---Software energy efficiency is a research topic where experimentation is widely adopted. Nevertheless, current studies and research approaches struggle to find generalizable findings that can be used to build a consistent knowledge base for energyefficient software. To this end, we will discuss how to combine the traditional hypothesis-dr...
Socio-technical models are models that represent social as well as technical elements of the modeling subject, where the technical part consists of both physical and digital elements. Examples are enterprise models and models of the target of assessment used in risk assessment. Constructing and validating these models often implies a challenging ta...
General theories of software engineering must balance between providing full understanding of a single case and providing partial understanding of many cases. In this paper we argue that for theories to be useful in practice, they should give sufficient understanding of a sufficiently large class of cases, without having to be universal or complete...
[Context and motivation] It is desirable that requirement engineering methods are reliable, that is, that methods can be repeated with the same results. Risk assessments methods, however, often have low reliability when they identify risk mitigations for a system based on expert judgement. [Question/problem] Our goal is to assess the reliability of...
Commercial services are of utmost importance for the economy. Due to the widespread use of information and communication technologies, many of these services may be delivered online by means of service value networks. To automate this delivery, however, issues such as composition, integration, and operationalization need to be addressed. In this pa...
i* is a well known goal modeling framework, developed by a large and geographically dispersed research community. Currently, i* users tend to ascribe different and conflicting meanings to its constructs, leading to a non uniform use of the language, and consequently undermining its adoption. In previous works, we proposed ontological guidelines to...
ARMOR is a graphical language for modeling business goals and enterprise architectures. In previous work we have identified problems with understandability of goal-oriented concepts for practicing enterprise architects. In this paper we replicate the earlier quasi-experiments with experts in requirements engineering, to see if similar problems aris...
Telecommunication services are complex product packages that rely on a large and complex technical infrastructure. However, fraudulent use of such telecommunication services rarely exploits hardware vulnerabilities. Instead, most common exploits operate at a business level, capitalizing on the unexpected interaction between various product packages...
Analogic inference is generalization by similarity. In our schema of inferences (Fig. 15.1), analogic inference is done after abductive inference. What we generalize about by analogy is not a description of phenomena, nor a statistical model of a population, but an explanation. In Sect. 15.1, we show that it can be used in case-based and in sample-...
To frame a research project, you have to specify its research goal (Sect. 2.1). Because a design science project iterates over designing and investigating, its research goal can be refined into design goals and knowledge goals. We give a template for design problems in Sect. 2.2 and a classification of different kinds of knowledge goals in Sect. 2....
An observational case study
is a study of a real-world case without performing an intervention. Measurement may influence the measured phenomena, but as in all forms of research, the researcher tries to restrict this to a minimum.
A single-case
mechanism experiment is a test of a mechanism in a single object of study with a known architecture. The research goal is to describe and explain the cause-effect behavior of the object of study. This can be used in implementation evaluation and problem investigation, where we do real-world research. It can also be used in validation...
The road map of this book was shown in outline in the Preface, and is here shown with more detail in Fig. 16.1 (Research Goals and Research Questions). As stated in the Introduction, design science research iterates over solving design problems and answering knowledge questions. Design problems that need novel treatments are dealt with rationally b...
A design science project iterates over the activities of designing and investigating. The design task itself is decomposed into three tasks, namely, problem investigation, treatment design, and treatment validation. We call this set of three tasks the design cycle, because researchers iterate over these tasks many times in a design science research...
Technical action research (TAR)
is the use of an experimental artifact to help a client and to learn about its effects in practice. The artifact is experimental, which means that it is still under development and has not yet been transferred to the original problem context. A TAR study is a way to validate the artifact in the field. It is the last...
We now turn to the empirical cycle, which is a rational way to answer scientific knowledge questions. It is structured as a checklist of issues to decide when a researcher designs a research setup and wants to reason about the data produced by this setup.
Treatments are designed to be used in the real world, in the original problem context. Once they are implemented in the original problem context, this is an important source of information about the properties of the artifact and about the treatment that it provides. This may or may not trigger a new iteration through the engineering cycle.
To do a design science project, you have to understand its major components, namely, its object of study and its two major activities. The object of study is an artifact in context (Sect. 1.1), and its two major activities are designing and investigating this artifact in context (Sect. 1.2). For the design activity, it is important to know the soci...
To validate a treatment is to justify that it would contribute to stakeholder goals when implemented in the problem context. If the requirements for the treatment are specified and justified, then we can validate a treatment by showing that it satisfies its requirements. The central problem of treatment validation is that no real-world implementati...
Design science research projects take place in normative context of laws, regulations, constraints, ethics, human values, desires, and goals. In this chapter, we discuss goals. In utility-driven projects, there are stakeholders who have goals that the research project must contribute to. In exploratory projects, potential stakeholders may not know...
Descriptive inference
summarizes the data into descriptions of phenomena (Fig. 12.1). This requires data preparation (Sect. 12.1). Any symbolic data must be interpreted (Sect. 12.2), and quantitative data can be summarized in descriptive statistics (Sect. 12.3). The descriptions produced this way are to be treated as facts,
and so ideally there sho...
In a statistical difference-making experiment,
two or more experimental treatments are compared on samples of population elements to see if they make a difference, on the average, for a measured variable.More than two treatments may be compared, and more than one outcome measure may be used. Different treatments may be applied to different objects...
When we design and investigate an artifact in context, we need a conceptual framework to define structures in the artifact and its context. In Sect. 8.1, we look at two different kinds of conceptual structures, namely, architectural and statistical structures. In information systems and software engineering research, the context of the artifact oft...
Like all scientific research, design science aims to develop scientific theories. As explained earlier in Fig. 1. 3, a design science project starts from a knowledge context consisting of scientific theories, design specifications, useful facts, practical knowledge, and common sense. This is called prior knowledge.
The set of scientific theories us...
Abductive inference is inference to the best explanation(s). The traditional definition of abduction is that it traverses deduction in the backward direction: From p → q and q, we may tentatively conclude that p. We know that fire implies smoke, we see smoke, and we conclude that there is fire. There is no deductively certain support for this, and...
Statistical inference
is the inference of properties of the distribution of variables of a population, from a sample selected from the population (Fig. 13.1). To do statistical inference, your conceptual research framework should define the relevant statistical structures, namely, a population and one or more random variables (Chap. 8, Conceptual F...
In design science projects, there may be uncertainty about stakeholders and their goals, and so treatment requirements may be very uncertain. It nevertheless pays off to spend some time on thinking about the desired properties of a treatment before designing one. The requirements that we specify provide useful guidelines for searching possible trea...
Figure 11.1 shows again the architecture of the empirical research setup. In this chapter, we discuss the design of each of the components of the research setup, namely, of the object of study (Sect. 11.1), sample (Sect. 11.2), treatment (Sect. 11.3), and measurement (Sect. 11.4).
Fig. 11.1
Empirical research setup, repeated from Fig. 10. 2. In obs...
Information Security Risk Assessment can be viewed as part of requirements engineering because it is used to translate security goals into security requirements, where security requirements are the desired system properties that mitigate threats to security goals. To improve the defensibility of these mitigations, several researchers have attempted...
ArchiMate is a graphical language for modelling business goals and enterprise architecture. In previous work we identified possible understandability issues with the goal-oriented notations in ArchiMate. [Problem] We investigated how understandable the goal-oriented concepts really were in two quasi-experiments with practitioners. [Principal ideas/...