SlideShare ist ein Scribd-Unternehmen logo

Stakeholders in Systems Design

Als PPTX, PDF herunterladen
Mark Underwood
Mark Underwood

Presents a more expansive view of "stakeholders" in systems design, specifically beyond purely human notions. Produced for use by the IEEE P7000 working group "Model Process for Addressing Ethical Concerns During System Design."

Software
1 von 31
Stakeholders in Systems Design Identify, Model, Service, Audit, Defend CC BY-SA Attribution ShareAlike M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 1
Stakeholder study is conventionally part of requirements engineering. Requirements engineering is often lightly developed in systems development organizations. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 2
Identification  Stakeholder identification process can be (too) casual  Are a single retail customer’s dependents and relatives also stakeholders?  What is different about an enterprise customer?  Stakeholders can be internal to an enterprise  Not unusual to have both internal and external stakeholders  Big Data => more external, hard-to-anticipate stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 3
Warning  A stakeholder is not necessarily beneficial or even benign  Stakeholders can sue you  Stakeholders can be regulators  Stakeholders can be domestic or foreign governments  Competitors can be stakeholders (Lack of confidence in an entire sector can affect revenue, viability)  Some conventional stakeholder notions are weak: Pub/Sub fails because some stakeholders are producers, others are consumers, and still others do both M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 4
Casual Elicitation, Identification Casual doesn’t write code, but can help elicit requirements and identify stakeholders. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 5
Stakeholder Identification: Reality Check Excel is not a mature engineering tool but works well when paired with a savvy analyst. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 6
Simple (Simplistic?) Approaches Still Prevail A stakeholder is an actor in a story  Storytelling can be as simple or as complex as human discourse  Vignettes can include nominal stakeholders as well as outliers and exceptions  Storytelling is essential for situation awareness, central to decision support systems  Some developers may not be good at recognizing / honoring stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 7
Casual Stakeholder Elicitation Processes  Study existing “business” processes and ecosystems  Ask current “users”  Follow the money (i.e., on whom are resources being spent?)  Stakeholder mapping: As casual as the analyst doing it  Exploit risk, security, safety, quality frameworks  Constraint-based (Jastram M. & Kara, A.) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 8
Less Casual Identification Methods More detailed, deeper granularity, but not necessarily “code” M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 9
Stakeholder Elicitation: Deeper Dives  Unpack transactions (the “Who” in Who, What . . . )  Study policy groups in Active Directory and LDAP (existing, proposed)  Extract from discipline-specific Body of Knowledge, e.g., accounting, civil engineering, cybersecurity, law  Dataflow Model: User Interface “touch”  “Acceptance Testing” (Test for value)  Study BPMN and SysML adoption (rare) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 10
Stakeholder as Agent  Mature concept in software engineering  Encompasses software-based and human agents  Distributed systems agent approach is IoT-friendly M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 11
Stakeholders in Model Based Software Engineering  Stick figures in UML  MBSE Advantages  MBSE Adoption Prospects M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 12
Stakeholders in SysML  “With version 1.4 SysML provides a model element for stakeholders. The stakeholder has a name and a list of stakeholder concerns. The concerns are comment model elements. The relationship between the stakeholder and the comments has no notation. The SysML model element stakeholder extends the UML classifier, i.e. a stakeholder could be a special actor as well as a special block. The stakeholder is defined in the context of the view and viewpoint concept. It is not the common stakeholder known from requirements engineering.”  Credit: OOSE @OOSENews M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 13
M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 14 In SysML 1.4, viewpoint has some updated properties: • concernLIst is a list of concerns of the stakeholders that should be addressed by this viewpoint. Each concern is modeled by a comment. There is a relationship notation defined between viewpoints and comments. • concern is a derived property that lists the bodies of the comments of the concernList. • method is a derived property that shows the behavior that is used to create the view. It is derived from the behavior of the constructor of the viewpoint (see below). • language specifies a list of languages used to express the models that represent content which is represented by the view. • presentation defines a prescription of the format and style of the view. • stakeholder is a list of stakeholders whose concerns are to be addressed by the view.
SysML for Forest Fire Detection System M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 15
SysML Viewpoints (notional) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 16
Builder’s Intentions Other significant meanings for Stake-holder Transparency Portals Promises, Promises and Terms of Use Image Via Wikipedia [] M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 17
Stakeholder Contract Models  Electronic Health Record Consent  Genomics Research: Genetics testing and “Precision Medicine”  IT Administration (think “root” access)  Cross-, Inter-organizational (think Big Data)  Populations impacted by AI or data science analytics  Consent withdrawal, expiration, transfer, delegation  Management by exception  Regulated vs. Voluntary  Corporate Merger/Acquisition  Software contracts (e.g., Blockchain contracts) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 18
Stakeholder Attributes: A Flyover  Person or Agent  Pointer to value construct  Workflow stage / position (BPML terminology?)  Role as attribute (e.g., role-based controls from RBAC security )  Non-role attributes (e.g., attribute-based controls from ABAC security) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 19
Views of Stakeholders Stakeholders must be integrated into system-aware contexts M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 20
Stakeholders in Agile Development  Stakeholders in user stories  Canonical or cross-domain user stories  Domain-specific user stories  Design patterns for user stories  (?) Proxy stakeholder role in test engineering, QA, configuration management  (?) Proxy stakeholder engagement in continuous improvement M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 21
Modeling and Simulation of Stakeholders  M&S has relatively mature standards, but not often used in systems design  Simulate traceability, impact of value “breach”  May prove essential for DevOps  Scalability matters to stakeholders (think Healthcare.gov)  Model impact of compromised values (e.g., operationalize risk, forensics, mitigation playbooks) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 22
Possible P7000 Implications Jumping off points for discussion M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 23
Next Steps?  Collect use cases, esp. with workflow-, life cycle stage-dependent nuance  E.g., disabled access in smart building design (OpenBIM ontology)  Study connections to various life cycle standards  Identify stakeholder design patterns  Possible subgroup / subtopic affiliations: model-based engineering  Identify useful work in other standards  New concepts?  “Value Defense,” analog of “Network Defense”  “Value Resilience,” analog of “Systems Resilience”  Value Audit, Value Forensics, Value Breach M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 24
Stakeholder Mapping Tables  Map Stakeholder to:  Value matrix  Risk matrix  Safety matrix (risk + mitigation measures)  Compliance  Dependency Model  Software Component (UI, portal, communications text, module, interoperability) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 25
Special Problems  Abandoned systems and components  Microservices for stakeholder visibility  Stakeholder Service Orchestration  Problems with stakeholder self-service expectations, workflow, fallback/failover  Point-in-time policy management is hard; automation doesn’t always help M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 26
Related Initiatives  Sustainability  Regulatory goals (e.g., CAFÉ standards)  Professional Associations (cites .NE. endorsement)  e.g., Int’l Society for Ethics and Information Technology  Society for Business Ethics  Int’l Society for Environmental Ethics  Society of Corporate Compliance & Ethics  Assistive Technology Industry Association  IQ International (Information and Data Quality)  NGOs  Electronic Freedom Foundation  Transparency International M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 27
Multi-discipline: Related Professions  Quality Engineering  Law (Compliance, Audit, Risk)  Project Management  Cybersecurity  Marketing and Social Media (outreach)  Knowledge Management, Education/Training  Software Engineering  Framework architects  Best practices influencers M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 28
Some References  See CiteULike http://www.citeulike.org/user/knowlengr/tag/ieee_p7000 M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 29
Notes  BPMN “OMG® has guided the standardization of BPM throughout the years. In particular, the consortium adopted the Business Process Model & Notation (BPMN) specification. BPMN acts as a common language, allowing an organization to interoperate amongst all of its stakeholders.”  SysML Views and Stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 30
Contacts for Followup Mark Underwood dark@computer.org | Prof. Ali G. Hassani hessami@vegaglobalsystems.com M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 31

Empfohlen

Python debugging techniques
Python debugging techniquesPython debugging techniques
Python debugging techniques
Tuomas Suutari
 
Oop in kotlin
Oop in kotlinOop in kotlin
Oop in kotlin
Abdul Rahman Masri Attal
 
Python programming
Python programmingPython programming
Python programming
Keshav Gupta
 
5.state diagrams
5.state diagrams5.state diagrams
5.state diagrams
APU
 
Chapter 03 python libraries
Chapter 03 python librariesChapter 03 python libraries
Chapter 03 python libraries
Praveen M Jigajinni
 
Uml Presentation
Uml PresentationUml Presentation
Uml Presentation
mewaseem
 
DataFrame in Python Pandas
DataFrame in Python PandasDataFrame in Python Pandas
DataFrame in Python Pandas
Sangita Panchal
 
Python Debugging Fundamentals
Python Debugging FundamentalsPython Debugging Fundamentals
Python Debugging Fundamentals
cbcunc
 

Empfohlen

Python debugging techniques
Python debugging techniquesPython debugging techniques
Python debugging techniques
Tuomas Suutari
 
Oop in kotlin
Oop in kotlinOop in kotlin
Oop in kotlin
Abdul Rahman Masri Attal
 
Python programming
Python programmingPython programming
Python programming
Keshav Gupta
 
5.state diagrams
5.state diagrams5.state diagrams
5.state diagrams
APU
 
Chapter 03 python libraries
Chapter 03 python librariesChapter 03 python libraries
Chapter 03 python libraries
Praveen M Jigajinni
 
Uml Presentation
Uml PresentationUml Presentation
Uml Presentation
mewaseem
 
DataFrame in Python Pandas
DataFrame in Python PandasDataFrame in Python Pandas
DataFrame in Python Pandas
Sangita Panchal
 
Python Debugging Fundamentals
Python Debugging FundamentalsPython Debugging Fundamentals
Python Debugging Fundamentals
cbcunc
 
6 class design
6 class design6 class design
6 class design
Châu Thanh Chương
 
Python Programming Essentials - M8 - String Methods
Python Programming Essentials - M8 - String MethodsPython Programming Essentials - M8 - String Methods
Python Programming Essentials - M8 - String Methods
P3 InfoTech Solutions Pvt. Ltd.
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
Heritage Institute Of Tech,India
 
Python - An Introduction
Python - An IntroductionPython - An Introduction
Python - An Introduction
Swarit Wadhe
 
UML (Unified Modeling Language)
UML (Unified Modeling Language)UML (Unified Modeling Language)
UML (Unified Modeling Language)
Nguyen Tuan
 
Python-01| Fundamentals
Python-01| FundamentalsPython-01| Fundamentals
Python-01| Fundamentals
Mohd Sajjad
 
Python tuple
Python tuplePython tuple
Python tuple
Mohammed Sikander
 
Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38
myrajendra
 
Python
PythonPython
Python
Sangita Panchal
 
Variable and constants in Vb.NET
Variable and constants in Vb.NETVariable and constants in Vb.NET
Variable and constants in Vb.NET
Jaya Kumari
 
Component diagram
Component diagramComponent diagram
Component diagram
Abdul Manan
 
Programming in Python
Programming in Python Programming in Python
Programming in Python
Tiji Thomas
 
File handling in Python
File handling in PythonFile handling in Python
File handling in Python
Megha V
 
Lesson 02 python keywords and identifiers
Lesson 02 python keywords and identifiersLesson 02 python keywords and identifiers
Lesson 02 python keywords and identifiers
Nilimesh Halder
 
Relational Algebra and Calculus.ppt
Relational Algebra and Calculus.pptRelational Algebra and Calculus.ppt
Relational Algebra and Calculus.ppt
Ankush138
 
Generic Programming
Generic ProgrammingGeneric Programming
Generic Programming
Muhammad Alhalaby
 
Python If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | EdurekaPython If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | Edureka
Edureka!
 
Python final ppt
Python final pptPython final ppt
Python final ppt
Ripal Ranpara
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
guru3188
 
Python course syllabus
Python course syllabusPython course syllabus
Python course syllabus
Sugantha T
 
Agent uml
Agent umlAgent uml
Agent uml
Binod RImal
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
Chris Mullins
 

Weitere ähnliche Inhalte

Was ist angesagt?

Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38
myrajendra
 
Python If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | EdurekaPython If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | Edureka
Edureka!
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
guru3188
 

Was ist angesagt? (20)

6 class design
6 class design6 class design
6 class design
 
Python Programming Essentials - M8 - String Methods
Python Programming Essentials - M8 - String MethodsPython Programming Essentials - M8 - String Methods
Python Programming Essentials - M8 - String Methods
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing ppt
 
Python - An Introduction
Python - An IntroductionPython - An Introduction
Python - An Introduction
 
UML (Unified Modeling Language)
UML (Unified Modeling Language)UML (Unified Modeling Language)
UML (Unified Modeling Language)
 
Python-01| Fundamentals
Python-01| FundamentalsPython-01| Fundamentals
Python-01| Fundamentals
 
Python tuple
Python tuplePython tuple
Python tuple
 
Inter threadcommunication.38
Inter threadcommunication.38Inter threadcommunication.38
Inter threadcommunication.38
 
Python
PythonPython
Python
 
Variable and constants in Vb.NET
Variable and constants in Vb.NETVariable and constants in Vb.NET
Variable and constants in Vb.NET
 
Component diagram
Component diagramComponent diagram
Component diagram
 
Programming in Python
Programming in Python Programming in Python
Programming in Python
 
File handling in Python
File handling in PythonFile handling in Python
File handling in Python
 
Lesson 02 python keywords and identifiers
Lesson 02 python keywords and identifiersLesson 02 python keywords and identifiers
Lesson 02 python keywords and identifiers
 
Relational Algebra and Calculus.ppt
Relational Algebra and Calculus.pptRelational Algebra and Calculus.ppt
Relational Algebra and Calculus.ppt
 
Generic Programming
Generic ProgrammingGeneric Programming
Generic Programming
 
Python If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | EdurekaPython If Else | If Else Statement In Python | Edureka
Python If Else | If Else Statement In Python | Edureka
 
Python final ppt
Python final pptPython final ppt
Python final ppt
 
Chapter 08
Chapter 08Chapter 08
Chapter 08
 
Python course syllabus
Python course syllabusPython course syllabus
Python course syllabus
 

Ähnlich wie Stakeholders in Systems Design

Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Nordic APIs
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
ISPMAIndia
 
Liggett Methods And Tools Slides Q1 2011
Liggett Methods And Tools Slides Q1 2011Liggett Methods And Tools Slides Q1 2011
Liggett Methods And Tools Slides Q1 2011
tliggett
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
Andy Kwong
 

Ähnlich wie Stakeholders in Systems Design (20)

Agent uml
Agent umlAgent uml
Agent uml
 
What the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to KnowWhat the Cloud Vendors Don't Want You to Know
What the Cloud Vendors Don't Want You to Know
 
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
Software Development Process - REQUIREMENTS ANALYSIS / ANALYSIS OF TECHNICAL...
 
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and ComplianceML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
ML in GRC: Cybersecurity versus Governance, Risk Management, and Compliance
 
Case Study "User Experience and Healthcare: How the latest UI/UX trends are s...
Case Study "User Experience and Healthcare: How the latest UI/UX trends are s...Case Study "User Experience and Healthcare: How the latest UI/UX trends are s...
Case Study "User Experience and Healthcare: How the latest UI/UX trends are s...
 
Visualizing a Software Solution - IT Project Management
Visualizing a Software Solution - IT Project ManagementVisualizing a Software Solution - IT Project Management
Visualizing a Software Solution - IT Project Management
 
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
Getting Better at Risk Management Using Event Driven Mesh Architecture - Ragh...
 
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
AI MODELS USAGE IN FINTECH PRODUCTS: PM APPROACH & BEST PRACTICES by Kasthuri...
 
Resumen y explicación de Behavior Driven Development
Resumen y explicación de Behavior Driven DevelopmentResumen y explicación de Behavior Driven Development
Resumen y explicación de Behavior Driven Development
 
Liggett Methods And Tools Slides Q1 2011
Liggett Methods And Tools Slides Q1 2011Liggett Methods And Tools Slides Q1 2011
Liggett Methods And Tools Slides Q1 2011
 
IRJET- Opinion Mining from Customer Reviews for Predicting Competitors
IRJET- Opinion Mining from Customer Reviews for Predicting CompetitorsIRJET- Opinion Mining from Customer Reviews for Predicting Competitors
IRJET- Opinion Mining from Customer Reviews for Predicting Competitors
 
Business analyst interview questions and answers
Business analyst interview questions and answersBusiness analyst interview questions and answers
Business analyst interview questions and answers
 
Session2-Application Threat Modeling
Session2-Application Threat ModelingSession2-Application Threat Modeling
Session2-Application Threat Modeling
 
Bea introduction
Bea introductionBea introduction
Bea introduction
 
Benchmarking Digital: A Digital Experience Index Is Born
Benchmarking Digital: A Digital Experience Index Is BornBenchmarking Digital: A Digital Experience Index Is Born
Benchmarking Digital: A Digital Experience Index Is Born
 
Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016Security assessment isaca sv presentation jan 2016
Security assessment isaca sv presentation jan 2016
 
Architecting multi sided business 2
Architecting multi sided business 2Architecting multi sided business 2
Architecting multi sided business 2
 
Liberty Mutual Insurance - Insurer Innovation Award 2022
Liberty Mutual Insurance - Insurer Innovation Award 2022Liberty Mutual Insurance - Insurer Innovation Award 2022
Liberty Mutual Insurance - Insurer Innovation Award 2022
 
Secure Design: Threat Modeling
Secure Design: Threat ModelingSecure Design: Threat Modeling
Secure Design: Threat Modeling
 
The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021The forrester wave™ endpoint security software as a service, q2 2021
The forrester wave™ endpoint security software as a service, q2 2021
 

Mehr von Mark Underwood

The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
Mark Underwood
 

Mehr von Mark Underwood (13)

Security within Scaled Agile
Security within Scaled AgileSecurity within Scaled Agile
Security within Scaled Agile
 
Site (Service) Reliability Engineering
Site (Service) Reliability EngineeringSite (Service) Reliability Engineering
Site (Service) Reliability Engineering
 
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
The Quality “Logs”-Jam: Why Alerting for Cybersecurity is Awash with False Po...
 
Codes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of CodeCodes of Ethics and the Ethics of Code
Codes of Ethics and the Ethics of Code
 
Ethics of Analytics and Machine Learning
Ethics of Analytics and Machine LearningEthics of Analytics and Machine Learning
Ethics of Analytics and Machine Learning
 
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)DevOps Support for an Ethical Software Development Life Cycle (SDLC)
DevOps Support for an Ethical Software Development Life Cycle (SDLC)
 
Implications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy FabricImplications of GDPR for IoT Big Data Security and Privacy Fabric
Implications of GDPR for IoT Big Data Security and Privacy Fabric
 
Technologies in Support of Big Data Ethics
Technologies in Support of Big Data EthicsTechnologies in Support of Big Data Ethics
Technologies in Support of Big Data Ethics
 
NIST Big Data Public WG : Security and Privacy v2
NIST Big Data Public WG : Security and Privacy v2NIST Big Data Public WG : Security and Privacy v2
NIST Big Data Public WG : Security and Privacy v2
 
TEDx Poetry and Science
TEDx Poetry and ScienceTEDx Poetry and Science
TEDx Poetry and Science
 
IoT Day 2016: Cloud Services for IoT Semantic Interoperability
IoT Day 2016: Cloud Services for IoT Semantic InteroperabilityIoT Day 2016: Cloud Services for IoT Semantic Interoperability
IoT Day 2016: Cloud Services for IoT Semantic Interoperability
 
Ontology Summit - Track D Standards Summary & Provocative Use Cases
Ontology Summit - Track D Standards Summary & Provocative Use CasesOntology Summit - Track D Standards Summary & Provocative Use Cases
Ontology Summit - Track D Standards Summary & Provocative Use Cases
 
Design Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoTDesign Patterns for Ontologies in IoT
Design Patterns for Ontologies in IoT
 

Kürzlich hochgeladen

%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
masabamasaba
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
Papp Krisztián
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
VictoriaMetrics
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
masabamasaba
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Medical / Health Care (+971588192166) Mifepristone and Misoprostol tablets 200mg
 

Kürzlich hochgeladen (20)

%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
%in Rustenburg+277-882-255-28 abortion pills for sale in Rustenburg
 
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
%+27788225528 love spells in Colorado Springs Psychic Readings, Attraction sp...
 
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
OpenChain - The Ramifications of ISO/IEC 5230 and ISO/IEC 18974 for Legal Pro...
 
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
%in Stilfontein+277-882-255-28 abortion pills for sale in Stilfontein
 
WSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security ProgramWSO2CON 2024 - How to Run a Security Program
WSO2CON 2024 - How to Run a Security Program
 
Architecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the pastArchitecture decision records - How not to get lost in the past
Architecture decision records - How not to get lost in the past
 
Announcing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK SoftwareAnnouncing Codolex 2.0 from GDK Software
Announcing Codolex 2.0 from GDK Software
 
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
Large-scale Logging Made Easy: Meetup at Deutsche Bank 2024
 
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
WSO2CON 2024 - Building the API First Enterprise – Running an API Program, fr...
 
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa%in tembisa+277-882-255-28 abortion pills for sale in tembisa
%in tembisa+277-882-255-28 abortion pills for sale in tembisa
 
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park %in kempton park+277-882-255-28 abortion pills for sale in kempton park
%in kempton park+277-882-255-28 abortion pills for sale in kempton park
 
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital TransformationWSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
WSO2Con2024 - WSO2's IAM Vision: Identity-Led Digital Transformation
 
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
WSO2CON 2024 - API Management Usage at La Poste and Its Impact on Business an...
 
Artyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptxArtyushina_Guest lecture_YorkU CS May 2024.pptx
Artyushina_Guest lecture_YorkU CS May 2024.pptx
 
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
%in Hazyview+277-882-255-28 abortion pills for sale in Hazyview
 
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
MarTech Trend 2024 Book : Marketing Technology Trends (2024 Edition) How Data...
 
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
%in Bahrain+277-882-255-28 abortion pills for sale in Bahrain
 
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
%+27788225528 love spells in Huntington Beach Psychic Readings, Attraction sp...
 
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension AidDirect Style Effect Systems - The Print[A] Example - A Comprehension Aid
Direct Style Effect Systems - The Print[A] Example - A Comprehension Aid
 
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
Abortion Pill Prices Tembisa [(+27832195400*)] 🏥 Women's Abortion Clinic in T...
 

Stakeholders in Systems Design

  • 1. Stakeholders in Systems Design Identify, Model, Service, Audit, Defend CC BY-SA Attribution ShareAlike M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 1
  • 2. Stakeholder study is conventionally part of requirements engineering. Requirements engineering is often lightly developed in systems development organizations. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 2
  • 3. Identification  Stakeholder identification process can be (too) casual  Are a single retail customer’s dependents and relatives also stakeholders?  What is different about an enterprise customer?  Stakeholders can be internal to an enterprise  Not unusual to have both internal and external stakeholders  Big Data => more external, hard-to-anticipate stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 3
  • 4. Warning  A stakeholder is not necessarily beneficial or even benign  Stakeholders can sue you  Stakeholders can be regulators  Stakeholders can be domestic or foreign governments  Competitors can be stakeholders (Lack of confidence in an entire sector can affect revenue, viability)  Some conventional stakeholder notions are weak: Pub/Sub fails because some stakeholders are producers, others are consumers, and still others do both M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 4
  • 5. Casual Elicitation, Identification Casual doesn’t write code, but can help elicit requirements and identify stakeholders. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 5
  • 6. Stakeholder Identification: Reality Check Excel is not a mature engineering tool but works well when paired with a savvy analyst. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 6
  • 7. Simple (Simplistic?) Approaches Still Prevail A stakeholder is an actor in a story  Storytelling can be as simple or as complex as human discourse  Vignettes can include nominal stakeholders as well as outliers and exceptions  Storytelling is essential for situation awareness, central to decision support systems  Some developers may not be good at recognizing / honoring stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 7
  • 8. Casual Stakeholder Elicitation Processes  Study existing “business” processes and ecosystems  Ask current “users”  Follow the money (i.e., on whom are resources being spent?)  Stakeholder mapping: As casual as the analyst doing it  Exploit risk, security, safety, quality frameworks  Constraint-based (Jastram M. & Kara, A.) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 8
  • 9. Less Casual Identification Methods More detailed, deeper granularity, but not necessarily “code” M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 9
  • 10. Stakeholder Elicitation: Deeper Dives  Unpack transactions (the “Who” in Who, What . . . )  Study policy groups in Active Directory and LDAP (existing, proposed)  Extract from discipline-specific Body of Knowledge, e.g., accounting, civil engineering, cybersecurity, law  Dataflow Model: User Interface “touch”  “Acceptance Testing” (Test for value)  Study BPMN and SysML adoption (rare) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 10
  • 11. Stakeholder as Agent  Mature concept in software engineering  Encompasses software-based and human agents  Distributed systems agent approach is IoT-friendly M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 11
  • 12. Stakeholders in Model Based Software Engineering  Stick figures in UML  MBSE Advantages  MBSE Adoption Prospects M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 12
  • 13. Stakeholders in SysML  “With version 1.4 SysML provides a model element for stakeholders. The stakeholder has a name and a list of stakeholder concerns. The concerns are comment model elements. The relationship between the stakeholder and the comments has no notation. The SysML model element stakeholder extends the UML classifier, i.e. a stakeholder could be a special actor as well as a special block. The stakeholder is defined in the context of the view and viewpoint concept. It is not the common stakeholder known from requirements engineering.”  Credit: OOSE @OOSENews M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 13
  • 14. M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 14 In SysML 1.4, viewpoint has some updated properties: • concernLIst is a list of concerns of the stakeholders that should be addressed by this viewpoint. Each concern is modeled by a comment. There is a relationship notation defined between viewpoints and comments. • concern is a derived property that lists the bodies of the comments of the concernList. • method is a derived property that shows the behavior that is used to create the view. It is derived from the behavior of the constructor of the viewpoint (see below). • language specifies a list of languages used to express the models that represent content which is represented by the view. • presentation defines a prescription of the format and style of the view. • stakeholder is a list of stakeholders whose concerns are to be addressed by the view.
  • 15. SysML for Forest Fire Detection System M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 15
  • 16. SysML Viewpoints (notional) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 16
  • 17. Builder’s Intentions Other significant meanings for Stake-holder Transparency Portals Promises, Promises and Terms of Use Image Via Wikipedia [] M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 17
  • 18. Stakeholder Contract Models  Electronic Health Record Consent  Genomics Research: Genetics testing and “Precision Medicine”  IT Administration (think “root” access)  Cross-, Inter-organizational (think Big Data)  Populations impacted by AI or data science analytics  Consent withdrawal, expiration, transfer, delegation  Management by exception  Regulated vs. Voluntary  Corporate Merger/Acquisition  Software contracts (e.g., Blockchain contracts) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 18
  • 19. Stakeholder Attributes: A Flyover  Person or Agent  Pointer to value construct  Workflow stage / position (BPML terminology?)  Role as attribute (e.g., role-based controls from RBAC security )  Non-role attributes (e.g., attribute-based controls from ABAC security) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 19
  • 20. Views of Stakeholders Stakeholders must be integrated into system-aware contexts M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 20
  • 21. Stakeholders in Agile Development  Stakeholders in user stories  Canonical or cross-domain user stories  Domain-specific user stories  Design patterns for user stories  (?) Proxy stakeholder role in test engineering, QA, configuration management  (?) Proxy stakeholder engagement in continuous improvement M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 21
  • 22. Modeling and Simulation of Stakeholders  M&S has relatively mature standards, but not often used in systems design  Simulate traceability, impact of value “breach”  May prove essential for DevOps  Scalability matters to stakeholders (think Healthcare.gov)  Model impact of compromised values (e.g., operationalize risk, forensics, mitigation playbooks) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 22
  • 23. Possible P7000 Implications Jumping off points for discussion M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 23
  • 24. Next Steps?  Collect use cases, esp. with workflow-, life cycle stage-dependent nuance  E.g., disabled access in smart building design (OpenBIM ontology)  Study connections to various life cycle standards  Identify stakeholder design patterns  Possible subgroup / subtopic affiliations: model-based engineering  Identify useful work in other standards  New concepts?  “Value Defense,” analog of “Network Defense”  “Value Resilience,” analog of “Systems Resilience”  Value Audit, Value Forensics, Value Breach M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 24
  • 25. Stakeholder Mapping Tables  Map Stakeholder to:  Value matrix  Risk matrix  Safety matrix (risk + mitigation measures)  Compliance  Dependency Model  Software Component (UI, portal, communications text, module, interoperability) M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 25
  • 26. Special Problems  Abandoned systems and components  Microservices for stakeholder visibility  Stakeholder Service Orchestration  Problems with stakeholder self-service expectations, workflow, fallback/failover  Point-in-time policy management is hard; automation doesn’t always help M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 26
  • 27. Related Initiatives  Sustainability  Regulatory goals (e.g., CAFÉ standards)  Professional Associations (cites .NE. endorsement)  e.g., Int’l Society for Ethics and Information Technology  Society for Business Ethics  Int’l Society for Environmental Ethics  Society of Corporate Compliance & Ethics  Assistive Technology Industry Association  IQ International (Information and Data Quality)  NGOs  Electronic Freedom Foundation  Transparency International M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 27
  • 28. Multi-discipline: Related Professions  Quality Engineering  Law (Compliance, Audit, Risk)  Project Management  Cybersecurity  Marketing and Social Media (outreach)  Knowledge Management, Education/Training  Software Engineering  Framework architects  Best practices influencers M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 28
  • 29. Some References  See CiteULike http://www.citeulike.org/user/knowlengr/tag/ieee_p7000 M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 29
  • 30. Notes  BPMN “OMG® has guided the standardization of BPM throughout the years. In particular, the consortium adopted the Business Process Model & Notation (BPMN) specification. BPMN acts as a common language, allowing an organization to interoperate amongst all of its stakeholders.”  SysML Views and Stakeholders M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 30
  • 31. Contacts for Followup Mark Underwood dark@computer.org | Prof. Ali G. Hassani hessami@vegaglobalsystems.com M Underwood | Synchrony Financial | Controls and Countermeasures | @knowlengr | Views my own v1.1 31