![needs to make a decision, one factor that can cooperate to take it wisely is the opinion
of others. Before the explosion of the Web, when an individual needed to make a
decision, he used to consult with the family and alleges. When a company needed to
know the opinion of the general public about a product or service, it used to send polls
and interest groups. With the emergence of the Web, information started to appear
online and available to everybody in public forums, discussion groups, or bogs. This
new sites are defined as part of the concept called Web 2.0 user-generated content.
The world wide web, having over 350 million pages, continues to grow rapidly at a
million pages per day [1]. About 600 GB of text changes every month [2].
This available information becomes an essential tool for decision-making
process based on a new paradigm called ‘‘crowdsourcing’’ [3]. Thus, these opin-
ions and debates on the Web become highly relevant for companies or people to
make decisions. However, it must be pointed that these views are sometimes not as
easily identifiable and are hidden in different users’ personal pages or forums.
Therefore, the main challenge of the project is based on the collection, identifi-
cation, processing and reporting of results of this ‘‘crawling’’. Throughout the
work, covering topics such as background and previous and related research of the
topic, the structure of the system, the process and analysis of the collected
information and finally conclude with the future work proposed.
2 Background and Related Research
There are research papers relating to opinion mining. Most of them approach the
problem from the point of view of semantic interpretation of the wording found on the
Web [4–6]. For example, crawl a forum and analyzing the text for product reviews,
recommendations and complaints[7–9]. Several papers focuses in the identification of
opinion. If it is critical, comparation, complains, praise or sites directly sense devoted
to the exchange of views [5, 10]. Also, there are studies that are based on a list of words
classified as good or bad, used to catalog the mention of the view as positive, negative
or neutral. The lists are defined with a lot of words dictionary as well, excellent,
spectacular, bad, poor, etc. [11–15]. Also, to this list are incorporated opinion phrases
such as ‘‘cost an arm and a leg’’ or ‘‘you need to rob a bank’’ or ‘‘is to pull the money.’’
Related work can also be found in a research which it is proposed to differentiate the
genuine opinion of the ‘‘opinion Spam’’ or ‘‘unwanted view’’ [16]. In this research it is
analyzed opinion spam’s factors and proposes methodologies to identify and isolate it.
Among the background of the topic have found many works and established a theo-
retical framework on the subject quite extraction of opinions on the Web, Opinion
miningand adjacenttracks, however, still have not been documented implementations
of these concepts applied to any industry or a non-scientific or academic purpose.
Existing studies focus upon the discovery and conceptualization of new terms and
modeling of the new reality brought by the advent of the Internet and new commu-
nication technologies, but not in use for practical purposes.
Keep in mind that the work and research more relevant and committed to this issue
are recent ones, since about 20 years ago, these concepts were unthinkable or difficult
2 P. Cababie et al.](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-22-320.jpg)
![to conceive even with technologies that were unknown. Moreover, there was a
published paper in which the objective is to detect trends in electoral campaigns
using existing technology and information collected on social Web sites [17]. In the
latter study it identifies different strategies for collecting information to analyze:
1. Comprehensive tracking: collecting all possible information in a given period
of time.
2. Incremental Crawl: We revisit the pages already stored for changes and if
changes, these are re-done.
3. Tracking focused: looking for information on a topic based on a ranking
algorithm that filters the results that are not relevant.
4. Deep Tracking: Collect important information about a particular issue. Unlike
the focused crawling, it has the ability to complete forms on the web to store
and access the pages returned a completed form.
In addition, there were found research papers approaching crawling from dif-
ferent point of views. Crawlers and agent have grown more sophisticated [18].
Topical crawler have been studied extensively the last years [19–23].
Some interesting methods proposed in recent years are those of fish search [24]
and focused crawling [25].
Focused crawling concept was implemented using a classifier that evaluates the
relevance of hypertext document with respect to the focus topics and a distiller that
identifies hypertext nodes that are great access points to many relevant sources [19].
There shouldn’t be forgotten to analyze the linkage sociology, locating specialty
sites and community culture [19]. The focused crawling is different in using a topic
taxonomy, learning from example and using graph distillation to track topical hubs.
After this research, it was found a lot of anecdotal evidence that bicycle pages are
not refer a lot of other bicycle pages, but also refer more significantly more than one
might expect to rd cross and first aid pages. Similarly, HIV/AIDS pages often do not
directly refer to other HIV/AIDS pages but refer to hospital hoe pages.
AI implementations for crawling was proposed beginning with a basic exposure
to search algorithms and then to be extended in a number of directions to include
information retrieval, Bayesian learning, unsupervised learning, natural language
processing, and knowledge representation [26].
3 Proposed Structure and Model
The system that supports the research consists on a set of three modules:
3.1 Crawler
The crawler is in charge of Internet searching and text by storing in a database for
further processing. This module has the following input components (input
minimum):
Customized Opinion Mining using Intelligent Algorithms 3](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-23-320.jpg)
![• Parameter to search.
• Pages where to look.
• Deep level navigation links (if there is no limit would be sought through the
Internet and never end this stage).
• Restrictions (e.g search only in a domain).
• Parameters to function as a filter (words that should not contain the text).
The operator enters the start point pages and then navigates the system for their
‘‘children’’ (linked) to the depth defined in the configuration. Is relevant to mention
that the average number of outlinks on web pages is 7 [27]. This module basically
follows the following behavior:
1. Loading a page.
2. Debug the code and convert it to plain ASCII text.
3. Read the HTML code in search of the parameter and if does not contain the
filter words.
4. Search on the same code links to other pages (which must not exceed the
maximum level of depth, no restrictions skip) to form a list of URLs to keep
searching.
5. If step 3 was yes, the code goes to the analyzer.
The module generates text files with different information. Among them, there
will be a metadata file, one with the title of the page, one with a header and the
contents of the text in the body. In this way, can be isolated and properly process
each part of the page separately.
3.1.1 Defined Directory Structure
It has been defined a structure to store the necessary files with information gath-
ered after the sweep of the sites. The structure consists on a directory for each type
of file stored. All those listed and indexed in a flat file. (Bd.txt). In this file each
destination will have an ID followed by the URL. The other files will have the ID
as a name and an extension that indicates their content, for example:
www.pagina.com —[ 12345.
Then the files will emerge from this page:
12345.src (source).
12345.bdy (text body of the page).
12345.lin (links page).
12345.tit (title tag information).
122345.mta (information from meta data page).
12345.etc. (Additional information varies).
12345.ima (images listed on page).
12345.ifr (information contained in the Iframe tag).
12345.hrf (information inside the href tag).
4 P. Cababie et al.](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-24-320.jpg)
![3. For each R:
3.1 Save the dictionary Dictionary.dct.
3.2 Save file[ matrix. MTRX.
4. If there are more lines in A, then go to 1.
After generating the dictionary and the array of frequencies for each file, pro-
ceed to the integration of all partial matrices to a single array calledintegration[.
MTRX. In this stage it was implemented the following algorithm: [18]. Generate
sparse matrix integration[. MTRX empty:
1. Take a matrix file[. MTRX.
2. Integrate content in integration[. MTRX.
3. If more file[. MTRX then go to 1.
It should be noted that each word in the dictionary Dictionary.dct is unique and
its records have the following format:
WEIGHT ON ID þ APPEARANCES
At the same time in the file[. MTRX there are records with the following
structure.
ID þ QTY occurrence
Where CANT-occurrence is a counter from 1 (indicating the first appearance of
the word identification ID) to n (indicating the total number of times the same
word that appears in row). Finally, in the matrix integration[. MTRX records
with the following structure.
ID FILE þ ID þ OCCURRENCE
Where ID-Archive, is the unique identifier for each file processed (usually asso-
ciated with a single URL) and can OCCURRENCE 1 (indicating the occurrence of
the word with ID within the file A) or 0 (indicating the absence of such same word
in A).
As an example, suppose the following ej.txt file with the contents:
‘‘The practices are complicated. There is a practice file.they claim that the situation is
complicated’’.
The resulting matrix for ej.txt.mtrx file will contain:
1,1
2,1
3,1
4,1
5,1
1,1
6,1
Customized Opinion Mining using Intelligent Algorithms 7](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-27-320.jpg)
![7,1
8,1
9,1
3,1
1,1
10,1
11,1
12,1
13,1
14,1
15,1
Also, the generated entries in the dictionary Dictionary.dct are:
Afirm,10,0.0714285746216774,1
Las,2,0.0714285746216774,1
son,4,0.0714285746216774,1
Hay,6,0.0714285746216774,1
un,7,0.0714285746216774,1
de,9,0.0714285746216774,1
situ,13,0.0714285746216774,1
archiv,8,0.0714285746216774,1
practic,3,0.1428571492433548,2
la,12,0.0714285746216774,1
que,11,0.0714285746216774,1
complic,5,0.1428571492433548,2
es,14,0.0714285746216774,1
3.2 Data Mining Module
This module processes the views stored in the sparse matrix contained in text files
using advanced techniques of ‘‘machine learning’’ [8, 28].
3.3 Presenter Module
This module is the last in the system and is responsible for exposing the user’s
search results completed and all information processed in the previous modules.
The results are presented through pie charts and reports with all the needed
information for analysis and decision making.
8 P. Cababie et al.](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-28-320.jpg)
![1 Introduction
1.1 Starting Situation
Due to globalization and ever stronger competition information management and
supporting technologies have become key assets and differentiators for modern
organizations. They are main performance driver for continual innovation and
sustainable success. Organizations and their information and technologies are
faced with security threats from a wide range of sources, including computer-
assisted fraud, espionage, sabotage, vandalism, fire or flood. Causes of damage
have become more common, further ambitious, and increasingly sophisticated [1].
92 % of large enterprises had a security incident in the last year with an average
cost of 280.000–690.000£ for the worst incident [2]. Mobile and cloud computing,
off-shoring, social networks, as well as the increasing interconnected, flexible and
virtualized business complexity and dependency are still great challenges for IS.
Organizations have to meet many different legal and regulatory requirements,
such as data protection, sound and integer financial practices and internet crime.
Most modern corporate governance guidelines, and always more laws, make the
top management responsible for the well-being of the organization. Lack of
security compliance may result in loss of confidence of customers, partners and
shareholders, as well as severe civil and criminal penalties for the top manage-
ment. In this respect availability of the essential assets, confidentiality, data
integrity and legal and regulatory compliance are central for organizations’ success
and integral part of good IT and corporate governance [3–5].
More than 6,600 organizations worldwide [6] have implemented ISMS in
accordance to ISO/IEC 27001. This international standard provides a model for
establishing, operating, monitoring, maintaining and improving an ISMS to meet
the specific security and business objectives of the organization and legal, statu-
tory, regulatory and business obligations [1, 7]. Several best practices for IS
management have been developed, such as Control Objectives for Information and
related Technology (COBIT) [8], Information Technology Infrastructure Library
(ITIL) [9] and national guidelines, such as NIST 800-53 [10].
1.2 Purpose and Structure of the Article
An increasingly faster changing environment (market, customer, technology, law
or regulations) requires continual adaption of business objectives, processes,
controls and procedures. It is a widely accepted principle that an activity cannot be
managed and overall not improved sustainably if it cannot be measured. Therefore
the effectiveness and performance of the ISMS and the actual risk and compliance
situation must be continually evaluated and improved [3–5, 8–12]. Effectively
implemented security measurements demonstrate the value of IS to top
12 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-32-320.jpg)
![management, face informed decision making, demonstrate compliance, improve
security confidence and enable stakeholders to continual improve IS [8, 10, 12,
13]. It is a critical success factor for sustainable IS [1].
IS management, business management and on the other hand software security
and network security engineering have been handled for a longer period as sep-
arate areas [12]. Measurement data are obtained at different levels within an
organization. They are recorded and analyzed to detect errors and security events,
to identify attempted and successful security breaches, incidents, threats and
external events (such as changes to the legal or regulatory environment, changed
contractual obligations, and changes in the physical environment) and to define
effectiveness and performance of the implemented controls and the ISMS [7].
Based on this analysis appropriate corrective and/or preventive actions are elab-
orated, prioritized, approved, implemented and evaluated [1, 7, 10, 11].
It is axiomatic that those things for which no one is explicitly accountable are
often ignored [14]. Thus we must define roles and responsibilities for all necessary
tasks. According to COBIT 4.1 understanding the roles and responsibilities for
each process is the key to effective governance [8].
How can we assign IS measurement and improvement roles and responsibilities
efficiently, systematically, consistently and concretely? Are these assignments
maintainable and traceable over a longer period?
Firstly we present the results of our literature research [II]. Based on these
requirements we developed our hypothesis [III]. In Sect. 4 we explain our
approach: firstly we establish the roles and describe their tasks [IV A]. In the
second step we assign the IS measurement and improvement roles and responsi-
bilities to the top and executive management [IV B]. After that we define and
document all relevant IT services and their supporting items of all technical layers
with their dependencies and relationships. To all these items we assign IS mea-
surement and improvement roles and responsibilities [IV C]. Checks and quality
assurance measures for the model [IV D] and the maintenance [IV E] are described
next. This innovative approach is implemented successfully for several years by
different medium sized organizations of distinct sectors (service, engineering and
public). The obtained experiences are reflected in [V] with the project results [V A]
and success factors [V B]. At the end we give an outlook and conclude [VI].
2 Research Framework
The field of defining security metrics systematically is young [12]. The problem
behind the immaturity of security metrics is that the current practice of information
security is still a highly diverse field. Holistic and widely accepted approaches are
still missing [12].
A lot of papers are published about technical security metrics and scarcely
holistic approaches. We find overall requirements for a holistic, systemic, mana-
gerial measurement approach [3, 8, 10, 11].
Measurement Roles and Responsibilities 13](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-33-320.jpg)
![Measurement data must be extracted and reported to perform measurement and
monitoring of the performance and effectiveness of the ISMS, to reflect the actual
risk and compliance situation and to provide input for a continual improvement
and for IS related management decisions [3–5, 7, 8, 10–12]. IS metrics support the
detection of errors and security events and the identification of attempted security
breaches, incidents and previously undetected or unknown IS issues [7, 11]. Based
on this analysis appropriate corrective and/or preventive actions are elaborated,
implemented and evaluated [1, 7, 10, 11]. The ISMS must be continually adapted
to changing internal and external conditions to deliver sustainable business value
to all stakeholders [1, 3–5, 7, 8]. Further the organization should maintain and
improve the ISMS itself.
Since some years IS frameworks, standards, best practices, laws and regula-
tions require that all stakeholders are responsible and collaborate for IS [1, 3, 4,
7, 8, 10, 11]. The management has to identify clear roles and assign responsi-
bilities for the protection of assets and for all security processes and controls [1,
7, 8, 10, 11]. According to COBIT understanding the roles and responsibilities
for each process is the key to effective governance [8]. Roles and responsibilities
are required by ISO/IEC 27004 as one of the minimums of the measurement
construct specification [11].
2.1 Roles and Responsibilities
The literature defines a lot of different functional roles and responsibilities for IS.
ISO/IEC 27004 distinguishes following roles [11]:
• client for measurement: the management or other interested parties,
• reviewer: validates that the developed measurement constructs are appropriate
for assessing the effectiveness,
• information owner: responsible for the measurement,
• information collector: responsible for collecting, recording and storing the data
and
• information communicator: responsible for first data analysis and the commu-
nication of measurement results.
The relevant stakeholders may be internal or external to the organizational
units, such as information system managers or IS decision makers. Reports of
measurement results can be distributed also to external parties, such as customers,
shareholders, regulatory authorities or suppliers [11].
The measurement program implementation plan of the NIST performance
measurement guide includes [10]:
• responsibilities for data collection, analysis, and reporting,
14 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-34-320.jpg)
![• details of coordination within the office of the chief information officer, relating
to areas such as risk assessment, certification and accreditation, and federal
information security management act (FISMA) reporting activities,
• details of coordination between the senior agency information security officers
(SAISO) and other functions within the agency (e.g., physical security, per-
sonnel security, and privacy) to ensure that measures data collection is
streamlined and non-intrusive.
Key IS stakeholders are the agency head, chief information officer (CIO), senior
agency information security officer (SAISO), program manager or information
system owner, and the information system security officer (ISSO) [10].
COBIT categorize following roles [8]:
• chief executive officer (CEO),
• chief financial officer (CFO),
• business executives,
• chief information officer (CIO),
• business process owner,
• head operations,
• chief architect,
• head development,
• head IT administration,
• project management officer (PMO),
• compliance, audit, risk and security groups and
• eventual head of human resources, budgeting and/or internal control.
COBIT provides a RACI (responsible, accountable, consulted and informed)
chart for each process. Accountable means ‘‘the buck stops here’’. This is the
person who provides direction and authorizes an activity. Responsibility is
attributed to the person who gets the task done. The other two roles (consulted and
informed) ensure that everyone who needs to be is involved and supports the
process [8].
Different authors list the steering committee, board of directors/trustees, senior
executives, business unit managers, collaborators from human resources, legal,
compliance, audit, and risk management, chief information security officer or also
a lot of more roles [1, 15, 16].
2.2 Further Requirements
An appropriate assignment of measurement roles and responsibilities should
ensure that the results are not influenced by information owners. Brotby writes that
approximately 35 % of IS managers still report directly or indirectly to the chief
information officer who is also responsible for the IT department. Based on his
experience this creates conflicts of interest and the quest for greater IT
Measurement Roles and Responsibilities 15](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-35-320.jpg)
![performance at less cost is often made at expense of security [14]. Segregation of
duties or independent checks can solve that problem [1, 3, 7, 8, 10, 11, 14].
The results of measurements need to be communicated to its intended audience
in a way that is meaningful and useful. How they are represented and presented
can make a huge difference to whether or not well-informed decision making can
be achieved [13].
The relevant stakeholders should be identified. They should be involved in each
step of IS measures development [11] to ensure organizational buy-in and promote
a sense of ownership for IS measuring [10]. Each stakeholder requires specific,
customized measures accordingly to his IS objectives and the IS requirements for
his area of responsibility [10].
3 Hypothesis
Based on this research and requirements framework we developed an innovative,
efficient and easy maintainable model to assign IS measurement and improvement
roles and responsibilities to all organizational levels and stakeholders well struc-
tured, systematically, consistently, accurately, traceably and maintainable to pro-
mote IS effectiveness and continual improvement.
Firstly we establish the roles for IS measurement and improvement and
describe their tasks [IV A].
As a second step we assign responsibilities for the established roles to the top
and the executive management [IV B]. We start top down from top management
(Fig. 1 in the top), functional unit responsibilities (Fig. 1 in the 2 level), business
process and/or project responsibilities (Fig. 1 3 level) and eventually further
service management role responsibilities, such as the change management role or
IS management role (Fig. 1 vertically, right-most). Thereby we regard all relevant
legal, statutory and contractual requirements and the IS policy and business
requirements.
After that we elaborate and document all relevant business processes with their
supporting IT services and their dependencies and relationships [IV C]. For all
these IT services we describe based on an architecture oriented approach their
supporting items with their dependencies and relationships going always deeper
through all technical layers (Fig. 1 lower part). Based on definitions of the IT
information library (ITIL) we understand by a configuration item any component
that needs to be managed in order to deliver an IT service. Configuration items
typically include IT services, hardware, software, buildings, people, and formal
documentation, such as process documentation and service level agreements
(SLAs) [9]. At the end we assign to each configuration item the specified IS roles
and responsibilities (Fig. 1 vertically, on the right). The relationships and depen-
dencies between the items, IT services, business processes and the top manage-
ment define the information and escalation flow.
16 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-36-320.jpg)
![promotes IS awareness and knowledge exchange. His role is more based on
coaching, mentoring, coordinating, training and offering method support and
expertise than one practical operation.
4.2 Management Responsibilities
We document in collaboration with the top management her IS roles and
responsibilities regarding the organization chart, the approved organizational
structure and IS policy, as well as all relevant legal and statutory regulations.
The functional unit responsibilities and eventually IT service management role
responsibilities are taken from the approved organization chart and defined
organizational structure.
After we analyze and optimize all business processes for IS objectives and
requirements [17]: all management processes, core business processes including
support processes, resources processes and optimization processes. In that way we
define the responsible and eventually supportive or consulted and informed IS
roles for all process steps over the whole value network and the accountable for
each business process, the process manager. Further for each process step neces-
sary documents and data with data protection class and required archiving methods
for all archive types are identified.
The project responsibilities are copied from the established project documen-
tation or the project management database.
4.3 Item Responsibilities
The greater challenge and effort is to analyze, structure and define the configu-
ration model with all relevant items. We start top down from the business
Table 1 Overview of assigned roles and their tasks
Role Tasks
Accountable responsible for measurement requirements, provides direction,
authorizes and reviews measurements, decides and authorizes
improvements
receives measurement results on request or by escalation
Responsible responsible for implementation
proposes and implements possible improvements
Responsible for execution
and operating
responsible for measurement
improves and adjusts as part of the daily work
Supportive for execution
and operating
contributes to measurement
Informed and consulted receives measurement results to consult and support responsible
and eventually accountable
18 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-38-320.jpg)
![processes and bottom up from the physical infrastructure concurrently involving
all collaborators concerned. Asset inventory, contract analysis, job descriptions,
the documentation of the organizational structure and the organization chart pro-
vide helpful information. The necessary information is elaborated regarding the IS
policy and all relevant IS requirements using different diagram techniques,
brainstorming, and document analysis in workshops and by interviews.
In that way the IT service ‘‘Project management’’, for example, is defined as
100 % depending directly on two different servers and the local area network.
Further we need for 50 % the internet, because the functionality of this application
is limited, if the web services are not available. The local area network for example
depends further on switches, cabling and others. Thereby we construct a config-
uration tree with upper or father items (e.g. ‘‘project management’’) and items,
which support a service for the identified item, child or lower items (e.g. local area
network). For each IT service the IS requirements concerning availability, confi-
dentiality and integrity are defined. These requirements are inherit down through
the whole tree regarding the dependency levels (e.g.50 % for the internet). Further
all metrics for availability (e.g. uptime, unplanned downtime, mean time between
failures and others) are inherit bottom up: if the network is down and project
management depends on it (father), project management is down too. The priority
and reaction time for corrective and preventive actions are calculated thereby on
the inherited IS requirements.
The data protection requirements assigned to applications and archives by the
business process analysis [IV B] are inherited to all child items, such as servers,
networks, archives and rooms. The highest data protection requirement of all upper
items must be regarded. In that way the responsible of each item receives clear and
overall strategic and business aligned IS objectives and can define appropriate
metrics, reports and overall corrective or preventive actions. A security breach,
such as a too weak password for the access to sensitive data, for example, is scored
higher and escalates earlier than the same breach regarding the access to personal
data. Further details to the applied metrics, communication channels and correc-
tive or preventive actions will be presented in other publications.
To each item we appoint exactly one collaborator as accountable. The
accountable of each configuration item assigns the responsible role and the
responsible for execution and operating role to exactly one collaborator each.
Further he allocates all execution and operating roles and the informed and con-
sulted roles to collaborators. In that way the assignment of responsibilities is as
low as possible and the roles and responsibilities are distributed among all
collaborators.
If measurement results exceeds defined thresholds or on request the results are
communicated to the responsible of the father configuration item and on further
escalation or on request also to the accountable of the father configuration item.
All responsible and accountable of upper configuration items can receive on
request or by escalation measurement results. In that way all measurement results
are accessible also on request or by escalation to the top management.
Measurement Roles and Responsibilities 19](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-39-320.jpg)
![Thus we assign all planning, operational and communication tasks for IS
measurement to responsible, as well as corrective, preventive and improvement
responsibilities to ensure sustainable IS.
On the top of the configuration model the IT services are linked to the business
processes. Thereby the configuration model is connected with the management
responsibilities [IV B].
4.4 Checks and Quality Assurance
We furthermore integrate consistency and accurateness checks [9]:
• Is there assigned to all configuration items exactly one accountable, responsible
and responsible for executing and operating? Are responsible or accountable
roles assigned only to internal collaborators?
• Are all relevant external suppliers registered as supportive for execution and
operating?
• Has somebody assigned too many duties? Has some assigned too less duties? Is
somebody involved in too many tasks?
• Are duties assigned to all collaborators?
• Are all configuration items, detected by network and system analysis, part of the
configuration model?
• Is the configuration model consistent with the actual organizational structure and
organization chart?
4.5 Maintenance
If an assigned accountable person changes, the structural organization is modified.
Thereby the accountable is updated in the database.
The assigned accountable is responsible and has the access rights to change the
distribution of all other role responsibilities to his collaborators. It is of his interest
to assign clearly all new responsibilities to prevent eventual discussions, problems,
duplication of work or uncompleted services.
5 Project Results
The presented concept for establishing and implementing IS measurement and
improvement roles and responsibilities has been implemented since 2006 suc-
cessfully by different medium sized organizations of distinct sectors (service,
engineering and public). Implementing IS awareness, process and system thinking
20 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-40-320.jpg)
![and defining the configuration model in a well structured, systematic and consis-
tent way were great challenges.
5.1 Achieving Project Objectives
The described concept leads to the following case study results collected by
measuring the project process and interviewing the concerned management and
collaborators:
• Efficiency: Establishing the whole configuration model and assigning manage-
ment and configuration item roles and responsibilities required in medium sized
organizations a work effort of approximately 1–2 weeks. This effort clearly
varies based on the size and complexity of the organization. It depends overall
on the IT services, the information risks that the organization faces, applicable
legal, regulatory and contractual requirements and other success factors [V B].
To implement such a model for a telecommunication service provider needs for
example essentially greater effort than for the IT department of an enterprise.
The strategic alignment of all items with corporate objectives and business
needs, the awareness of business drivers, process and system thinking and the
understanding for the work and requirements of other functional and technical
organizations’ units was increased. Thus potential side effects and unplanned
impacts of changes were reduced. The awareness for the supporting technology
and supported business processes was enhanced and consequently the effec-
tiveness of entire enterprise promoted.
• Well structured, systematic, consistent and accurate roles: Based on the
developed configuration model the role responsibilities are defined over all
layers and for all levels of the whole value network well structured and
systematically. Due to the consistence checks [IV D] the assigned role
responsibilities are consistent. For the collaborators a clear assignment of their
responsibilities and tasks is essential in all organizations. Therefore they
control the assigned roles continually and accurately. The developed model is
an optimal basis for balanced, consistent and objective oriented IS
improvement.
• Traceability: The role responsibilities were clearly assigned and all changes
were documented, approved and communicated in a traceable way. All histor-
ical changes of responsibilities have been documented by versioning.
• Maintainable: Due to the great importance for management and collaborators to
assign roles and responsibilities clearly, the documentation was maintained until
today actually and accurately in all organizations.
Opposite to these advantages are the work effort for the establishment of the
configuration model and the assignment of role responsibilities.
Measurement Roles and Responsibilities 21](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-41-320.jpg)
![5.2 Success Factors
The IS measurement and improvement roles and responsibilities must be designed
for the appropriate level of details, accordingly to business objectives, regulatory,
statutory, legal, contractual and stakeholder security requirements.
Clearly this model must be best adapted and scoped to the organization and
continual maintained. Such a model cannot be purchased and introduced as standard.
A good knowledge and appreciation of business impacts and priorities and overall
the involvement of all collaborators and managers concerned are imperative.
As for the whole ISMS the commitment and support from management as well
as from all levels of staff, and overall the daily application and usage of such tools
and methods by relevant stakeholders are essential and key success factors.
Corporate culture, organization and technology must be consistent and inte-
grated optimally according to the business objectives and to collaborators needs
and requirements in order to sustain business success. If such a tool is only used to
blame and abuse collaborators than the collaborators will try to prevent with all
means the introduction and maintenance of the model. A confident based, coop-
erative, team and objective oriented culture promotes such a collaborative IS.
Adequate tools, technical staff skills, sufficient IT infrastructure and IT support
are also important for a successful implementation. Based on the complexity of a
configuration model an adequate objective oriented database with high IS level
(confidentiality, availability, integrity and traceability) sustains IS effectiveness,
performance and improvement. An optimal connectivity with other systems sup-
ports change management and system inventory. It should be very simple and
intuitive to handle. All collaborators should be able to find their assigned role
responsibilities and to update information effectively in accordance to assigned
access rights.
6 Conclusion and Outlook
We presented a practice approved, efficient, traceable and easy maintainable
model to assign clear IS measurement and improvement roles and responsibilities
to all organizational levels well structured and systematically.
IS governance, business management and on the other hand software security
and network security engineering have been handled for a longer period as sep-
arate areas [12]. The innovation of this model is overall the integration of these
approaches, the fully strategic alignment and the systemic, systematic and con-
sistent approach for IS measurement, reporting and improvement. It shows up also
eventually diverse or disparate technologies and applications and contributes
thereby to more IT performance, resource and cost efficiency. The assigned
responsibilities to IS roles can be checked continually to balance workload and
improve adequate skills.
22 M. Stoll and R. Breu](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-42-320.jpg)
![As a by-product IS awareness, IT alignment with business goals, service ori-
entation, process and system thinking, as well as the comprehension for the
requirements of other organization units were increased.
It is the basis of our holistic, systemic and collaborative IS framework. Due to
excellent project experiences in several organizations there should be enhanced a
holistic, systemic, collaborative and management oriented IS approach by
regarding all success factors [V B].
Accordingly the informatics curricula should regard also more IT management
aspects based on a holistic, systemic approach.
References
1. ISO, ISO/IEC 27002 (2005) Information technology, security techniques, code of practice for
information security management, ISO, Geneva
2. PricewaterhouseCoopers LLP, information security breaches survey (2010) technical report,
www.pwc.co.uk/pdf/isbs_survey_2010_techni-cal_report.pdf. Accessed 28 july 2010
3. von Solms SH, von Solms R (2009) Information security governance, Springer, New York
4. Da Veiga A, Eloff JHP (2007) An information security governance framework. Inf Manag
Syst 24:361–372
5. Sowa S, Tsinas L, Gabriel R (2009) Business oriented management of information security.
In: Johnson ME (ed.) Managing information risk and the economics of security, Springer,
New York, pp 81–97
6. ISO, ISO Survey (2008) www.iso.org/iso/survey2008.pdf. Accessed 28 july 2010
7. ISO, ISO/IEC 27001 (2005) Information technology, security techniques, information
security management systems requirements, ISO, Geneva
8. IT governance institute, control objectives for information and related technology (Cobit) 4.1
(2007) IT governance institute, Rolling Meadows
9. Office of government commerce (OGC) (2007) ITIL Service Design, The Stationery Office
(TSO), Norwich
10. National institute of standards and technology (2008) Performance measurement guide for
information security, NIST special publication 800-55 Revision 1, Gaithersburg
11. ISO, ISO/IEC 27004 (2009) Information technology, security techniques, information
security management measurement, ISO, Geneva
12. Savola R (2007) Towards a security metrics taxonomy for the information and
communication technology industry. In Proceedings of the IEEE 2nd international
conference on software engineering advances, p 60
13. Humphreys E (2007) Implementing the ISO/IEC 27001 information security management
standard, Artech House, Boston
14. Brotby K (2009) Information security governance, a practical development and
implementation approach, John Wiley and Sons, Hoboken
15. Ray B (2007) Information lifecycle security risk assessment. Comput Secur 26:26–30
16. Wood C (2003) Information security roles and responsibilities made easy, Information
Shield, Houston
17. Stoll M, Laner D (2010) Information security and system development. In: Sobh T et al (eds)
Novel algorithms and techniques in telecommunications and networking. Proceedings of the
IEEE TeNe 08, Springer, Berlin, pp 35–40
Measurement Roles and Responsibilities 23](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-43-320.jpg)
![1 Introduction
1.1 Starting Situation
Due to the impact of technology, globalization and ever shorter change cycles of
market requirements and enterprise environmental conditions companies must
improve increasingly faster their services, products, technologies and organization.
Organizational development and continual improvement are differentiators and
key performance drivers for long-term sustainability and growth. Each company
must become a learning organization. However, existing systems supporting the
daily work of knowledge worker in service organizations have not kept pace with
the evolving complexity and diversity of challenges facing knowledge workers
[1–4]. Integrating job relevant data, information, knowledge and learning into
business operations are most important economic issues [1, 3–9].
Service organizations and their information and technology are faced with
security threats from a wide range of sources, including computer-assisted fraud,
espionage, sabotage, vandalism, fire or flood. 92 % of large enterprises had a
security incident in the last year with an average cost of 280.000–690.000 £ for the
worst incident [10]. Information security for long time was seen fundamentally as
an only technical job and integral part of the information technology (IT)
department [11, 12]. Organizations implemented a lot of technical security con-
trols, but security problems persisted and increased. Security problems are com-
plex and require a collaborative, socio-organizational and human related
information security management approach [12, 13].
More than 1.2 million organizations of different sizes and scopes are imple-
menting worldwide management systems in accordance to international standards
(e.g. ISO 9001 quality, ISO 14001 environment, ISO/IEC 27001 information
security management and others) [14]. Most of these management systems are
process oriented. They are based on the fulfillment of common principles and must
be documented, communicated, implemented and continual improved.
1.2 Purpose and Structure of the Article
In this respect one of the largest potentials for modern enterprises is the continual
improvement by information security integrated process management and col-
laborative organizational learning based on individual learning.
The documentation of standard based management systems (system documen-
tation) including the process models contains the whole explicit organizational
knowledge. It was distributed for long time as books, whereby the collaborators
received once the information and used them afterwards scarcely ever for solving
ad hoc job problems. In the last ten years it was distributed more electronically
through web-based intranets, document management platforms or as pdf. The most
26 M. Stoll](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-45-320.jpg)
![major impacts were the reduction in printed catalogs, offering too much information
and it becomes harder to reflect and improve [1, 2, 4]. Changes, improvements and
organizational learning are still isolated from the process models. Process modeling
is used primarily as a tool for the first process improvement and due to standard
requirements they are changed usually only once a year. Collaborators are not able
to discuss new ideas or questions in a context-sensitive way. Thus the models
frequently do not correspond to lived processes and do not push constantly the
knowledge and learning spiral for sustainable organization development. Changes
or new processes are quite frequently developed as hidden systems.
How we can use the process models of standard based management systems as
knowledge base to promote operation integrated, individual and collaborative
organizational learning for continual information security integrated process and
service improvement and sustainable organizations’ success?
In what a way the process models must be established, prepared, stored and
communicated in order to promote operations integrated, need-oriented access and
individual learning?
What are the main requirements for a process oriented collaborative learning
system?
Firstly we present the project objectives (Sect. 2) and analyze the requirements
for our approach (Sect. 3). Thereby we explain the main requirements of interna-
tional standards for management systems (Sect. 3.1) and establish the requirements
for a collaborative organizational learning system (Sect. 3.2). After that we report
about our approach (Sect. 4) for the development of the information security
integrated process models (Sect. 4.1), the didactical preparation (Sect. 4.2), and the
introduction and use of the collaborative organizational learning system for process
and service improvement (Sect. 4.3). Finally we document the project experiences
and results of the implementation in different service organizations with distinct
management systems (Sect. 5) including the achievement of the project objectives
(Sect. 5.1) and the success factors (Sect. 5.2). At the end we reflect about cost and
benefits (Sect. 5.3) and present an outlook (Sect. 6) and our conclusion (Sect. 7).
2 Project Objectives
By preparing the information security integrated process models in accordance
with standard based management systems (Sect. 3.1) and didactical principles, and
implementing it on a collaborative organizational learning system (Sect. 3.2) we
expect to foster:
• workplace and operations integrated, need-oriented process model access and
learning,
• process and information security improvement for service and organization
development,
• employee involvement and collaborative process improvement,
Service and Information Security Improvement 27](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-46-320.jpg)
![• practice-oriented process models,
• shorter initial training periods for new collaborators.
Thus information security integrated process models promote knowledge repre-
sentation, knowledge communication, for the implementation of the process models
and collaborative learningand knowledgegenerationfor process, information security
and service improvement in accordance to established corporate objectives. In that
way collaborative organization development for sustainable success is sustained.
3 Requirements
3.1 Main requirements of Standards for Management Systems
The ISO 9001 quality management standard [15] and other international standards
for management systems require common principles (Fig. 1):
• The vision, policy, objectives and strategies must be established and commu-
nicated regarding stakeholders requirements (top of Fig. 1).
• All business processes for service or product realization including management
processes, support processes, resource processes and optimization processes
must be defined to meet the organizations’ objectives under the focus of the
respective standard (horizontal graphic in the middle of Fig. 1).
• Objective and process oriented resource management must be promoted
including human resource development and the management of necessary
technology, infrastructures, tools and instruments (bottom of Fig. 1).
• The whole organization, their objectives and strategies, services/products and
processes must be continually measured, analyzed and improved according to
established processes in sense of a PDCA cycle (plan, do, check, act) (circle
around of Fig. 1).
The established management system must be documented, communicated
systematically, and implemented and improved continually by all collaborators.
Additionally to these basis principles ISO/IEC 27001 and other risk oriented
standards require a risk assessment for establishing a risk treatment plan to reduce
risks on acceptable levels of risk. For the identified remaining risks a suitable
business continuity plan must be developed, implemented, maintained, tested and
updated regularly.
28 M. Stoll](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-47-320.jpg)
![3.2 Requirements for a Process Oriented Organizational
Learning System
Based on literature research, the requirements of standards for management sys-
tems and collaborators and management interviews a process oriented organiza-
tional learning system demands additional to general requirements of learning
systems, following particular characteristics:
• It must be simple and intuitive to handle. It must provide the possibility to use
different views of (or leading to) the same object, different start facilities,
comfortable search functions, filtering of content using object types, simple
uploads of content and links to external literature. It must promote individual
learning by personal bookmarks, annotations, summaries and notes, as well as
glossary, FAQs, etc. [1, 6, 8, 16, 17].
• It must offer secure context-sensitive communication (discussion forum, chat) to
all elements, especially to all process model elements, as well as newsgroups,
wiki, newsletters and whiteboards. It must support content distribution, collec-
tive process improvement and collective learning [1, 6, 17].
• Uploading and the administration of new content must be simple with as large
didactical and media pedagogic support as possible [7]. There must be the
possibility to insert, annotate and discuss context sensitive the content of most
different documents and media formats (as text, graphic, table, picture, sound
records, video). Also creativity tools should be integrated [7].
• Due to requirements of the standards for management systems we need the
administration of access rights, the support of the change process, versioning
with change history and the efficiently and traceable distribution/communication
of new or changed content. Depending on organization culture also testing and
examination tools for traceable learning must be integrated [18].
• The handling of collaborators ideas, their discussion contributions and problem
reporting must be implemented for the collaborative process improvement and
in accordance with the established systematic and structured process following
the standard requirements. Due to standard requirements their effectiveness must
be evaluated.
resource management
service/product realization
interested parties
vision
policy
objective, priority, strategy
resource management
service/product realization
interested parties
vision
policy
objective, priority, strategy
Fig. 1 Main requirements of
standards for management
systems
Service and Information Security Improvement 29](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-48-320.jpg)
![• Open interfaces must be available for fostering optimal connectivity with other
systems in order to support process integration and simplify the administration
[18]. Within the controlling and improvement process all measurement data
should be communicated, evaluated by responsible departments and conse-
quently changes or optimizations should be implemented using the process
oriented organizational learning system.
• The web-based accessibility of the process oriented organizational learning
system supports mobile working hour’s independent learning, teleworking and
sustains the integration of absent collaborators [1].
4 Approach
4.1 Development of the Process Model
Firstly the process models and other parts of the system documentation must be
elaborated. Considering the needs and expectations of all stakeholders, as well as
legal and regulatory requirements we establish the organization policy with con-
sistent objectives, priorities and strategies [19]. Thereby also the relevant infor-
mation security requirements are integrated. All processes of the organization are
analyzed bottom up by interviewing the collaborators involved. The responsible
function, the applied documents, checklists, forms, used knowledge and infor-
mation, the IT applications and other tools are studied for all activities. Afterwards
the services with applied processes and related documents are optimized regarding
the established objectives including information security, as well as stakeholder
orientation, service quality, efficiency and effectiveness. The information flow
including collection and passing necessary data and information by checklist,
regulations, forms and workflow based databases is improved, too [1, 19]. Based
on the collaborative approach implicit knowledge is externalized, knowledge
identified and possible optimizations (knowledge generation) are discussed. In
accordance with the organizational purposes and objectives are considered dif-
ferent aspects, like quality, information, communication and knowledge man-
agement, data protection and information security, ambient, environment, hygiene,
occupational health and safety, as well as human resource development, resource
management, IT-management, controlling and others and integrated by a holistic
systemic process management approach [19].
For the process modeling we use a part from Gantt chart for time critical
descriptions simple structured flow-charts, which are limited to one page. There-
fore the processes are deeply structured. All processes receive also a short textual
summary.
Furthermore the necessary resources, tools, instruments and required trainings
for achieving the objectives and for improving the service and organization (e.g.
30 M. Stoll](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-49-320.jpg)
![human resource development, IT-management, maintenance or facility manage-
ment, if relevant) are analyzed, optimized and documented.
Afterwards the monitoring, measurement, analysis and optimization processes
are planned and implemented to continually improve the effectiveness of the
services and the organization. Based on the requirements of the standards all
improvements or changes must be approved by the involved collaborators, doc-
umented, communicated, implemented and their effectiveness evaluated. Collab-
orative knowledge generation, knowledge representation by process models,
knowledge communication and learning processes are structured, systematically
planned and documented [1, 3–5].
The entire process models and system documentation must correspond with lived
processes [1] and based on the constructivist method it must be practice oriented.
4.2 Didactical Preparation
After the development of the process models and the whole management system
documentation we structure the content accordingly to ISO 9001 [15] and prepare
it regarding didactical principles [8, 20]. To support collaborators need-oriented,
process and operations integrated learning the access to the single modules must be
as short as possible and optimal structured. All needs and expectations of the
collaborators are analyzed and considered as early as possible [8, 16]. They
demand particularly an efficient and effective search function and a clear struc-
tured system. Therefore the whole content is divided into small modules, type-
casted and functionally well structured. We offer an effective indexing and
different start assistances (for new collaborators, department oriented, manage-
ment oriented, topics referred, based on the standard and others). Apart of the self-
driven learning approach, the system offers also guided learning for new collab-
orators or for collaborators with little IT or learn competences.
After appropriate editing the process models and other parts of the system
documentation can be published on the collaborative organizational learning
system (Sect. 3.2). The upload function should be user-friendly, simple and
intuitive to handle with as large didactical support as possible. The constructivist
approach requires the possibility of linking different documents, sections and
media formats, as well as concepts, objects and all elements of graphics and
especially process models.
4.3 Introduction and Use
To promote the acceptance of the system the collaborators must be trained on
handling the system. They must acquire also the necessary media competence [8].
Service and Information Security Improvement 31](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-50-320.jpg)
![5 Project Experience and Results
This innovative collaborative information security integrated process management
concept for service and organization development has been implemented in several
medium-sized service organizations with distinct management systems. Most of
the organization’s collaborators own good media competences and use frequently
e-tools.
Interdisciplinarity was a great challenge and a great chance. Knowledge about
process modeling, process measurement and process improvement, organization
theory, standard based management systems, management methods and technical
knowledge was required for preparing and structuring the content; information-
technical knowledge was needed for extending the platform to meet the require-
ments of a collaborative process oriented organizational learning system (Sect. 3.2);
didactical and media-pedagogical knowledge was required for editing the contents.
The used collaborative organizational learning system should be still extended to
fulfill all requirements (Sect. 3.2).
5.1 Achieving Project Objectives
Elaborating the organization best adopted secure process models, structuring it in
accordance to ISO 9001 [15], preparing it regarding didactical principles based on
constructivist theory and publishing it on an process oriented collaborative orga-
nizational learning system (Sect. 3.2) within a confident based open corporate
culture leads to the following case study results. They were collected by measuring
the system accesses and user contributions, as well as by interviewing the lead-
ership and collaborators:
• Workplace and operations integrated, need-oriented process model access and
learning: the accesses to the process models and system documentation are
increased monthly at averaged two accesses per collaborator.
• Process and information security improvement for service and organization
development: we receive five times more suggestions and ideas, which improve
the processes, services, information security and the organization.
• Employee involvement and collaborative process improvement: the communi-
cated ideas, problems and suggestions are discussed and read on the average by
a quarter of the collaborators. On the average there are three annotations to each
discussion contribution. Thus the advantages and disadvantages of ideas are
discussed, examined and improved collaboratively by all departments before
their possible implementation. Therefore they are substantially more balanced
and more considered for implementation.
• Practice oriented process models: now unclear models, formulations or missing
content are soon analyzed and immediately changed according to established
processes and automatically communicated to all. Thus the process models and
Service and Information Security Improvement 33](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-52-320.jpg)
![documentation are adapted optimally to changing requirements of services, the
organization, their stakeholder or environmental factors.
• Shorter initial training periods for new collaborators: new collaborators are
quickly introduced into the handling of the learning system at their first working
day. Thereby they focus on the system handling and on principle information.
Afterwards they access and learn in a self-driven, need oriented and operations-
integrated way when they have questions for fulfilling their job. The lead time
could be abbreviated around a quarter. New collaborators can execute their job
faster well. The productivity increase and possible errors are reduced.
The manager of an organization with a process oriented organizational learning
system is particularly enthusiastic for the sustainable promotion of an open,
confident based corporate and learning culture with criticism and change
readiness.
The collaborators and particularly the management appreciate the structured,
effective, need-oriented, location and working hour’s independent collaborative
learning. Thus no unnecessary documentation is distributed and nevertheless all
collaborators can access exactly at appropriate time from desired location to
necessary information and knowledge. The improved internal transparency and the
discussion board promote organizational interrelationship, mutual comprehension
and synergies. The knowledge sharing by the discussion forum is specially
appreciated by collaborators, which work frequently in field service, or with
flexible working-time model or teleworking.
Standard based management systems promote by their clear structure and
systematic the building, control, approval, distribution, retrieval, use and contin-
ually collaborative improvement of processes, services and the organization.
Based on these experiences in different case studies the application of this
collaborative process improvement concept is recommended for medium and large
sized organizations and enterprises with an confidence-based, open and innovative
corporate and learning culture, where all collaborators command sufficient IT
competences, particularly in know-how or service enterprises or with distributed
locations or many collaborators in field service or with flexible working-time
models.
5.2 Success Factors
Corporate culture, services, processes, procedures, didactical principles, informa-
tion security and information technology must be integrated optimally according to
organizational objectives and to collaborators needs and requirements. The system
and all methods are thereby only tools, which support collaborative service and
process improvement and the development of the organization so far as this is
admitted by corporate culture. Therefore we need an open, confident based, col-
laborative corporate culture with criticism and change readiness [1, 9].
34 M. Stoll](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-53-320.jpg)
![The collaborators must be interested in new knowledge, able for self-driven
learning, have personal employment, team ability and change willingness apart
from necessary IT and media competences [1]. All managers must use constantly
and actively the system and motivate their collaborators in following these prin-
ciples. In this way they promote operations integrated learning and collaborative
process and information security improvement.
The processes and system documentation must be analyzed and optimized
bottom up by involving concerned collaborators and regarding all relevant aspects
in accordance to corporate objectives and stakeholders requirements. In that way
concerned collaborators support the project, develop practice oriented models with
daily used terms and integrate most of the explicit organizational knowledge.
A great challenge is the right process depth: to promote efficient and effective
learning there should be regulated as much as needed and as less as possible.
This concept extends the job of the process manager. They need additionally
didactical and media-pedagogical knowledge for preparing the content and nec-
essary skills for supporting collaborative learning and knowledge management.
Trainings and education in process management should consider more this inter-
disciplinary approach and teach basic knowledge in all areas.
Sufficient IT-infrastructure and IT-support are also very important for the
project success. Only by using an process oriented collaborative organizational
learning system, which meets as far as possible the stated requirements (Sect. 3.2)
and by promoting workplace, need-oriented, operations integrated learning a
continuously collaborative optimization of processes, services and the organization
in accordance with established objectives including information security are
secured. In that way a sustainable organization development is secured. E-learning
systems or knowledge management platforms should be extended to collaborative
process oriented learning systems in accordance to the stated requirements
(Sect. 3.2) and integrated in workflow systems.
5.3 Cost and Benefits
This innovative interdisciplinary collaborative process improvement concept
requires additionally in comparison to the common practice of process manage-
ment systems and the common applied introduction of a standard-based holistic
management system, which is adapted to the organization, the restructuring of the
content in accordance to didactical principles, the learning system and the
implementation of the documentation on it. The restructuring required in the case
studies a slightly higher effort (approximately 1–2 % of the total effort).
Opposite to the costs are the large competition advantages through need-ori-
ented operations integrated learning and collaborative process, information secu-
rity and service improvement by means of collaborators ideas, suggestions and
discussion contributions. These advantages can be measured on one hand by the
reached objectives of the project (Sect. 5.1). The influence to the sustainable
Service and Information Security Improvement 35](https://image.slidesharecdn.com/2115260-250518151326-3a53bde2/85/Emerging-Trends-In-Computing-Informatics-Systems-Sciences-And-Engineering-1st-Edition-Pablo-Cababie-54-320.jpg)
Emerging Trends In Computing Informatics Systems Sciences And Engineering 1st Edition Pablo Cababie
- 1. Emerging Trends In Computing Informatics Systems Sciences And Engineering 1st Edition Pablo Cababie download https://ebookbell.com/product/emerging-trends-in-computing- informatics-systems-sciences-and-engineering-1st-edition-pablo- cababie-4230520 Explore and download more ebooks at ebookbell.com
- 2. Here are some recommended products that we believe you will be interested in. You can click the link to download. Emerging Trends In Intelligent Computing And Informatics Data Science Intelligent Information Systems And Smart Computing 1st Ed 2020 Faisal Saeed https://ebookbell.com/product/emerging-trends-in-intelligent- computing-and-informatics-data-science-intelligent-information- systems-and-smart-computing-1st-ed-2020-faisal-saeed-10801232 Emerging Trends In Iot And Integration With Data Science Cloud Computing And Big Data Analytics Pelin Yildirim Taser https://ebookbell.com/product/emerging-trends-in-iot-and-integration- with-data-science-cloud-computing-and-big-data-analytics-pelin- yildirim-taser-46091472 Emerging Trends In Iot And Integration With Data Science Cloud Computing And Big Data Analytics Pelin Yildirim Taser https://ebookbell.com/product/emerging-trends-in-iot-and-integration- with-data-science-cloud-computing-and-big-data-analytics-pelin- yildirim-taser-46651778 Emerging Trends In Computing And Communication Etcc 2014 March 2223 2014 1st Edition Sabnam Sengupta https://ebookbell.com/product/emerging-trends-in-computing-and- communication-etcc-2014-march-2223-2014-1st-edition-sabnam- sengupta-4666294
- 3. Emerging Trends In Computing And Expert Technology 1st Ed 2020 D Jude Hemanth https://ebookbell.com/product/emerging-trends-in-computing-and-expert- technology-1st-ed-2020-d-jude-hemanth-10800838 Emerging Trends In Visual Computing Lix Fall Colloquium Etvc 2008 Palaiseau France November 1820 2008 Revised Invited Papers 1st Edition Frank Nielsen Auth https://ebookbell.com/product/emerging-trends-in-visual-computing-lix- fall-colloquium-etvc-2008-palaiseau-france-november-1820-2008-revised- invited-papers-1st-edition-frank-nielsen-auth-2039494 Advances In Mobile Computing And Communications Perspectives And Emerging Trends In 5g Networks 1st Edition M Bala Krishna Editor Jaime Lloret Mauri Editor https://ebookbell.com/product/advances-in-mobile-computing-and- communications-perspectives-and-emerging-trends-in-5g-networks-1st- edition-m-bala-krishna-editor-jaime-lloret-mauri-editor-12052666 Emerging Trends In Iot And Computing Technologies Proceedings Of The International Conference On Emerging Trends In Iot And Computing Suman Lata Tripathi Devendra Agarwal Anita Pal Yusuf Perwej https://ebookbell.com/product/emerging-trends-in-iot-and-computing- technologies-proceedings-of-the-international-conference-on-emerging- trends-in-iot-and-computing-suman-lata-tripathi-devendra-agarwal- anita-pal-yusuf-perwej-58398824 Emerging Trends In Technological Innovation First Ifip Wg 55socolnet Doctoral Conference On Computing Electrical And Industrial Systems Doceis 2010 Costa De Caparica Portugal February 2224 2010 Proceedings 1st Edition Patrcia Macedo https://ebookbell.com/product/emerging-trends-in-technological- innovation-first-ifip-wg-55socolnet-doctoral-conference-on-computing- electrical-and-industrial-systems-doceis-2010-costa-de-caparica- portugal-february-2224-2010-proceedings-1st-edition-patrcia- macedo-4201784
- 5. Lecture Notes in Electrical Engineering Volume 151 For further volumes: http://www.springer.com/series/7818
- 6. Tarek Sobh • Khaled Elleithy Editors Emerging Trends in Computing, Informatics, Systems Sciences, and Engineering 123
- 7. Editors Tarek Sobh School of Engineering University of Bridgeport Bridgeport, CT USA Khaled Elleithy School of Engineering University of Bridgeport Bridgeport, CT USA ISSN 1876-1100 ISSN 1876-1119 (electronic) ISBN 978-1-4614-3557-0 ISBN 978-1-4614-3558-7 (eBook) DOI 10.1007/978-1-4614-3558-7 Springer New York Heidelberg Dordrecht London Library of Congress Control Number: 2012940237 Springer Science+Business Media New York 2013 This work is subject to copyright. All rights are reserved by the Publisher, whether the whole or part of the material is concerned, specifically the rights of translation, reprinting, reuse of illustrations, recitation, broadcasting, reproduction on microfilms or in any other physical way, and transmission or information storage and retrieval, electronic adaptation, computer software, or by similar or dissimilar methodology now known or hereafter developed. Exempted from this legal reservation are brief excerpts in connection with reviews or scholarly analysis or material supplied specifically for the purpose of being entered and executed on a computer system, for exclusive use by the purchaser of the work. Duplication of this publication or parts thereof is permitted only under the provisions of the Copyright Law of the Publisher’s location, in its current version, and permission for use must always be obtained from Springer. Permissions for use may be obtained through RightsLink at the Copyright Clearance Center. Violations are liable to prosecution under the respective Copyright Law. The use of general descriptive names, registered names, trademarks, service marks, etc. in this publication does not imply, even in the absence of a specific statement, that such names are exempt from the relevant protective laws and regulations and therefore free for general use. While the advice and information in this book are believed to be true and accurate at the date of publication, neither the authors nor the editors nor the publisher can accept any legal responsibility for any errors or omissions that may be made. The publisher makes no warranty, express or implied, with respect to the material contained herein. Printed on acid-free paper Springer is part of Springer Science+Business Media (www.springer.com)
- 8. Preface This book includes the proceedings of the International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE 2010). The proceedings are a set of rigorously reviewed world-class manuscripts pre- senting the state of international practice in Innovative Algorithms and Techniques in Automation, Industrial Electronics and Telecommunications. CISSE 2010 is a high-caliber research four research conferences that were conducted online. CISSE 2010 received 250 paper submissions and the final program included 99 accepted papers from more than 80 countries, representing the six continents. Each paper received at least two reviews, and authors were required to address review comments prior to presentation and publication. Conducting CISSE 2010 online presented a number of unique advantages, as follows: • All communications between the authors, reviewers, and conference organizing committee were done on line, which permitted a short six week period from the paper submission deadline to the beginning of the conference. • PowerPoint presentations, final paper manuscripts were available to registrants for three weeks prior to the start of the conference • The conference platform allowed live presentations by several presenters from different locations, with the audio and PowerPoint transmitted to attendees throughout the internet, even on dial up connections. Attendees were able to ask both audio and written questions in a chat room format, and presenters could mark up their slides as they deem fit • The live audio presentations were also recorded and distributed to participants along with the power points presentations and paper manuscripts within the conference DVD. v
- 9. The conference organizers and we are confident that you will find the papers included in this volume interesting and useful. We believe that technology will continue to infuse education thus enriching the educational experience of both students and teachers. Bridgeport, CT, December 2011 Tarek Sobh Ph.D., P.E. Khaled Elleithy Ph.D. vi Preface
- 10. Acknowledgments The 2010 International Joint Conferences on Computer, Information, and Systems Sciences, and Engineering (CISSE 2010) and the resulting proceedings could not have been organized without the assistance of a large number of individuals. CISSE was founded by Professors Tarek Sobh and Khaled Elleithy in 2005, and they setup mechanisms that put it into action. Andrew Rosca wrote the software that allowed conference management, and interaction between the authors and reviewers online. Mr. Tudor Rosca managed the online conference presentation system and was instrumental in ensuring that the event met the highest profes- sional standards. We also want to acknowledge the roles played by Sarosh Patel and Ms. Susan Kristie, our technical and administrative support team. The technical co-sponsorship provided by the Institute of Electrical and Elec- tronics Engineers (IEEE) and the University of Bridgeport is gratefully appreci- ated. We would like to express our thanks to Prof. Toshio Fukuda, Chair of the International Advisory Committee and the members of Technical Program Committees. The excellent contributions of the authors made this world-class document possible. Each paper received two to four reviews. The reviewers worked tirelessly under a tight schedule and their important work is gratefully appreciated. In particular, we want to acknowledge the contributions of the following individuals: Munther Abualkibash, Mohammed Abuhelalh, Tamer Abu-Khalil, Sumaya Abu- saleh, Mohannad Abuzneid, Ibrahim Alkore Alshalabi, Laiali Almazaydeh, Muder Almi’ani, Amer Al-Rahayfeh, Ying-Ju Chen, Ayssam Elkady, Khaled Elleithy, Ali El-Rashidi, Ahmed ElSayed, Sarosh H. Patel, and Manan Joshi. Bridgeport, CT Tarek Sobh December 2011 Khaled Elleithy vii
- 11. Contents 1 Customized Opinion Mining Using Intelligent Algorithms . . . . . . 1 Pablo Cababie, Alvaro Zweig, Gabriel Barrera and Daniela Lopéz De Luise 2 Information Security Measurement Roles and Responsibilities . . . 11 Margareth Stoll and Ruth Breu 3 Service and Information Security Improvement by Collaborative Business Process Management . . . . . . . . . . . . . 25 Margareth Stoll 4 Software Design for Dynamic Stitching of Multi-Spectral Images of Field Crops . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Chi N. Thai, S. T. Jones and G. C. Rains 5 Teaching Robotics to Students with Mixed Interests . . . . . . . . . . 59 Chi N. Thai 6 An Initial Study Identifying Trends in Test Cases . . . . . . . . . . . . 69 Shivsubramani Krishnamoorthy 7 Providing Strategies for Education in Engineering for Virtual Team Development . . . . . . . . . . . . . . . . . . . . . . . . . . 85 S. E. McCaslin and M. Young 8 New Automated Assembly Model Based on Automated Route Card Scheme . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95 Yuval Cohen and Dina Goren-Bar ix
- 12. 9 On Using a Semiotic Quality Framework to Evaluate the Quality of Conceptual Database Schemas . . . . . . . . . . . . . . . 103 Erki Eessaar 10 Pareto Front Investigation of Multivariable Control Systems . . . . 117 Ka Wing Ho and M. Braae 11 Multi-Objective Performance Evaluation of Controllers for a Thermal Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 131 T. Koetje, M. Braae and M. Tsoeu 12 Design Considerations for Generalized Predictive Controllers and Systems with Fractional Dead Time . . . . . . . . . . . . . . . . . . . 147 Christopher Domenic Cecchini 13 R-Mesh Simulator Using C++ . . . . . . . . . . . . . . . . . . . . . . . . . . . 159 Abdelwadood Mesleh, Omar AlHeyasat, Mohammad Al-Rawabdeh and Mazen AbuZaher 14 Image Pre-Compensation for Visually Impaired Computer Users with Variable Pupil Size . . . . . . . . . . . . . . . . . . . . . . . . . . 171 Jian Huang, Armando Barreto, Miguel Alonso and Malek Adjouadi 15 Digital Filtering of the Pupil Diameter Signal for Affective Assessment of a Computer User . . . . . . . . . . . . . . . . . . . . . . . . . 183 Peng Ren, Armando Barreto, Ying Gao and Malek Adjouadi 16 TCCT: A GUI Table Comparison Computer Tool. . . . . . . . . . . . 197 Ali Alzaabi, Georges Alquié, Hussain Tassadaq and Ali Seba 17 Information Management for Holistic, Collaborative Information Security Management . . . . . . . . . . . . . . . . . . . . . . . 211 Margareth Stoll, Michael Felderer and Ruth Breu 18 Towards Passive Walking for the Fully-Actuated Biped Robot Nao . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 225 Gareth Priede and Alexander Ferrein 19 The Multi GPU Accelerated Waveform Inversion in Distributed OpenCL Environment . . . . . . . . . . . . . . . . . . . . . 237 M. Kloc and T. Danek x Contents
- 13. 20 The Analysis of the Efficiency of Parallelization of Existing Serial Code on the Basis of Seismic Migration. . . . . . . . . . . . . . . 245 K. Oleszko and T. Danek 21 A Cluster Analysis for Determining the Effects of Codes of Conduct in the Business Administration . . . . . . . . . . . . . . . . . 253 David López-Jiménez, Salvador Bueno and M. Dolores Gallego 22 Playing with Numbers: Development Issues and Evaluation Results of a Computer Game for Primary School Students . . . . . 263 Chris T. Panagiotakopoulos, M. E. Sarris and E. G. Koleza 23 Reverse Auctions: How Electronic Auctions Can Aid Governments in Significantly Cutting Their Procurement Spending and Introduce Greater Competition in Public Sector Contracting. . . . . . . . . . . . . . . . . . . . . . . . . . . . 277 David C. Wyld 24 Models for Some Smart Toys and Extensions . . . . . . . . . . . . . . . 291 Dan Ciulin 25 Matrix-Based Methods for Supporting Logic Planning of IT Projects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Zsolt Tibor Kosztyán and Judit Kiss 26 From Three Dimensional Document Circulation Diagram into UML Diagrams . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 Ilona Bluemke and Stanislaw Jerzy Niepostyn 27 Operating System for Wireless Embedded Systems Powered by Energy Harvesters . . . . . . . . . . . . . . . . . . . . . . . . . . 331 Attila Strba and Tibor Krajčovič 28 Data Transformation and Data Transitive Techniques for Protecting Sensitive Data in Privacy Preserving Data Mining. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345 S. Vijayarani and A. Tamilarasi 29 Handling Maintenance Projects with Matrix-Based Methods . . . . 357 Zsolt T. Kosztyán, Csaba Heged} us, Judit Kiss and Anikó Németh 30 Computer Aided Diagnostic Methods to Forecast Condition-Based Maintenance Tasks . . . . . . . . . . . . . . . . . . . . . . 367 Zsolt Tibor Kosztyán and Csaba Heged} us Contents xi
- 14. 31 On Numerical Approach to Stochastic Systems Modelling . . . . . . 381 Eimutis Valakevicius and Mindaugas Snipas 32 An Advanced DSS for Classification of Multiple-Sclerosis Lesions in MR Images . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 I. De Falco, M. Esposito and G. De Pietro 33 E-Learning Software for Students with Autism . . . . . . . . . . . . . . 403 Soly Mathew Biju, Catherine Todd, Latif Tchantchane and Bushra Yakoob 34 Steganography and Steganalysis: Current Status and Future Directions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 411 Eman Abdelfattah and Ausif Mahmood 35 Validation of System Architectures Against Requirements . . . . . . 423 Andre Pflueger, Wolfgang Golubski and Stefan Queins 36 A Few Reflections Regarding Assessment in an E-Learning Environment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 437 Jan Genci 37 Methods to Ensure Higher Variability of Knowledge Tests in the Moodle LMS Environment . . . . . . . . . . . . . . . . . . . . . . . . 447 Jan Genci 38 The Use of Virtualization and Thin Clients Within the Infrastructure of Computer Labs . . . . . . . . . . . . . . . . . . . . . 455 R. Mitwicki, S. Sikora and T. Danek 39 Testing Mobile Agents on the Azul Platform . . . . . . . . . . . . . . . . 463 Michał Komorowski 40 Support of Relational Algebra Knowledge Assessment . . . . . . . . . 475 Henrieta Telepovska and Matus Toth 41 On Synergy of Motivational Projects and Agile Software Development Practices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 487 Deniss Kumlander 42 Expert System as the Tool for Information Asymmetry Reduction on RCBS Market in EU . . . . . . . . . . . . . . . . . . . . . . . 499 M. Hedvicakova and I. Soukal xii Contents
- 15. 43 Instructional Design for Building Entrepreneurial Competency in Romania: First Stage Research Framework and Results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 C. A. Hutu and S. Avasilcai 44 Security Requirements for Internet Voting Systems . . . . . . . . . . . 519 Md. Abdul Based and Stig Fr. Mjølsnes 45 A Multi-Algorithm, High Reliability Steganalyzer Based on Services Oriented Architecture. . . . . . . . . . . . . . . . . . . . . . . . 531 Eman Abdelfattah and Ausif Mahmood 46 A Quality Model of Metamodeling Systems . . . . . . . . . . . . . . . . . 543 Rünno Sgirka and Erki Eessaar 47 Selection of Appropriate Data Storage for Wavelet Transform Coefficients . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 557 I. Žouželková, R. Vala and M. Juřík 48 Drug Delivery by Electroporation: Review . . . . . . . . . . . . . . . . . 567 Sadhana Talele 49 Wine Maturation Using High Electric Field. . . . . . . . . . . . . . . . . 577 Sadhana Talele and Mark Benseman 50 A Computational Intelligence Approach for Forecasting Telecommunications Time Series . . . . . . . . . . . . . . . 585 Paris A. Mastorocostas and Constantinos S. Hilas 51 Designing a Networking Tool for Automatic Domain Zone Updating . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 597 Charalambos Alatas and Constantinos S. Hilas 52 Open Source Software Development: Exploring Research Perspectives. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 607 Preet Kanwal, Anu Gupta and Ravinder Kumar Singla 53 Informal Instructional Design to Engage and Retain Students in Engineering . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Cecilia K. Y. Chan and Tom Colloton 54 TCP with Advanced Window Scaling Option. . . . . . . . . . . . . . . . 629 Michal Olšovský and Margaréta Kotočová Contents xiii
- 16. 55 Implementation of the Handheld Decision Support System for Agriculture and Home Gardening . . . . . . . . . . . . . . . 637 Mária Pohronská and Tibor Krajčovič 56 A Low-Overhead BIST Architecture for Digital Data Processing Circuits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Roland Dobai, Marcel Baláž, Peter Trebatický, Peter Malik and Elena Gramatová 57 Dynamic Web Service Composition with MDE Approaches and Ontologies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661 Eduardo D. C. Bezerra, Denivaldo Lopes and Zair Abdelouahab 58 An Approach Based on Z Language for Formalization of Model Transformation Definition . . . . . . . . . . . . . . . . . . . . . . 677 Carlos C. G. Mendes, Zair Abdelouahab and Denivaldo Lopes 59 Intrusion Detection System for Botnet Attacks in Wireless Networks Using Hybrid Detection Method Based on DNS . . . . . . 689 Raimundo Pereira da Cunha Neto, Zair Abdelouahab, Valéria Priscilla Monteiro Fernandes and Bruno Rodrigues Froz 60 Parallelization of Closed-Form Stiffness Matrix Generation for Tetrahedral Finite Elements . . . . . . . . . . . . . . . . . . . . . . . . . 703 Sara E. McCaslin 61 Metrics in Assessing the Quality and Evolution of jEdit. . . . . . . . 717 Ilona Bluemke and Rafal Roguski 62 Customising a BBVC for Asterisk VoIP Services . . . . . . . . . . . . . 729 Y. Oyedele, A. Terzoli and K. Mufeti 63 An Exploratory Empirical Study of Internal Quality Attributes of Open Source Software Systems. . . . . . . . . . . . . . . . 737 Denis Kozlov, Jussi Koskinen, Markku Sakkinen and Jouni Markkula 64 An Approach to Information Technologies for Solving Mathematical Physics Problems . . . . . . . . . . . . . . . . . . . . . . . . . 751 A. Jansone and L. Zacs. K. Jakimov 65 Multiple Software Watchdog Timers in the Linux OS . . . . . . . . . 759 J. Abaffy and T. Krajčovič xiv Contents
- 17. 66 An Ontology-Based Fuzzy Approach for Alert Verification and Correlation in RFID Systems. . . . . . . . . . . . . . . 767 M. Esposito 67 XML Database Storage for Web based Application . . . . . . . . . . . 781 Puspha Rani Suri and Neetu Sardana 68 Towards C# Application Development Using UML State Machines: A Case Study. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 793 Anna Derezińska and Marian Szczykulski 69 Visualization of Verilog Digital Systems Models . . . . . . . . . . . . . 805 K. Jelemenská, M. Nosál’ and P. Cičák 70 Expert System Aided Power System Reinforcement with Reliability and Voltage Sag Consideration . . . . . . . . . . . . . . 819 Sahar A. Moussa, M. El-Geneidy and E. N. Abdalla 71 A TSK Fuzzy Approach to Channel Estimation for 802.11a WLANs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831 Laura Ivanciu, Ligia Chira Cremene and Gabriel Oltean 72 Comparison of Bootstrapping and Finite State Machine Simulations of a Scheduling Benchmark . . . . . . . . . . . . . . . . . . . 841 George Anderson, Tshilidzi Marwala and Fulufhelo Vincent Nelwamondo 73 Low Power 8-Bit Baugh–Wooley Multiplier Based on Wallace Tree Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . 851 Xingguo Xiong and Muzi Lin 74 Rapid Prototyping and CAD/CAM in Building Design Education: A Very Early Introduction to Mass Customization . . . . . . . . . . . 867 Neander Silva and Ecilamar Lima 75 Design and Implementation of Nonlinear Control Strategies: A Tutorial . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877 J. F. Briones, M. A. Paz, J. L. Gallegos, J. I. O. Rodriguez and M. O. Aguilar 76 Using PRINCE2 Project Management Methodology to Develop SOA Based Applications . . . . . . . . . . . . . . . . . . . . . . 891 U. Şimşek and H. Gümüşkaya Contents xv
- 18. 77 Logical Circuits Design Education Based on Virtual Verification Panel. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 903 P. Pištek, R. Marcinčin, T. Palaj and J. Štrba 78 Extending LR Parsing to Implement Rewriting Semantics in Extensible Programming Languages . . . . . . . . . . . . . . . . . . . . 915 Ernesto Ocampo Herrera and Leonardo Val 79 Neuro-Fuzzy Model Related To Job Assignation . . . . . . . . . . . . . 927 Marius Pislaru and Silvia Avasilcai 80 Time-Based Location Prediction Technique for Wireless Cellular Networks . . . . . . . . . . . . . . . . . . . . . . . . . . 937 Joshua Bradley and Sherif Rashad 81 Computer Simulation Applied to the Design of Urban Public Spaces: Day Lighting in the Squares. . . . . . . . . . . . . . . . . 949 Tatiana Yeganiantz, Neander Silva and Ecilamar Lima 82 Some Results in Automatic Functional Test Design for Processors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965 Ján Hudec 83 Enhanced Classroom Presenter. . . . . . . . . . . . . . . . . . . . . . . . . . 973 K. Jelemenská, P. Koine and P. Čičák 84 A Textual Domain Specific Language for User Interface Modelling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985 Mart Karu 85 Vehicle Detection Even in Poor Visibility Conditions Using Infrared Thermal Images and Its Application to Road Traffic Flow Monitoring . . . . . . . . . . . . . . . . . . . . . . . . 997 Yoichiro Iwasaki, Shinya Kawata and Toshiyuki Nakamiya 86 Using Data Mining Techniques for Diagnostic of Virtual Systems Under Control of KVM . . . . . . . . . . . . . . . . 1011 Monika Chuchro, Kamil Szostek, Adam Piórkowski and Tomasz Danek 87 C# Based Media Center . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1023 Taner Arsan, Rasim Sen, Barkan Ersoy and Kadir Kadirhan Devri xvi Contents
- 19. 88 An Efficient Intrusion Detection System for Mobile Ad Hoc Networks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 B. V. Ram Naresh Yadav, B. Satyanarayana and O. B. V. Ramanaiah 89 The Academic Rating Criteria for Knowledge Web-Based in Thailand . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1051 K. Dowpiset and C. Nuangjamnong 90 Traditional and Modern MCQ Methods as In-class Formative Assessment . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1061 Cecilia K.Y. Chan, Vincent W.L. Tam and Wilton T.T. Fok 91 Evaluating the Impact of Various Modulation Schemes on WiMAX Quality of Service . . . . . . . . . . . . . . . . . . . . . . . . . 1067 Justin Morgan and Hetal Jasani 92 Estimation of Depth Map Using Image Focus: A Scale-Space Approach for Shape Recovery . . . . . . . . . . . . . . 1079 W. A. Smith, K. P. Lam, D. J. Collins and J. Tarvainen 93 Applying Intelligent Agents in Traffic Control for Traffic Intersection Groups . . . . . . . . . . . . . . . . . . . . . . . . . 1091 Tzong-An Su and Yau-Chiuan Yang 94 Energy Saving in Advanced Absorption Heat Pump with Object Oriented Programming . . . . . . . . . . . . . . . . . . . . . 1101 R. J. Romero, S. Silva-Sotelo, Rodríguez Martínez and J. Cerezo Román 95 Application of Artificial Neural Networks in Chosen Glass Laminates Properties Prediction . . . . . . . . . . . . . . . . . . . 1113 Soňa Rusnáková, Zora Jančíková, Pavol Koštial, David Seidl, Ivan Ružiak and Richard Puchký 96 Archaeology, Incas, Shape Grammars and Virtual Reconstruction. . . . . . . . . . . . . . . . . . . . . . . . . . . . 1121 W. Iain Mackay and Neander F. Silva 97 Strategic Design of a Financial Model . . . . . . . . . . . . . . . . . . . . 1133 Simone Santos, Brandon Link, Mauricio Tagliari and Adolfo Alberto Vanti Contents xvii
- 20. 98 Numerical Analysis of Electromagnetic Field Coupled with the Thermal Field in Induction Heating Process . . . . . . . . 1143 Mihaela Novac, Ovidiu Novac, Ecaterina Vladu, Liliana Indrie and Adriana Grava 99 Process Deployment: A Taxonomy of Critical Success Factors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1153 Luz S. Bayona, Jose A. Calvo-Manzano, Gonzalo Cuevas and Tomás San Feliu Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1163 xviii Contents
- 21. Customized Opinion Mining using Intelligent Algorithms Pablo Cababie, Alvaro Zweig, Gabriel Barrera and Daniela Lopéz De Luise Abstract Since the INTERNET outburst, consumer perception turned into a complex issue to be measured. Non-traditional advertising methods and new product exhibition alternatives emerged. Forums and review sites allow end users to suggest, recommend or rate products according to their experiences. This gave raise to the study of such data collections. After analyze, store and process them properly, they are used to make reports used to assist in middle to high staff decision making. This research aims to implement concepts and approaches of artificial intelligence to this area. The framework proposed here (named GDARIM), is able to be parameterized and handled to other similar problems in different fields. To do that it first performs deep problem analysis to determine the specific domain variables and attributes. Then, it implements specific functionality for the current data collection and available storage. Next, data is analyzed and processed, using Genetic Algorithms to retro feed the keywords initially loaded. Finally, properly reports of the results are displayed to stakeholders. 1 Introduction The paper represents the result of research carried out in the ITLab University of Palermo. Within this context, emerged the proposal for a system to collect and process information in a particular topic and to show the results in report form for analysis and decision making process. The problem arises from the need for a pharmaceutical company to obtain the perceptions of consumers available on the web about their products and competitors. Opinions are subjective expressions that reflect the perceptions or feelings of people about events or entities. When someone P. Cababie () A. Zweig G. Barrera D. L. De Luise Univesidad de Palermo, Buenos Aires, Argentina e-mail: pcabab@palermo.edu T. Sobh and K. Elleithy (eds.), Emerging Trends in Computing, Informatics, Systems Sciences, and Engineering, Lecture Notes in Electrical Engineering 151, DOI: 10.1007/978-1-4614-3558-7_1, Springer Science+Business Media New York 2013 1
- 22. needs to make a decision, one factor that can cooperate to take it wisely is the opinion of others. Before the explosion of the Web, when an individual needed to make a decision, he used to consult with the family and alleges. When a company needed to know the opinion of the general public about a product or service, it used to send polls and interest groups. With the emergence of the Web, information started to appear online and available to everybody in public forums, discussion groups, or bogs. This new sites are defined as part of the concept called Web 2.0 user-generated content. The world wide web, having over 350 million pages, continues to grow rapidly at a million pages per day [1]. About 600 GB of text changes every month [2]. This available information becomes an essential tool for decision-making process based on a new paradigm called ‘‘crowdsourcing’’ [3]. Thus, these opin- ions and debates on the Web become highly relevant for companies or people to make decisions. However, it must be pointed that these views are sometimes not as easily identifiable and are hidden in different users’ personal pages or forums. Therefore, the main challenge of the project is based on the collection, identifi- cation, processing and reporting of results of this ‘‘crawling’’. Throughout the work, covering topics such as background and previous and related research of the topic, the structure of the system, the process and analysis of the collected information and finally conclude with the future work proposed. 2 Background and Related Research There are research papers relating to opinion mining. Most of them approach the problem from the point of view of semantic interpretation of the wording found on the Web [4–6]. For example, crawl a forum and analyzing the text for product reviews, recommendations and complaints[7–9]. Several papers focuses in the identification of opinion. If it is critical, comparation, complains, praise or sites directly sense devoted to the exchange of views [5, 10]. Also, there are studies that are based on a list of words classified as good or bad, used to catalog the mention of the view as positive, negative or neutral. The lists are defined with a lot of words dictionary as well, excellent, spectacular, bad, poor, etc. [11–15]. Also, to this list are incorporated opinion phrases such as ‘‘cost an arm and a leg’’ or ‘‘you need to rob a bank’’ or ‘‘is to pull the money.’’ Related work can also be found in a research which it is proposed to differentiate the genuine opinion of the ‘‘opinion Spam’’ or ‘‘unwanted view’’ [16]. In this research it is analyzed opinion spam’s factors and proposes methodologies to identify and isolate it. Among the background of the topic have found many works and established a theo- retical framework on the subject quite extraction of opinions on the Web, Opinion miningand adjacenttracks, however, still have not been documented implementations of these concepts applied to any industry or a non-scientific or academic purpose. Existing studies focus upon the discovery and conceptualization of new terms and modeling of the new reality brought by the advent of the Internet and new commu- nication technologies, but not in use for practical purposes. Keep in mind that the work and research more relevant and committed to this issue are recent ones, since about 20 years ago, these concepts were unthinkable or difficult 2 P. Cababie et al.
- 23. to conceive even with technologies that were unknown. Moreover, there was a published paper in which the objective is to detect trends in electoral campaigns using existing technology and information collected on social Web sites [17]. In the latter study it identifies different strategies for collecting information to analyze: 1. Comprehensive tracking: collecting all possible information in a given period of time. 2. Incremental Crawl: We revisit the pages already stored for changes and if changes, these are re-done. 3. Tracking focused: looking for information on a topic based on a ranking algorithm that filters the results that are not relevant. 4. Deep Tracking: Collect important information about a particular issue. Unlike the focused crawling, it has the ability to complete forms on the web to store and access the pages returned a completed form. In addition, there were found research papers approaching crawling from dif- ferent point of views. Crawlers and agent have grown more sophisticated [18]. Topical crawler have been studied extensively the last years [19–23]. Some interesting methods proposed in recent years are those of fish search [24] and focused crawling [25]. Focused crawling concept was implemented using a classifier that evaluates the relevance of hypertext document with respect to the focus topics and a distiller that identifies hypertext nodes that are great access points to many relevant sources [19]. There shouldn’t be forgotten to analyze the linkage sociology, locating specialty sites and community culture [19]. The focused crawling is different in using a topic taxonomy, learning from example and using graph distillation to track topical hubs. After this research, it was found a lot of anecdotal evidence that bicycle pages are not refer a lot of other bicycle pages, but also refer more significantly more than one might expect to rd cross and first aid pages. Similarly, HIV/AIDS pages often do not directly refer to other HIV/AIDS pages but refer to hospital hoe pages. AI implementations for crawling was proposed beginning with a basic exposure to search algorithms and then to be extended in a number of directions to include information retrieval, Bayesian learning, unsupervised learning, natural language processing, and knowledge representation [26]. 3 Proposed Structure and Model The system that supports the research consists on a set of three modules: 3.1 Crawler The crawler is in charge of Internet searching and text by storing in a database for further processing. This module has the following input components (input minimum): Customized Opinion Mining using Intelligent Algorithms 3
- 24. • Parameter to search. • Pages where to look. • Deep level navigation links (if there is no limit would be sought through the Internet and never end this stage). • Restrictions (e.g search only in a domain). • Parameters to function as a filter (words that should not contain the text). The operator enters the start point pages and then navigates the system for their ‘‘children’’ (linked) to the depth defined in the configuration. Is relevant to mention that the average number of outlinks on web pages is 7 [27]. This module basically follows the following behavior: 1. Loading a page. 2. Debug the code and convert it to plain ASCII text. 3. Read the HTML code in search of the parameter and if does not contain the filter words. 4. Search on the same code links to other pages (which must not exceed the maximum level of depth, no restrictions skip) to form a list of URLs to keep searching. 5. If step 3 was yes, the code goes to the analyzer. The module generates text files with different information. Among them, there will be a metadata file, one with the title of the page, one with a header and the contents of the text in the body. In this way, can be isolated and properly process each part of the page separately. 3.1.1 Defined Directory Structure It has been defined a structure to store the necessary files with information gath- ered after the sweep of the sites. The structure consists on a directory for each type of file stored. All those listed and indexed in a flat file. (Bd.txt). In this file each destination will have an ID followed by the URL. The other files will have the ID as a name and an extension that indicates their content, for example: www.pagina.com —[ 12345. Then the files will emerge from this page: 12345.src (source). 12345.bdy (text body of the page). 12345.lin (links page). 12345.tit (title tag information). 122345.mta (information from meta data page). 12345.etc. (Additional information varies). 12345.ima (images listed on page). 12345.ifr (information contained in the Iframe tag). 12345.hrf (information inside the href tag). 4 P. Cababie et al.
- 25. It should be noted that for testing purposes, it was chosen to use ANMAT (National Administration of Drugs, Food and Medical Technology) as a start point. (http://www.anmat.gov.ar/). Later new URLs will be added to the scan list (Fig. 1). The scanned websites are analyzed to make sure that they are written in Spanish. The procedure that we use to define their language is based on the amount of times the letter ‘‘e’’ appeared in the text. As is illustrated in Fig. 2, the architecture was implemented using a standard model-view-controller. Figure 3 shows the defined scheme for the content of the module ‘‘Model.’’ In this module, it is implemented Genetic Algorithms to explore and expand the scope of the search criteria. Basically the system analyzes word by word and associates it with an ID which later is linked to its frequency. The implementation use genetic algorithms oper- ations such as mutation to infer and deduce new words to crawl and amplify the range of search, providing more opportunities to find the information needed. 3.1.2 Metrics The system on each crawling operation estimates metrics about the amount of crawled web pages in every launch and crawling time to check the performance of the system. Also, it provides information about unreachable and rejected web pages. Sometimes, the system found web pages referencing broken links, pages with forbidden access and or misspelled links. Another metrics provided are the amount of links, hits and words contained in the web page. All of these properties will impact in the later ponderation of the webpage, making the scoring increase or decrease. (i) Sub analyzer module. This sub module is part of the crawler or search engine. Fig. 1 Gdarim application screenshot Customized Opinion Mining using Intelligent Algorithms 5
- 26. The analyzer (see Fig. 4) was implemented using the Composite design pattern. It crawls the directory structure that hosts the pages provided by the Crawler. The following is the description of the behavior of the algorithm to process the files: For each plain text file: 1. Take the next line L in the text. 2. Apply Porter’s algorithm, obtaining the root R of each word. Internet Database Tools and additional libraries Model View Controller Fig. 2 Architecture Analyser Crawler Data Mining module – machine learning Results Fig. 3 Module ‘‘Model’’ Load file Process sub-matrixes Rala Matrix Integration Rala Dictionary Fig. 4 Sub module parser analyzer 6 P. Cababie et al.
- 27. 3. For each R: 3.1 Save the dictionary Dictionary.dct. 3.2 Save file[ matrix. MTRX. 4. If there are more lines in A, then go to 1. After generating the dictionary and the array of frequencies for each file, pro- ceed to the integration of all partial matrices to a single array calledintegration[. MTRX. In this stage it was implemented the following algorithm: [18]. Generate sparse matrix integration[. MTRX empty: 1. Take a matrix file[. MTRX. 2. Integrate content in integration[. MTRX. 3. If more file[. MTRX then go to 1. It should be noted that each word in the dictionary Dictionary.dct is unique and its records have the following format: WEIGHT ON ID þ APPEARANCES At the same time in the file[. MTRX there are records with the following structure. ID þ QTY occurrence Where CANT-occurrence is a counter from 1 (indicating the first appearance of the word identification ID) to n (indicating the total number of times the same word that appears in row). Finally, in the matrix integration[. MTRX records with the following structure. ID FILE þ ID þ OCCURRENCE Where ID-Archive, is the unique identifier for each file processed (usually asso- ciated with a single URL) and can OCCURRENCE 1 (indicating the occurrence of the word with ID within the file A) or 0 (indicating the absence of such same word in A). As an example, suppose the following ej.txt file with the contents: ‘‘The practices are complicated. There is a practice file.they claim that the situation is complicated’’. The resulting matrix for ej.txt.mtrx file will contain: 1,1 2,1 3,1 4,1 5,1 1,1 6,1 Customized Opinion Mining using Intelligent Algorithms 7
- 28. 7,1 8,1 9,1 3,1 1,1 10,1 11,1 12,1 13,1 14,1 15,1 Also, the generated entries in the dictionary Dictionary.dct are: Afirm,10,0.0714285746216774,1 Las,2,0.0714285746216774,1 son,4,0.0714285746216774,1 Hay,6,0.0714285746216774,1 un,7,0.0714285746216774,1 de,9,0.0714285746216774,1 situ,13,0.0714285746216774,1 archiv,8,0.0714285746216774,1 practic,3,0.1428571492433548,2 la,12,0.0714285746216774,1 que,11,0.0714285746216774,1 complic,5,0.1428571492433548,2 es,14,0.0714285746216774,1 3.2 Data Mining Module This module processes the views stored in the sparse matrix contained in text files using advanced techniques of ‘‘machine learning’’ [8, 28]. 3.3 Presenter Module This module is the last in the system and is responsible for exposing the user’s search results completed and all information processed in the previous modules. The results are presented through pie charts and reports with all the needed information for analysis and decision making. 8 P. Cababie et al.
- 29. 4 Scope In the initial analysis of the research it was required to define the scope of the system developed to constrain the domain of the problem. This simplification provides the possibility of facilitating the conceptualization and development in a maintainable and orderly system. Moreover, these limitations on the system will let verify the results of the research and the application developed. The restrictions are: 1. The system will process only is Spanish pages. 2. The depth level is part of the system configuration. 3. The module only processes HTML, Excel, PDF and Word files. 4. The application uses a dictionary to identify opinions. 5 Conclusion and Future Work The investigation as it progresses seems even more exciting and viable. The publications so far do not provide relevant information to solve the specific problem. The project will represent a significant improvement for the collection and administration of specific information in an efficient and automatic way. The next few months the project will focus on refining the relations in the database, model and improve the development and system design that enable collecting data wherever they are. After test this development deeply, will proceed to implement the concept of genetic algorithms to optimize the information search task. Tests will be required and adjustments on fitness functions to improve performance and to consider all the alternative answers. In particular, for the crawler module, the keywords must be defined to find the type of pages to go in case of multilingual sites. It will be added check boxes (checkboxes) to the user interface to setup the options such as learning threshold and histogram pruning. References 1. Bharat K, Broder A (1998) A technique for measuring the relative size and overlap of the public web search engines. Comput Netw 30:107–117 2. Kahle B (1997) Preserving the internet. Sci Am 276(3):82–83 3. Howe J (2006) The rise of crowdsourcing. Wired Mag 14(6):1–4 4. Ding X, Liu B, Zhang L (2009) Entity discovery and assignment for opinion mining applications. KDD’09, Paris, June 2009 5. Dave D, Lawrence A, Pennock D (2003) Mining the peanut gallery opinion extraction and semantic classification of product reviews. WWW’03, 2003 6. Ding X, Liu B, Yu P (2008) A holistic lexicon-based approach to opinion mining. WSDM’08, 2008 Customized Opinion Mining using Intelligent Algorithms 9
- 30. 7. Hu M, Liu B (2004) Mining and summarizing customer reviews. In: Proceedings of the KDD-2004, Seattle, 2004 8. Pang B, Lee L, Vaithyanathan S (2002) Thumbs up sentiment classification using machine learning techniques. In: Proceeding of EMNLP’02, Philadelphia, 2002 9. Malesh J, Carolyn P-R (2009) Generalizing dependency features for opinion mining 10. Bing L (2008) Opinion mining. Invited contribution to encyclopedia of database systems 11. Esuli A, Sebastiani F (2006) Determining term subjectivity and term orientation for opinion mining. EACL’06, 2006 12. Hatzivassiloglou V, McKeown K (1997) Predicting the semantic orientation of adjectives. In Proceedings of the ACL-EACL’97, 1997 13. Jindal N, Liu B (2006) Mining comparative sentences and relations. In: Proceedings of the twenty first national conference on artificial intelligence AAAI’06, Boston, 2006 14. Kaji N, Kitsuregawa M (2007) Building lexicon for sentiment analysis from massive collection of HTML documents. EMNLP’07 15. Kanayama H, Nasukawa T (2006) Fully automatic lexicon expansion for domain-oriented sentiment analysis. EMNLP’06 16. Jindal N, Liu B (2008) Opinion spam and analysis. Proceedings of first ACM international conference on web search and data mining (WSDM-2008). Stanford University, Stanford, 11–12 Feb 2008 17. Mario J, Luis S (2010) The design of optimist and opinion mining system for portuguese politics. J Soc Criminol 1:2 (Spring/Summer 2010) 18. Lawrence S, Giles CL (1998) Searching the world wide web. Science 280(5360):98–100 19. Chakrabarti S (1999) Focused crawling a new approach to topic-specific Web resource discovery 20. Chakrabarti S (2002) Acelerated focused crawling through online relevance feedback. In: WWW 2002, Hawaii, May 2002 21. De Bra PME, Post RJD (1994) Information retrieval in the world wide web: making client- based searching feasible 22. Hersovici M (1998) The shark search algorithm—An application: tailored web site mapping 23. Menczer F, Belew RK (2000) Adaptative retrieval agents: internalizing local context and scaling up to the web. Mach learn 39(2/3):203–242 24. Bharat K, Henzinger M (1998) Improved algorithms for topic distillation in hyperlinked environment. ACM SIGIR conference, 1998 25. Aggarwal CC (2001) Intelligent crawling on the world wide web with arbitrary predicates. In: Proceedings of the 10th international conference on World Wide Web, Hong Kong, May 2001 26. Brooks CH (2008) Web crawling as an AI project. In: Proceedings of the AAAI 2008 AI education colloquium. Chicago, July 2008 27. Ravi Kumar S, Raghavan P (2000) Stochastic models for the web graph. In: FOCS, Redondo Beach, November 2000 28. Machine learning definition, http://en.wikipedia.org/wiki/Machine_learning 10 P. Cababie et al.
- 31. Information Security Measurement Roles and Responsibilities Margareth Stoll and Ruth Breu Abstract An adequate information security management system (ISMS) to minimize business risks and maximize return on investments and business opportunities is recognized always more as key differentiator. Thus legal com- pliance, commercial image and competitive edge are sustainable maintained. Due to increasingly faster changing information security (IS) requirements (from market, customer, technology, law or regulations) the effectiveness and perfor- mance of the ISMS must be continually evaluated and improved. Data must be recorded, analyzed and if necessary appropriate corrective or preventive actions should be taken. For these measurement and improvement tasks we have to assign roles and responsibilities. Firstly we define different roles and their tasks for information security (IS) measurement and improvement. Starting from the approved organizational structure we assign the responsibilities for these roles to top and executive management. After we elaborate and document all relevant business processes with their supporting IT services and go on through all tech- nical layers describing the relevant items with their dependencies and relation- ships. To entire processes, services and items are assigned responsibilities for the defined roles systematically, consistently and traceably. This innovative, systemic, strategic aligned approach has been implemented successfully by different medium sized organizations for several years. Based on our experiences IS awareness, IT alignment with business goals, service orientation, process and systems thinking, as well as the comprehension for the requirements of other organizational units were increased. M. Stoll () R. Breu University of Innsbruck, Technikerstr. 21a, 6020 Innsbruck, Tyrol, Austria e-mail: margareth.stoll@uibk.ac.at R. Breu e-mail: ruth.breu@uibk.ac.at T. Sobh and K. Elleithy (eds.), Emerging Trends in Computing, Informatics, Systems Sciences, and Engineering, Lecture Notes in Electrical Engineering 151, DOI: 10.1007/978-1-4614-3558-7_2, Springer Science+Business Media New York 2013 11
- 32. 1 Introduction 1.1 Starting Situation Due to globalization and ever stronger competition information management and supporting technologies have become key assets and differentiators for modern organizations. They are main performance driver for continual innovation and sustainable success. Organizations and their information and technologies are faced with security threats from a wide range of sources, including computer- assisted fraud, espionage, sabotage, vandalism, fire or flood. Causes of damage have become more common, further ambitious, and increasingly sophisticated [1]. 92 % of large enterprises had a security incident in the last year with an average cost of 280.000–690.000£ for the worst incident [2]. Mobile and cloud computing, off-shoring, social networks, as well as the increasing interconnected, flexible and virtualized business complexity and dependency are still great challenges for IS. Organizations have to meet many different legal and regulatory requirements, such as data protection, sound and integer financial practices and internet crime. Most modern corporate governance guidelines, and always more laws, make the top management responsible for the well-being of the organization. Lack of security compliance may result in loss of confidence of customers, partners and shareholders, as well as severe civil and criminal penalties for the top manage- ment. In this respect availability of the essential assets, confidentiality, data integrity and legal and regulatory compliance are central for organizations’ success and integral part of good IT and corporate governance [3–5]. More than 6,600 organizations worldwide [6] have implemented ISMS in accordance to ISO/IEC 27001. This international standard provides a model for establishing, operating, monitoring, maintaining and improving an ISMS to meet the specific security and business objectives of the organization and legal, statu- tory, regulatory and business obligations [1, 7]. Several best practices for IS management have been developed, such as Control Objectives for Information and related Technology (COBIT) [8], Information Technology Infrastructure Library (ITIL) [9] and national guidelines, such as NIST 800-53 [10]. 1.2 Purpose and Structure of the Article An increasingly faster changing environment (market, customer, technology, law or regulations) requires continual adaption of business objectives, processes, controls and procedures. It is a widely accepted principle that an activity cannot be managed and overall not improved sustainably if it cannot be measured. Therefore the effectiveness and performance of the ISMS and the actual risk and compliance situation must be continually evaluated and improved [3–5, 8–12]. Effectively implemented security measurements demonstrate the value of IS to top 12 M. Stoll and R. Breu
- 33. management, face informed decision making, demonstrate compliance, improve security confidence and enable stakeholders to continual improve IS [8, 10, 12, 13]. It is a critical success factor for sustainable IS [1]. IS management, business management and on the other hand software security and network security engineering have been handled for a longer period as sep- arate areas [12]. Measurement data are obtained at different levels within an organization. They are recorded and analyzed to detect errors and security events, to identify attempted and successful security breaches, incidents, threats and external events (such as changes to the legal or regulatory environment, changed contractual obligations, and changes in the physical environment) and to define effectiveness and performance of the implemented controls and the ISMS [7]. Based on this analysis appropriate corrective and/or preventive actions are elab- orated, prioritized, approved, implemented and evaluated [1, 7, 10, 11]. It is axiomatic that those things for which no one is explicitly accountable are often ignored [14]. Thus we must define roles and responsibilities for all necessary tasks. According to COBIT 4.1 understanding the roles and responsibilities for each process is the key to effective governance [8]. How can we assign IS measurement and improvement roles and responsibilities efficiently, systematically, consistently and concretely? Are these assignments maintainable and traceable over a longer period? Firstly we present the results of our literature research [II]. Based on these requirements we developed our hypothesis [III]. In Sect. 4 we explain our approach: firstly we establish the roles and describe their tasks [IV A]. In the second step we assign the IS measurement and improvement roles and responsi- bilities to the top and executive management [IV B]. After that we define and document all relevant IT services and their supporting items of all technical layers with their dependencies and relationships. To all these items we assign IS mea- surement and improvement roles and responsibilities [IV C]. Checks and quality assurance measures for the model [IV D] and the maintenance [IV E] are described next. This innovative approach is implemented successfully for several years by different medium sized organizations of distinct sectors (service, engineering and public). The obtained experiences are reflected in [V] with the project results [V A] and success factors [V B]. At the end we give an outlook and conclude [VI]. 2 Research Framework The field of defining security metrics systematically is young [12]. The problem behind the immaturity of security metrics is that the current practice of information security is still a highly diverse field. Holistic and widely accepted approaches are still missing [12]. A lot of papers are published about technical security metrics and scarcely holistic approaches. We find overall requirements for a holistic, systemic, mana- gerial measurement approach [3, 8, 10, 11]. Measurement Roles and Responsibilities 13
- 34. Measurement data must be extracted and reported to perform measurement and monitoring of the performance and effectiveness of the ISMS, to reflect the actual risk and compliance situation and to provide input for a continual improvement and for IS related management decisions [3–5, 7, 8, 10–12]. IS metrics support the detection of errors and security events and the identification of attempted security breaches, incidents and previously undetected or unknown IS issues [7, 11]. Based on this analysis appropriate corrective and/or preventive actions are elaborated, implemented and evaluated [1, 7, 10, 11]. The ISMS must be continually adapted to changing internal and external conditions to deliver sustainable business value to all stakeholders [1, 3–5, 7, 8]. Further the organization should maintain and improve the ISMS itself. Since some years IS frameworks, standards, best practices, laws and regula- tions require that all stakeholders are responsible and collaborate for IS [1, 3, 4, 7, 8, 10, 11]. The management has to identify clear roles and assign responsi- bilities for the protection of assets and for all security processes and controls [1, 7, 8, 10, 11]. According to COBIT understanding the roles and responsibilities for each process is the key to effective governance [8]. Roles and responsibilities are required by ISO/IEC 27004 as one of the minimums of the measurement construct specification [11]. 2.1 Roles and Responsibilities The literature defines a lot of different functional roles and responsibilities for IS. ISO/IEC 27004 distinguishes following roles [11]: • client for measurement: the management or other interested parties, • reviewer: validates that the developed measurement constructs are appropriate for assessing the effectiveness, • information owner: responsible for the measurement, • information collector: responsible for collecting, recording and storing the data and • information communicator: responsible for first data analysis and the commu- nication of measurement results. The relevant stakeholders may be internal or external to the organizational units, such as information system managers or IS decision makers. Reports of measurement results can be distributed also to external parties, such as customers, shareholders, regulatory authorities or suppliers [11]. The measurement program implementation plan of the NIST performance measurement guide includes [10]: • responsibilities for data collection, analysis, and reporting, 14 M. Stoll and R. Breu
- 35. • details of coordination within the office of the chief information officer, relating to areas such as risk assessment, certification and accreditation, and federal information security management act (FISMA) reporting activities, • details of coordination between the senior agency information security officers (SAISO) and other functions within the agency (e.g., physical security, per- sonnel security, and privacy) to ensure that measures data collection is streamlined and non-intrusive. Key IS stakeholders are the agency head, chief information officer (CIO), senior agency information security officer (SAISO), program manager or information system owner, and the information system security officer (ISSO) [10]. COBIT categorize following roles [8]: • chief executive officer (CEO), • chief financial officer (CFO), • business executives, • chief information officer (CIO), • business process owner, • head operations, • chief architect, • head development, • head IT administration, • project management officer (PMO), • compliance, audit, risk and security groups and • eventual head of human resources, budgeting and/or internal control. COBIT provides a RACI (responsible, accountable, consulted and informed) chart for each process. Accountable means ‘‘the buck stops here’’. This is the person who provides direction and authorizes an activity. Responsibility is attributed to the person who gets the task done. The other two roles (consulted and informed) ensure that everyone who needs to be is involved and supports the process [8]. Different authors list the steering committee, board of directors/trustees, senior executives, business unit managers, collaborators from human resources, legal, compliance, audit, and risk management, chief information security officer or also a lot of more roles [1, 15, 16]. 2.2 Further Requirements An appropriate assignment of measurement roles and responsibilities should ensure that the results are not influenced by information owners. Brotby writes that approximately 35 % of IS managers still report directly or indirectly to the chief information officer who is also responsible for the IT department. Based on his experience this creates conflicts of interest and the quest for greater IT Measurement Roles and Responsibilities 15
- 36. performance at less cost is often made at expense of security [14]. Segregation of duties or independent checks can solve that problem [1, 3, 7, 8, 10, 11, 14]. The results of measurements need to be communicated to its intended audience in a way that is meaningful and useful. How they are represented and presented can make a huge difference to whether or not well-informed decision making can be achieved [13]. The relevant stakeholders should be identified. They should be involved in each step of IS measures development [11] to ensure organizational buy-in and promote a sense of ownership for IS measuring [10]. Each stakeholder requires specific, customized measures accordingly to his IS objectives and the IS requirements for his area of responsibility [10]. 3 Hypothesis Based on this research and requirements framework we developed an innovative, efficient and easy maintainable model to assign IS measurement and improvement roles and responsibilities to all organizational levels and stakeholders well struc- tured, systematically, consistently, accurately, traceably and maintainable to pro- mote IS effectiveness and continual improvement. Firstly we establish the roles for IS measurement and improvement and describe their tasks [IV A]. As a second step we assign responsibilities for the established roles to the top and the executive management [IV B]. We start top down from top management (Fig. 1 in the top), functional unit responsibilities (Fig. 1 in the 2 level), business process and/or project responsibilities (Fig. 1 3 level) and eventually further service management role responsibilities, such as the change management role or IS management role (Fig. 1 vertically, right-most). Thereby we regard all relevant legal, statutory and contractual requirements and the IS policy and business requirements. After that we elaborate and document all relevant business processes with their supporting IT services and their dependencies and relationships [IV C]. For all these IT services we describe based on an architecture oriented approach their supporting items with their dependencies and relationships going always deeper through all technical layers (Fig. 1 lower part). Based on definitions of the IT information library (ITIL) we understand by a configuration item any component that needs to be managed in order to deliver an IT service. Configuration items typically include IT services, hardware, software, buildings, people, and formal documentation, such as process documentation and service level agreements (SLAs) [9]. At the end we assign to each configuration item the specified IS roles and responsibilities (Fig. 1 vertically, on the right). The relationships and depen- dencies between the items, IT services, business processes and the top manage- ment define the information and escalation flow. 16 M. Stoll and R. Breu
- 37. 4 Approach 4.1 Roles and Responsibilities Based on practical experiences of more organizations we enlarge the roles of a RACI (responsible, accountable, consulted and informed) chart to the following (see Table 1): • The accountable is responsible for and decides the measurement requirements, provides direction and authorizes and reviews the effectiveness and perfor- mance. Thereby business and IS policy and strategies, legal, statutory, regula- tory and contractual requirements, and the conducted risk assessment must be regarded. Additionally decision and authorization for continual improvements are part of his responsibilities. Measurement results are communicated to the accountable on request or by escalation, if measurement results exceed certain defined thresholds and/or time scales. • The responsible contributes to the establishment of measurements and is responsible for their implementation. He controls the data collection, recording and analysis, communicates the results and proposes and implements possible improvements. • The responsible for execution and operating is responsible for the measurement operation (collection and recording) and the improvements as part of his daily work. • The supportive contribute and sustain him. • The informed and consulted role contributes information and consultations to the responsible and eventually to the accountable and receives for this reason the measurement results. The IS manager provides methods including possible metrics, evaluates and controls the effectiveness, performance and improvement of the whole system, conducts internal audits, proposes possible improvements, secures synergies and CRM ERP … IS -Policy IS objectives, strategies Top management Functional unit manager Process owner/manager Project manager Business Processes/ Projects IT-Services Infrastructure Technical layer ….. ….. CI respon- sibilities Service management responsibilities: Change Mg., ISM, … C1 C2 C3 C4 Application, information layer C6 C7 C8 C9 § Fig. 1 Role responsibility assignment model Measurement Roles and Responsibilities 17
- 38. promotes IS awareness and knowledge exchange. His role is more based on coaching, mentoring, coordinating, training and offering method support and expertise than one practical operation. 4.2 Management Responsibilities We document in collaboration with the top management her IS roles and responsibilities regarding the organization chart, the approved organizational structure and IS policy, as well as all relevant legal and statutory regulations. The functional unit responsibilities and eventually IT service management role responsibilities are taken from the approved organization chart and defined organizational structure. After we analyze and optimize all business processes for IS objectives and requirements [17]: all management processes, core business processes including support processes, resources processes and optimization processes. In that way we define the responsible and eventually supportive or consulted and informed IS roles for all process steps over the whole value network and the accountable for each business process, the process manager. Further for each process step neces- sary documents and data with data protection class and required archiving methods for all archive types are identified. The project responsibilities are copied from the established project documen- tation or the project management database. 4.3 Item Responsibilities The greater challenge and effort is to analyze, structure and define the configu- ration model with all relevant items. We start top down from the business Table 1 Overview of assigned roles and their tasks Role Tasks Accountable responsible for measurement requirements, provides direction, authorizes and reviews measurements, decides and authorizes improvements receives measurement results on request or by escalation Responsible responsible for implementation proposes and implements possible improvements Responsible for execution and operating responsible for measurement improves and adjusts as part of the daily work Supportive for execution and operating contributes to measurement Informed and consulted receives measurement results to consult and support responsible and eventually accountable 18 M. Stoll and R. Breu
- 39. processes and bottom up from the physical infrastructure concurrently involving all collaborators concerned. Asset inventory, contract analysis, job descriptions, the documentation of the organizational structure and the organization chart pro- vide helpful information. The necessary information is elaborated regarding the IS policy and all relevant IS requirements using different diagram techniques, brainstorming, and document analysis in workshops and by interviews. In that way the IT service ‘‘Project management’’, for example, is defined as 100 % depending directly on two different servers and the local area network. Further we need for 50 % the internet, because the functionality of this application is limited, if the web services are not available. The local area network for example depends further on switches, cabling and others. Thereby we construct a config- uration tree with upper or father items (e.g. ‘‘project management’’) and items, which support a service for the identified item, child or lower items (e.g. local area network). For each IT service the IS requirements concerning availability, confi- dentiality and integrity are defined. These requirements are inherit down through the whole tree regarding the dependency levels (e.g.50 % for the internet). Further all metrics for availability (e.g. uptime, unplanned downtime, mean time between failures and others) are inherit bottom up: if the network is down and project management depends on it (father), project management is down too. The priority and reaction time for corrective and preventive actions are calculated thereby on the inherited IS requirements. The data protection requirements assigned to applications and archives by the business process analysis [IV B] are inherited to all child items, such as servers, networks, archives and rooms. The highest data protection requirement of all upper items must be regarded. In that way the responsible of each item receives clear and overall strategic and business aligned IS objectives and can define appropriate metrics, reports and overall corrective or preventive actions. A security breach, such as a too weak password for the access to sensitive data, for example, is scored higher and escalates earlier than the same breach regarding the access to personal data. Further details to the applied metrics, communication channels and correc- tive or preventive actions will be presented in other publications. To each item we appoint exactly one collaborator as accountable. The accountable of each configuration item assigns the responsible role and the responsible for execution and operating role to exactly one collaborator each. Further he allocates all execution and operating roles and the informed and con- sulted roles to collaborators. In that way the assignment of responsibilities is as low as possible and the roles and responsibilities are distributed among all collaborators. If measurement results exceeds defined thresholds or on request the results are communicated to the responsible of the father configuration item and on further escalation or on request also to the accountable of the father configuration item. All responsible and accountable of upper configuration items can receive on request or by escalation measurement results. In that way all measurement results are accessible also on request or by escalation to the top management. Measurement Roles and Responsibilities 19
- 40. Thus we assign all planning, operational and communication tasks for IS measurement to responsible, as well as corrective, preventive and improvement responsibilities to ensure sustainable IS. On the top of the configuration model the IT services are linked to the business processes. Thereby the configuration model is connected with the management responsibilities [IV B]. 4.4 Checks and Quality Assurance We furthermore integrate consistency and accurateness checks [9]: • Is there assigned to all configuration items exactly one accountable, responsible and responsible for executing and operating? Are responsible or accountable roles assigned only to internal collaborators? • Are all relevant external suppliers registered as supportive for execution and operating? • Has somebody assigned too many duties? Has some assigned too less duties? Is somebody involved in too many tasks? • Are duties assigned to all collaborators? • Are all configuration items, detected by network and system analysis, part of the configuration model? • Is the configuration model consistent with the actual organizational structure and organization chart? 4.5 Maintenance If an assigned accountable person changes, the structural organization is modified. Thereby the accountable is updated in the database. The assigned accountable is responsible and has the access rights to change the distribution of all other role responsibilities to his collaborators. It is of his interest to assign clearly all new responsibilities to prevent eventual discussions, problems, duplication of work or uncompleted services. 5 Project Results The presented concept for establishing and implementing IS measurement and improvement roles and responsibilities has been implemented since 2006 suc- cessfully by different medium sized organizations of distinct sectors (service, engineering and public). Implementing IS awareness, process and system thinking 20 M. Stoll and R. Breu
- 41. and defining the configuration model in a well structured, systematic and consis- tent way were great challenges. 5.1 Achieving Project Objectives The described concept leads to the following case study results collected by measuring the project process and interviewing the concerned management and collaborators: • Efficiency: Establishing the whole configuration model and assigning manage- ment and configuration item roles and responsibilities required in medium sized organizations a work effort of approximately 1–2 weeks. This effort clearly varies based on the size and complexity of the organization. It depends overall on the IT services, the information risks that the organization faces, applicable legal, regulatory and contractual requirements and other success factors [V B]. To implement such a model for a telecommunication service provider needs for example essentially greater effort than for the IT department of an enterprise. The strategic alignment of all items with corporate objectives and business needs, the awareness of business drivers, process and system thinking and the understanding for the work and requirements of other functional and technical organizations’ units was increased. Thus potential side effects and unplanned impacts of changes were reduced. The awareness for the supporting technology and supported business processes was enhanced and consequently the effec- tiveness of entire enterprise promoted. • Well structured, systematic, consistent and accurate roles: Based on the developed configuration model the role responsibilities are defined over all layers and for all levels of the whole value network well structured and systematically. Due to the consistence checks [IV D] the assigned role responsibilities are consistent. For the collaborators a clear assignment of their responsibilities and tasks is essential in all organizations. Therefore they control the assigned roles continually and accurately. The developed model is an optimal basis for balanced, consistent and objective oriented IS improvement. • Traceability: The role responsibilities were clearly assigned and all changes were documented, approved and communicated in a traceable way. All histor- ical changes of responsibilities have been documented by versioning. • Maintainable: Due to the great importance for management and collaborators to assign roles and responsibilities clearly, the documentation was maintained until today actually and accurately in all organizations. Opposite to these advantages are the work effort for the establishment of the configuration model and the assignment of role responsibilities. Measurement Roles and Responsibilities 21
- 42. 5.2 Success Factors The IS measurement and improvement roles and responsibilities must be designed for the appropriate level of details, accordingly to business objectives, regulatory, statutory, legal, contractual and stakeholder security requirements. Clearly this model must be best adapted and scoped to the organization and continual maintained. Such a model cannot be purchased and introduced as standard. A good knowledge and appreciation of business impacts and priorities and overall the involvement of all collaborators and managers concerned are imperative. As for the whole ISMS the commitment and support from management as well as from all levels of staff, and overall the daily application and usage of such tools and methods by relevant stakeholders are essential and key success factors. Corporate culture, organization and technology must be consistent and inte- grated optimally according to the business objectives and to collaborators needs and requirements in order to sustain business success. If such a tool is only used to blame and abuse collaborators than the collaborators will try to prevent with all means the introduction and maintenance of the model. A confident based, coop- erative, team and objective oriented culture promotes such a collaborative IS. Adequate tools, technical staff skills, sufficient IT infrastructure and IT support are also important for a successful implementation. Based on the complexity of a configuration model an adequate objective oriented database with high IS level (confidentiality, availability, integrity and traceability) sustains IS effectiveness, performance and improvement. An optimal connectivity with other systems sup- ports change management and system inventory. It should be very simple and intuitive to handle. All collaborators should be able to find their assigned role responsibilities and to update information effectively in accordance to assigned access rights. 6 Conclusion and Outlook We presented a practice approved, efficient, traceable and easy maintainable model to assign clear IS measurement and improvement roles and responsibilities to all organizational levels well structured and systematically. IS governance, business management and on the other hand software security and network security engineering have been handled for a longer period as sep- arate areas [12]. The innovation of this model is overall the integration of these approaches, the fully strategic alignment and the systemic, systematic and con- sistent approach for IS measurement, reporting and improvement. It shows up also eventually diverse or disparate technologies and applications and contributes thereby to more IT performance, resource and cost efficiency. The assigned responsibilities to IS roles can be checked continually to balance workload and improve adequate skills. 22 M. Stoll and R. Breu
- 43. As a by-product IS awareness, IT alignment with business goals, service ori- entation, process and system thinking, as well as the comprehension for the requirements of other organization units were increased. It is the basis of our holistic, systemic and collaborative IS framework. Due to excellent project experiences in several organizations there should be enhanced a holistic, systemic, collaborative and management oriented IS approach by regarding all success factors [V B]. Accordingly the informatics curricula should regard also more IT management aspects based on a holistic, systemic approach. References 1. ISO, ISO/IEC 27002 (2005) Information technology, security techniques, code of practice for information security management, ISO, Geneva 2. PricewaterhouseCoopers LLP, information security breaches survey (2010) technical report, www.pwc.co.uk/pdf/isbs_survey_2010_techni-cal_report.pdf. Accessed 28 july 2010 3. von Solms SH, von Solms R (2009) Information security governance, Springer, New York 4. Da Veiga A, Eloff JHP (2007) An information security governance framework. Inf Manag Syst 24:361–372 5. Sowa S, Tsinas L, Gabriel R (2009) Business oriented management of information security. In: Johnson ME (ed.) Managing information risk and the economics of security, Springer, New York, pp 81–97 6. ISO, ISO Survey (2008) www.iso.org/iso/survey2008.pdf. Accessed 28 july 2010 7. ISO, ISO/IEC 27001 (2005) Information technology, security techniques, information security management systems requirements, ISO, Geneva 8. IT governance institute, control objectives for information and related technology (Cobit) 4.1 (2007) IT governance institute, Rolling Meadows 9. Office of government commerce (OGC) (2007) ITIL Service Design, The Stationery Office (TSO), Norwich 10. National institute of standards and technology (2008) Performance measurement guide for information security, NIST special publication 800-55 Revision 1, Gaithersburg 11. ISO, ISO/IEC 27004 (2009) Information technology, security techniques, information security management measurement, ISO, Geneva 12. Savola R (2007) Towards a security metrics taxonomy for the information and communication technology industry. In Proceedings of the IEEE 2nd international conference on software engineering advances, p 60 13. Humphreys E (2007) Implementing the ISO/IEC 27001 information security management standard, Artech House, Boston 14. Brotby K (2009) Information security governance, a practical development and implementation approach, John Wiley and Sons, Hoboken 15. Ray B (2007) Information lifecycle security risk assessment. Comput Secur 26:26–30 16. Wood C (2003) Information security roles and responsibilities made easy, Information Shield, Houston 17. Stoll M, Laner D (2010) Information security and system development. In: Sobh T et al (eds) Novel algorithms and techniques in telecommunications and networking. Proceedings of the IEEE TeNe 08, Springer, Berlin, pp 35–40 Measurement Roles and Responsibilities 23
- 44. Service and Information Security Improvement by Collaborative Business Process Management Margareth Stoll Abstract Due to globalization and ever shorter change cycles the largest potential especially of service organizations is the continual organizational development based on individual and collaborative leaning and an adequate information secu- rity. Many different organizations are implementing process oriented standard based management systems, such as quality management or others. Thereby business processes must be established, optimized regarding defined objectives, documented, communicated, implemented and continuously improved. Although this documentation is distributed mostly IT supported, the collaborators use it hardly as reference for solving ad hoc learning needs. Change proposals, new ideas or questions are scarcely related to established processes. In that way the process models are almost not totally corresponding with lived processes. Starting from this situation we established process models regarding information security, pre- pared them according to didactical principles and published them on a collabo- rative, constructivist organizational learning system. In the case study this innovative interdisciplinary collaborative process improvement concept supported by a confidence-based open corporate culture promotes operations integrated, need-oriented learning, practice-oriented process models, shorter initial training periods for new collaborators, employee involvement and collaborative process and information security improvement for continual service and organization development and sustainable organization success. M. Stoll () University of Innsbruck, Technikerstr. 21a, 6020 Innsbruck, Tyrol, Austria e-mail: Margareth.stoll@uibk.ac.at T. Sobh and K. Elleithy (eds.), Emerging Trends in Computing, Informatics, Systems Sciences, and Engineering, Lecture Notes in Electrical Engineering 151, DOI: 10.1007/978-1-4614-3558-7_3, Springer Science+Business Media New York 2013 25
- 45. 1 Introduction 1.1 Starting Situation Due to the impact of technology, globalization and ever shorter change cycles of market requirements and enterprise environmental conditions companies must improve increasingly faster their services, products, technologies and organization. Organizational development and continual improvement are differentiators and key performance drivers for long-term sustainability and growth. Each company must become a learning organization. However, existing systems supporting the daily work of knowledge worker in service organizations have not kept pace with the evolving complexity and diversity of challenges facing knowledge workers [1–4]. Integrating job relevant data, information, knowledge and learning into business operations are most important economic issues [1, 3–9]. Service organizations and their information and technology are faced with security threats from a wide range of sources, including computer-assisted fraud, espionage, sabotage, vandalism, fire or flood. 92 % of large enterprises had a security incident in the last year with an average cost of 280.000–690.000 £ for the worst incident [10]. Information security for long time was seen fundamentally as an only technical job and integral part of the information technology (IT) department [11, 12]. Organizations implemented a lot of technical security con- trols, but security problems persisted and increased. Security problems are com- plex and require a collaborative, socio-organizational and human related information security management approach [12, 13]. More than 1.2 million organizations of different sizes and scopes are imple- menting worldwide management systems in accordance to international standards (e.g. ISO 9001 quality, ISO 14001 environment, ISO/IEC 27001 information security management and others) [14]. Most of these management systems are process oriented. They are based on the fulfillment of common principles and must be documented, communicated, implemented and continual improved. 1.2 Purpose and Structure of the Article In this respect one of the largest potentials for modern enterprises is the continual improvement by information security integrated process management and col- laborative organizational learning based on individual learning. The documentation of standard based management systems (system documen- tation) including the process models contains the whole explicit organizational knowledge. It was distributed for long time as books, whereby the collaborators received once the information and used them afterwards scarcely ever for solving ad hoc job problems. In the last ten years it was distributed more electronically through web-based intranets, document management platforms or as pdf. The most 26 M. Stoll
- 46. major impacts were the reduction in printed catalogs, offering too much information and it becomes harder to reflect and improve [1, 2, 4]. Changes, improvements and organizational learning are still isolated from the process models. Process modeling is used primarily as a tool for the first process improvement and due to standard requirements they are changed usually only once a year. Collaborators are not able to discuss new ideas or questions in a context-sensitive way. Thus the models frequently do not correspond to lived processes and do not push constantly the knowledge and learning spiral for sustainable organization development. Changes or new processes are quite frequently developed as hidden systems. How we can use the process models of standard based management systems as knowledge base to promote operation integrated, individual and collaborative organizational learning for continual information security integrated process and service improvement and sustainable organizations’ success? In what a way the process models must be established, prepared, stored and communicated in order to promote operations integrated, need-oriented access and individual learning? What are the main requirements for a process oriented collaborative learning system? Firstly we present the project objectives (Sect. 2) and analyze the requirements for our approach (Sect. 3). Thereby we explain the main requirements of interna- tional standards for management systems (Sect. 3.1) and establish the requirements for a collaborative organizational learning system (Sect. 3.2). After that we report about our approach (Sect. 4) for the development of the information security integrated process models (Sect. 4.1), the didactical preparation (Sect. 4.2), and the introduction and use of the collaborative organizational learning system for process and service improvement (Sect. 4.3). Finally we document the project experiences and results of the implementation in different service organizations with distinct management systems (Sect. 5) including the achievement of the project objectives (Sect. 5.1) and the success factors (Sect. 5.2). At the end we reflect about cost and benefits (Sect. 5.3) and present an outlook (Sect. 6) and our conclusion (Sect. 7). 2 Project Objectives By preparing the information security integrated process models in accordance with standard based management systems (Sect. 3.1) and didactical principles, and implementing it on a collaborative organizational learning system (Sect. 3.2) we expect to foster: • workplace and operations integrated, need-oriented process model access and learning, • process and information security improvement for service and organization development, • employee involvement and collaborative process improvement, Service and Information Security Improvement 27
- 47. • practice-oriented process models, • shorter initial training periods for new collaborators. Thus information security integrated process models promote knowledge repre- sentation, knowledge communication, for the implementation of the process models and collaborative learningand knowledgegenerationfor process, information security and service improvement in accordance to established corporate objectives. In that way collaborative organization development for sustainable success is sustained. 3 Requirements 3.1 Main requirements of Standards for Management Systems The ISO 9001 quality management standard [15] and other international standards for management systems require common principles (Fig. 1): • The vision, policy, objectives and strategies must be established and commu- nicated regarding stakeholders requirements (top of Fig. 1). • All business processes for service or product realization including management processes, support processes, resource processes and optimization processes must be defined to meet the organizations’ objectives under the focus of the respective standard (horizontal graphic in the middle of Fig. 1). • Objective and process oriented resource management must be promoted including human resource development and the management of necessary technology, infrastructures, tools and instruments (bottom of Fig. 1). • The whole organization, their objectives and strategies, services/products and processes must be continually measured, analyzed and improved according to established processes in sense of a PDCA cycle (plan, do, check, act) (circle around of Fig. 1). The established management system must be documented, communicated systematically, and implemented and improved continually by all collaborators. Additionally to these basis principles ISO/IEC 27001 and other risk oriented standards require a risk assessment for establishing a risk treatment plan to reduce risks on acceptable levels of risk. For the identified remaining risks a suitable business continuity plan must be developed, implemented, maintained, tested and updated regularly. 28 M. Stoll
- 48. 3.2 Requirements for a Process Oriented Organizational Learning System Based on literature research, the requirements of standards for management sys- tems and collaborators and management interviews a process oriented organiza- tional learning system demands additional to general requirements of learning systems, following particular characteristics: • It must be simple and intuitive to handle. It must provide the possibility to use different views of (or leading to) the same object, different start facilities, comfortable search functions, filtering of content using object types, simple uploads of content and links to external literature. It must promote individual learning by personal bookmarks, annotations, summaries and notes, as well as glossary, FAQs, etc. [1, 6, 8, 16, 17]. • It must offer secure context-sensitive communication (discussion forum, chat) to all elements, especially to all process model elements, as well as newsgroups, wiki, newsletters and whiteboards. It must support content distribution, collec- tive process improvement and collective learning [1, 6, 17]. • Uploading and the administration of new content must be simple with as large didactical and media pedagogic support as possible [7]. There must be the possibility to insert, annotate and discuss context sensitive the content of most different documents and media formats (as text, graphic, table, picture, sound records, video). Also creativity tools should be integrated [7]. • Due to requirements of the standards for management systems we need the administration of access rights, the support of the change process, versioning with change history and the efficiently and traceable distribution/communication of new or changed content. Depending on organization culture also testing and examination tools for traceable learning must be integrated [18]. • The handling of collaborators ideas, their discussion contributions and problem reporting must be implemented for the collaborative process improvement and in accordance with the established systematic and structured process following the standard requirements. Due to standard requirements their effectiveness must be evaluated. resource management service/product realization interested parties vision policy objective, priority, strategy resource management service/product realization interested parties vision policy objective, priority, strategy Fig. 1 Main requirements of standards for management systems Service and Information Security Improvement 29
- 49. • Open interfaces must be available for fostering optimal connectivity with other systems in order to support process integration and simplify the administration [18]. Within the controlling and improvement process all measurement data should be communicated, evaluated by responsible departments and conse- quently changes or optimizations should be implemented using the process oriented organizational learning system. • The web-based accessibility of the process oriented organizational learning system supports mobile working hour’s independent learning, teleworking and sustains the integration of absent collaborators [1]. 4 Approach 4.1 Development of the Process Model Firstly the process models and other parts of the system documentation must be elaborated. Considering the needs and expectations of all stakeholders, as well as legal and regulatory requirements we establish the organization policy with con- sistent objectives, priorities and strategies [19]. Thereby also the relevant infor- mation security requirements are integrated. All processes of the organization are analyzed bottom up by interviewing the collaborators involved. The responsible function, the applied documents, checklists, forms, used knowledge and infor- mation, the IT applications and other tools are studied for all activities. Afterwards the services with applied processes and related documents are optimized regarding the established objectives including information security, as well as stakeholder orientation, service quality, efficiency and effectiveness. The information flow including collection and passing necessary data and information by checklist, regulations, forms and workflow based databases is improved, too [1, 19]. Based on the collaborative approach implicit knowledge is externalized, knowledge identified and possible optimizations (knowledge generation) are discussed. In accordance with the organizational purposes and objectives are considered dif- ferent aspects, like quality, information, communication and knowledge man- agement, data protection and information security, ambient, environment, hygiene, occupational health and safety, as well as human resource development, resource management, IT-management, controlling and others and integrated by a holistic systemic process management approach [19]. For the process modeling we use a part from Gantt chart for time critical descriptions simple structured flow-charts, which are limited to one page. There- fore the processes are deeply structured. All processes receive also a short textual summary. Furthermore the necessary resources, tools, instruments and required trainings for achieving the objectives and for improving the service and organization (e.g. 30 M. Stoll
- 50. human resource development, IT-management, maintenance or facility manage- ment, if relevant) are analyzed, optimized and documented. Afterwards the monitoring, measurement, analysis and optimization processes are planned and implemented to continually improve the effectiveness of the services and the organization. Based on the requirements of the standards all improvements or changes must be approved by the involved collaborators, doc- umented, communicated, implemented and their effectiveness evaluated. Collab- orative knowledge generation, knowledge representation by process models, knowledge communication and learning processes are structured, systematically planned and documented [1, 3–5]. The entire process models and system documentation must correspond with lived processes [1] and based on the constructivist method it must be practice oriented. 4.2 Didactical Preparation After the development of the process models and the whole management system documentation we structure the content accordingly to ISO 9001 [15] and prepare it regarding didactical principles [8, 20]. To support collaborators need-oriented, process and operations integrated learning the access to the single modules must be as short as possible and optimal structured. All needs and expectations of the collaborators are analyzed and considered as early as possible [8, 16]. They demand particularly an efficient and effective search function and a clear struc- tured system. Therefore the whole content is divided into small modules, type- casted and functionally well structured. We offer an effective indexing and different start assistances (for new collaborators, department oriented, manage- ment oriented, topics referred, based on the standard and others). Apart of the self- driven learning approach, the system offers also guided learning for new collab- orators or for collaborators with little IT or learn competences. After appropriate editing the process models and other parts of the system documentation can be published on the collaborative organizational learning system (Sect. 3.2). The upload function should be user-friendly, simple and intuitive to handle with as large didactical support as possible. The constructivist approach requires the possibility of linking different documents, sections and media formats, as well as concepts, objects and all elements of graphics and especially process models. 4.3 Introduction and Use To promote the acceptance of the system the collaborators must be trained on handling the system. They must acquire also the necessary media competence [8]. Service and Information Security Improvement 31
- 51. Subsequently questions are answered by means of the discussion forum, the help desk and personal partners, e.g. the business process manager. Thus constructivist process oriented organizational learning system every col- laborator can introduce his/her suggestions, ideas or questions directly in a con- text-sensitive way by referencing to processes or process steps. These questions and ideas are visible to all authorized collaborators. They can discuss these con- tributions introducing their opinions. The answers to the questions are also visible to all authorized collaborators. Thereby ambiguous models or formulations are showed up and eliminated in a collaborative way. The business processes are improved based on the process models in collaboration of all authorized users with a holistic, integrated approach. The process models represent the organizational knowledge base and become the basis for a continuously collaborative process oriented organizational learning for service, information security and organization development. Process modeling, process standardization and transparency are optimally integrated with need and objective oriented flexible process imple- mentation, operations integrated process oriented organizational learning, collab- orative process and information security optimization, and service and organization development. The collaborators have sometimes problems to distin- guish between problem and optimization, or they do not know to which process they should relate their suggestion or question. Therefore we have integrated the process oriented organizational learning system with the existing workflow driven problem reporting system (help desk system) (Fig. 2). Due to standard requirements the achievement of the organizational and process objectives must be constantly measured. The measurement results are communi- cated, analyzed and eventually necessary corrective or prevention actions are integrated and discussed using the collaborative organizational process oriented learning system. Learning psychology media-didactic motivation- psychology Learning, Collaborative improvement Documentation Fig. 2 Steps of our approach 32 M. Stoll
- 52. 5 Project Experience and Results This innovative collaborative information security integrated process management concept for service and organization development has been implemented in several medium-sized service organizations with distinct management systems. Most of the organization’s collaborators own good media competences and use frequently e-tools. Interdisciplinarity was a great challenge and a great chance. Knowledge about process modeling, process measurement and process improvement, organization theory, standard based management systems, management methods and technical knowledge was required for preparing and structuring the content; information- technical knowledge was needed for extending the platform to meet the require- ments of a collaborative process oriented organizational learning system (Sect. 3.2); didactical and media-pedagogical knowledge was required for editing the contents. The used collaborative organizational learning system should be still extended to fulfill all requirements (Sect. 3.2). 5.1 Achieving Project Objectives Elaborating the organization best adopted secure process models, structuring it in accordance to ISO 9001 [15], preparing it regarding didactical principles based on constructivist theory and publishing it on an process oriented collaborative orga- nizational learning system (Sect. 3.2) within a confident based open corporate culture leads to the following case study results. They were collected by measuring the system accesses and user contributions, as well as by interviewing the lead- ership and collaborators: • Workplace and operations integrated, need-oriented process model access and learning: the accesses to the process models and system documentation are increased monthly at averaged two accesses per collaborator. • Process and information security improvement for service and organization development: we receive five times more suggestions and ideas, which improve the processes, services, information security and the organization. • Employee involvement and collaborative process improvement: the communi- cated ideas, problems and suggestions are discussed and read on the average by a quarter of the collaborators. On the average there are three annotations to each discussion contribution. Thus the advantages and disadvantages of ideas are discussed, examined and improved collaboratively by all departments before their possible implementation. Therefore they are substantially more balanced and more considered for implementation. • Practice oriented process models: now unclear models, formulations or missing content are soon analyzed and immediately changed according to established processes and automatically communicated to all. Thus the process models and Service and Information Security Improvement 33
- 53. documentation are adapted optimally to changing requirements of services, the organization, their stakeholder or environmental factors. • Shorter initial training periods for new collaborators: new collaborators are quickly introduced into the handling of the learning system at their first working day. Thereby they focus on the system handling and on principle information. Afterwards they access and learn in a self-driven, need oriented and operations- integrated way when they have questions for fulfilling their job. The lead time could be abbreviated around a quarter. New collaborators can execute their job faster well. The productivity increase and possible errors are reduced. The manager of an organization with a process oriented organizational learning system is particularly enthusiastic for the sustainable promotion of an open, confident based corporate and learning culture with criticism and change readiness. The collaborators and particularly the management appreciate the structured, effective, need-oriented, location and working hour’s independent collaborative learning. Thus no unnecessary documentation is distributed and nevertheless all collaborators can access exactly at appropriate time from desired location to necessary information and knowledge. The improved internal transparency and the discussion board promote organizational interrelationship, mutual comprehension and synergies. The knowledge sharing by the discussion forum is specially appreciated by collaborators, which work frequently in field service, or with flexible working-time model or teleworking. Standard based management systems promote by their clear structure and systematic the building, control, approval, distribution, retrieval, use and contin- ually collaborative improvement of processes, services and the organization. Based on these experiences in different case studies the application of this collaborative process improvement concept is recommended for medium and large sized organizations and enterprises with an confidence-based, open and innovative corporate and learning culture, where all collaborators command sufficient IT competences, particularly in know-how or service enterprises or with distributed locations or many collaborators in field service or with flexible working-time models. 5.2 Success Factors Corporate culture, services, processes, procedures, didactical principles, informa- tion security and information technology must be integrated optimally according to organizational objectives and to collaborators needs and requirements. The system and all methods are thereby only tools, which support collaborative service and process improvement and the development of the organization so far as this is admitted by corporate culture. Therefore we need an open, confident based, col- laborative corporate culture with criticism and change readiness [1, 9]. 34 M. Stoll
- 54. The collaborators must be interested in new knowledge, able for self-driven learning, have personal employment, team ability and change willingness apart from necessary IT and media competences [1]. All managers must use constantly and actively the system and motivate their collaborators in following these prin- ciples. In this way they promote operations integrated learning and collaborative process and information security improvement. The processes and system documentation must be analyzed and optimized bottom up by involving concerned collaborators and regarding all relevant aspects in accordance to corporate objectives and stakeholders requirements. In that way concerned collaborators support the project, develop practice oriented models with daily used terms and integrate most of the explicit organizational knowledge. A great challenge is the right process depth: to promote efficient and effective learning there should be regulated as much as needed and as less as possible. This concept extends the job of the process manager. They need additionally didactical and media-pedagogical knowledge for preparing the content and nec- essary skills for supporting collaborative learning and knowledge management. Trainings and education in process management should consider more this inter- disciplinary approach and teach basic knowledge in all areas. Sufficient IT-infrastructure and IT-support are also very important for the project success. Only by using an process oriented collaborative organizational learning system, which meets as far as possible the stated requirements (Sect. 3.2) and by promoting workplace, need-oriented, operations integrated learning a continuously collaborative optimization of processes, services and the organization in accordance with established objectives including information security are secured. In that way a sustainable organization development is secured. E-learning systems or knowledge management platforms should be extended to collaborative process oriented learning systems in accordance to the stated requirements (Sect. 3.2) and integrated in workflow systems. 5.3 Cost and Benefits This innovative interdisciplinary collaborative process improvement concept requires additionally in comparison to the common practice of process manage- ment systems and the common applied introduction of a standard-based holistic management system, which is adapted to the organization, the restructuring of the content in accordance to didactical principles, the learning system and the implementation of the documentation on it. The restructuring required in the case studies a slightly higher effort (approximately 1–2 % of the total effort). Opposite to the costs are the large competition advantages through need-ori- ented operations integrated learning and collaborative process, information secu- rity and service improvement by means of collaborators ideas, suggestions and discussion contributions. These advantages can be measured on one hand by the reached objectives of the project (Sect. 5.1). The influence to the sustainable Service and Information Security Improvement 35
- 55. Another Random Document on Scribd Without Any Related Topics
- 56. zarandeo era cosa de material. Mingote entonces, para enseñar a la niña cómo debía hacer aquel movimiento, se levantó y se puso a mover las caderas de un modo grotesco. La niña repitió la suerte sonriendo, pero sin calor. Entonces la coronela dijo al oído de la baronesa que sólo el hombre podía enseñar a la mujer la gracia de aquel movimiento. La baronesa sonrió discretamente. En aquel momento el criadito galoneado entró y dijo que estaba Fernández. Fernández debía de ser persona de importancia porque la coronela se levantó al momento y se dispuso a salir. —Anda, dale la ruleta—dijo el coronel a su esposa—-y que enciendan las luces en la sala. ¿Qué?—añadió el buen señor—, ¿quiere usted que hagamos una vaquita, baronesa? —Ya veremos; coronel. Primeramente intentaré la suerte sola. —Bueno. Bailó otro tango Lulú y al poco rato apareció la coronela. —Ya pueden ustedes pasar—dijo. Las viejas fregonas se levantaron de sus asientos, y cruzando el corredor entraron en una sala grande con tres balcones. Había dos mesas allí, una de ellas con una ruleta, la otra sin nada. Las tres viejas, la baronesa, el coronel y sus dos hijas se sentaron en la mesa de la ruleta, en donde estaban ya sentados el banquero y los dos pagadores. —Hagan juego—dijo el croupier con una impasibilidad de autómata. Giró la bola blanca en la ruleta, y antes de que se parara, el croupier dijo: —¡No va más!
- 57. Los dos pagadores dieron con su rastrillo en los paños, para impedir que se siguiera apuntando.—No va más—repitieron al mismo tiempo con voz monótona. Fué entrando gente poco a poco y se ocuparon las sillas colocadas alrededor de la mesa. Al lado de la baronesa se sentó un hombre de unos cuarenta años, alto, fornido, ancho de hombros, de pelo crespo negrísimo y dientes blancos. —Pero hijo, ¿tú aquí?—dijo la baronesa. —¿Y tú?—replicó él. Era aquel hombre primo en segundo o tercer grado de la baronesa y se llamaba Horacio. —¿No decías que te acostabas invariablemente a las nueve?— preguntó la baronesa. —Y es una casualidad que haya venido aquí. Es la primera vez que vengo. —Bah. —Créeme. ¿Hacemos una vaca, prima? —No me parece mal. Reunieron el dinero de ambos y siguieron jugando. Horacio apuntaba según las órdenes de la baronesa. Tenían suerte y ganaban. Poco a poco se iba llenando el salón de un público abigarrado y extraño. Había dos aristócratas conocidos, un torero, militares. De pie se apretaban algunas señoras con sus hijas. Manuel vió a la Irene, la nieta de doña Violante, al lado de un señor viejo con el pelo engomado, que jugaba fuerte. Tenía los dedos llenos de sortijas con piedras grandes.
- 58. Sentados en un diván hablaban cerca de Manuel un hombre viejo, de barba blanca, muy pálido y demacrado, con otro joven lampiño de aire aburrido. —¿Usted se retiró ya?—decía el joven. —Sí; me retiré porque no tenía dinero; si no hubiera seguido jugando hasta que me hubieran encontrado muerto sobre el tapete verde. Para mí esta es la única vida. Yo soy como la Valiente. Ella me conoce, y me suele decir algunas veces: —¿Hacemos una vaca, marqués?—No le daría a usted mala suerte—le contesto yo. —¿Quién es la Valiente! —Ahora la verá usted, cuando empiece el bacarrat. Se encendió la luz en la otra mesa. Se levantó un viejo de bigote de mosquetero, con una baraja en la mano, y se apoyó en el borde de la mesa. Al mismo tiempo se le acercaron diez o doce personas. —¡Quién talla?—preguntó el viejo. —Cincuenta duros—murmuró uno. —Sesenta. —Cien. —Ciento cincuenta duros. —Doscientos—gritó una voz de mujer. —Ahí está la Valiente—dijo el marqués. Manuel la contempló con curiosidad. Era una mujer de treinta a cuarenta años; vestía traje de hechura de sastre y sombrero Frégoli. Era muy morena, con una tez olivácea, los ojos negros, hermosos. Se cegaba en las apuestas y salia a los pasillos a fumar. Se notaba en ella una gran energía y una inteligencia clara. Decían que llevaba
- 59. siempre revólver. No le gustaban los hombres y se enamoraba de las mujeres con verdadera pasión. Su última conquista había sido la hija mayor del coronel, la rubia gruesa, a la cual dominaba. Tenía una suerte loca algunas veces, y para mitigar sus amorosas penas jugaba, y ganaba de un modo insolente. —Y ese hombre que no juega nunca y está siempre aquí, ¿quién es? —preguntó el joven, señalando un tipo de unos sesenta años, basto, de bigote pintado. —Este es un usurero que creo que es socio de la coronela. Cuando yo fuí gobernador de la Coruña estaba pendiente de un proceso por no sé qué chanchullo que había hecho en la Aduana. Le dejaron cesante y luego le dieron un destino en Filipinas. —¿En recompensa? —Hombre, todo el mundo tiene que vivir—replicó el marqués—. En Filipinas no sé qué hizo que le procesaron varias veces, y cuando quedó libre, lo emplearon en Cuba. —Querían que estudiara el régimen colonial español—advirtió el joven. —Sin duda. Allí también tuvo líos, hasta que vino aquí y se dedicó a negocios de usura, y dicen que ahora no se ahogará por menos de un millón de pesetas. —¡Demonio! —Es un hombre serio y modesto. Hasta hace unos años vivía con una tal Paca, que era dueña de una tintorería de la calle de Hortaleza, y los dos salían a pasear los domingos por las afueras como gente pobre. Se le murió aquella Paca, y ahora vive solo. Es huraño y humilde; muchas veces él mismo va a la compra y guisa. El que es interesante es su antiguo secretario; tiene unas condiciones de falsificador como nadie. Manuel escuchaba con atención.
- 60. —Ese sí que es un hombre—dijo el marqués, mirándole atentamente. El observado, un hombre de barba roja y puntiaguda, de aire burlón, se volvió y saludó amablemente al viejo. —Adiós, Maestro—le dijo éste. —¿Le llama usted Maestro?—preguntó el joven. —Así le llama todo el mundo. Lulú, la hija de la coronela, y otras dos amigas pasaron por delante del marqués y del joven. —Que moninas son—dijo el marqués. Tomaba aquello un aspecto mixto de mancebía lujosa y garito elegante. No reinaba el silencio angustioso de las casas de juego, ni la greguería alborotadora de un burdel: se jugaba y se amaba discretamente. Como decía la coronela, era una reunión muy modernista. En los divanes hablaban las muchachas con los hombres animadamente; se discutía, se estudiaban combinaciones para el juego... —A mí esto me encanta—dijo el marqués con su sonrisa pálida. La baronesa estaba mareada y sentía ganas de marcharse. —Me voy. ¿Me acompañas, Horacio?—preguntó a su primo. —Sí, te acompañaré. Se levantó la baronesa, después Horacio, y Manuel se reunió a ellos. —¡Qué gentuza!, ¿verdad?—dijo la baronesa, con la risa ingenua peculiar suya, al encontrarse en la calle.
- 61. —Es la amoralidad, como dicen ahora—replicó Horacio—. Los españoles no somos inmorales, lo que pasa es que no tenemos idea de moralidad. «Ya ve usted—decía el coronel en el momento que me he levantado para tomar un poco de aire—ya ve usted, a mí me han mermado el retiro: de ochenta duros me han dejado en setenta; y ¡claro!, hay que buscar otros ingresos; así las hijas de los militares tienen que ser bailarinas... y todo lo demás.» —¿Te decía eso? ¡Qué bárbaro! —¿Pero eso te choca? A mí no. Si eso es una consecuencia natural y necesaria de nuestra raza. Estamos degenerados. Somos una raza de última clase. —¿Por qué? —Porque sí; no hay más que observar. ¿Te has fijado en la cabeza que tiene el coronel? —No. ¿Qué, tiene algo en la cabeza?—preguntó burlonamente la baronesa. —Nada, que tiene la cabeza de un papúa. La moralidad sólo se da en razas superiores. Los ingleses dicen que Wellington es superior a Napoleón porque Wellington peleó por el deber y Napoleón por la gloria. La idea del deber no entra en cráneos como el del coronel. Háblale a un mandingo del deber. Nada. ¡Oh! La antropología enseña mucho. Yo me lo explico todo por leyes antropológicas. Pasaron por delante del café de Varela. —¿Quieres que entremos aquí?—dijo el primo. —Vamos. Se sentaron los tres en una mesa, pidió cada uno lo que quería y siguió el primo de la baronesa hablando. Era un tipo gracioso el de aquel hombre; hablaba en andaluz cerrado, aspirando las haches; tenía algún dinero para vivir y con
- 62. eso y un destinillo en un ministerio iba pasando. Vivía en un desorden muy reglamentado, leyendo a Spencer en inglés y cambiando de género de vida por temporadas. Hombre original, llevaba ya cuatro o cinco años encenagado en los pantanosos campos de la sociología y de la antropología. Estaba convencido de que intelectualmente era un anglosajón, a quien no le debían de preocupar las cosas de España ni de ningún otro país del Mediodía. —Pues sí—siguió diciendo Horacio llenando su copa de cerveza—. Yo me lo explico todo, los detalles más nimios, por leyes biológicas o sociales. Esta mañana al levantarme oía a mi patrona que hablaba con el panadero de la subida del pan.—¿Y por qué ha encarecido el pan?—le preguntaba ella.—No sé—replicaba él—; dicen que la cosecha es buena.—¿Pues entonces?—No sé. Me fuí a la oficina a la hora en punto, con exactitud inglesa; no había nadie; es la costumbre española, y me pregunté: ¿En qué consiste la subida del pan si la cosecha se presenta buena? Y dí con la explicación que creo te convencerá. Tú sabrás que en el cerebro hay lóbulos. —Yo qué he de saber eso, hijo mío—replicó la baronesa distraída, mojando un bizcocho en el chocolate. —Pues sí hay lóbulos, y según opinión de los fisiólogos, cada lóbulo tiene su función; uno sirve para una cosa, el otro para otra, ¿comprendes? —Sí. —Bueno; pues figúrate tú que en España hay cerca de trece millones de individuos que no saben leer y escribir. ¿No me atiendes? —Sí, hombre, sí. —Pues bien; ese lóbulo que en los hombres ilustrados se emplea en esfuerzos para entender y pensar en lo que se lee, aquí no lo utilizan trece millones de habitantes. Esa fuerza que debían de gastar en discurrir, la emplean en instintos fieros. Consecuencia de esto, el
- 63. crimen aumenta, aumenta el apetito sexual, y al aumentar éste, crece el consumo de alimentos y encarece el pan. La baronesa no pudo menos de reírse al oir la explicación de su primo. —No es una fantasía—replicó Horacio—es la pura verdad. —Si no lo dudo, pero me hace reir la noticia. Manuel también se ríe. —¿De dónde has sacado este chico? —Es el hijo de una mujer que conocimos. ¿Qué te dice tu ciencia de él? —A ver, quítate la gorra. Manuel se quitó la gorra. —Este es un celta—añadió Horacio—. ¡Buena raza! El ángulo facial abierto, la frente grande, poca mandíbula... —Y eso ¿qué quiere decir?—preguntó Manuel. —En último término, nada. ¿Tú tienes dinero? —¿Yo? Ni un botón. —Pues entonces lo que te puedo decir es esto: que como no tienes dinero, ni eres hombre de presa, ni podrás utilizar tu inteligencia, aunque la tengas, que creo que sí, probablemente morirás en algún hospital. —¡Qué bárbaro!—exclamó la baronesa—no le digas eso al chico. Manuel se echó a reir; la profecía le parecía muy divertida. —En cambio yo—siguió diciendo Horacio—no hay cuidado que muera en un hospital. Mira qué cabeza, qué quijada, qué instinto de adquisividad más brutal. Soy un berebere de raza, un euro-africano; eso sí, afortunadamente, estoy influído por las ideas de la filosofía
- 64. práctica de lord Bacon. Si no fuera por eso estaría bailando tangos en Cuba o en Puerto Rico. —¿De manera que gracias a ese lord eres un hombre civilizado? —Relativamente civilizado; no trato de compararme con un inglés. ¿Tengo yo la seguridad de ser un ario? ¿Soy acaso celta o sajón? No me hago ilusiones; soy de una raza inferior, ¡que le voy a hacer! Yo no he nacido en Manchester sino en el Camagüey y he sido criado en Málaga. ¡Figúrate! —Y eso, ¿qué tiene que ver? —La mar, chica. La civilización viene con la lluvia. En esos países húmedos y lluviosos es donde se dan los tipos más civilizados y más hermosos también, tipos como el de tu hija, con sus ojos tan azules, la tez tan blanca y el cabello tan rubio. —Y yo... ¿qué soy?—preguntó la baronesa—¿Un poco de eso que decías antes? —¿Un poco berebere? —Sí, me parece que sí; un poco berebere, ¿eh? —En el carácter quizá, pero en el tipo, no. Eres de raza aria pura, tus ascendientes vendrían de la India, de la meseta de Pamir o del valle de Cabul, pero no han pasado por Africa. Puedes estar tranquila. La baronesa miró a su primo con expresión un tanto enigmática. Poco después los dos primos y Manuel salieron del café.
- 65. CAPÍTULO VII El Berebere se siente profundamente anglosajón. Mingote mefistofélico.— Cogolludo.—Despedida. Desde aquel encuentro en la chirlata del coronel, de la baronesa y el sociólogo, éste comenzó a frecuentar la casa y a poner cátedra de antropología y de sociología en el comedor. Manuel no sabía cómo serían aquellas ciencias, pero traducidas al andaluz por el primo de la baronesa, eran muy pintorescas; Manuel y niña Chucha escuchaban al berebere con grandísima atención y algunas veces le hacían objeciones que él contestaba, si no con grandes argumentos científicos, con muchísima gracia. El primo Horacio empezó a quedarse a cenar en la casa y terminó quedándose después de cenar; niña Chucha protegía al berebere quizá por afinidades de raza y se reía, enseñando los dientes blancos, cuando venía don Sergio. La situación era comprometida porque la baronesa no se preocupaba de nada; después de servirse de Mingote le había despedido dos o tres veces sin darle un céntimo. El agente comenzaba a amenazar, y un día fué decidido a armar la gorda. Habló de la falsificación de los papeles de Manuel y de que aquello podía costar a la baronesa ir a presidio. Ella le contestó que la responsabilidad de la falsificación era
- 66. de Mingote, que ella tendría quien la protegiese, y que en el caso de que interviniese la justicia el primero que iría a la cárcel sería él. Mingote amenazó, chilló, gritó demasiado, y en el momento álgido de la disputa llegó el primo Horacio. —¿Qué pasa? Se oye el escándalo desde la calle—dijo. —Este hombre que me está insultando—clamó la baronesa. Horacio cogió a Mingote del cuello de la americana y lo plantó en la puerta. Mingote se deshizo en insultos, sacó a relucir la madre de Horacio; entonces éste, olvidando a lord Bacon, se sintió berebere, levantó el pie y dió con la punta de la bota en las nalgas de Mingote. El agente gritó más y de nuevo el berebere le acarició con el pie en la parte más redonda de su individuo. La baronesa comprendió que al agente le faltaría tiempo para vengarse; no creía que se atrevería a hablar de la falsificación de los papeles de Manuel porque se cogía los dedos con la puerta, pero probablemente advertiría a don Sergio de la presencia del primo Horacio en la casa. Antes de que pudiese hacerlo, escribió al comerciante una carta pidiéndole dinero, porque tenía que pagar unas cuentas. Envió la carta con Manuel. El viejo calcáreo, al leer la carta, se incomodó. —Mira, dile a tu... señora que espere, que yo también tengo que esperar muchas veces. Al saber la contestación, la baronesa se indignó: —¡Valiente grosero! ¡Valiente animal! La culpa la tengo yo de hacer caso de ese vejestorio infecto. Cuando venga yo le diré cuántas son cinco. Pero don Sergio no apareció, y la baronesa, que supuso lo pasado, se mudó a una casa más barata con el propósito de economizar; y
- 67. niña Chucha, Manuel y los tres perros pasaron a ocupa un tercer piso en la calle del Ave María. Allí continuó el idilio iniciado entre la baronesa y Horacio; a pesar de que éste, por su tranquilidad anglosajona, o por la idea pobre de la mujer, patrimonio de las razas del Sur, no le daba gran importancia al flirt. La baronesa, de vez en cuando, para atender a los gastos de la casa, vendía o mandaba empeñar algún mueble; pero con el desbarajuste que reinaba allí, el dinero no duraba un momento. Al mes de estancia en la calle del Ave María, apareció una mañana don Sergio indignado. La baronesa no quiso presentarse y mandó a decirle por la mulata que no estaba. El viejo se marchó y por la tarde escribió una carta a la baronesa. Mingote no había cantado. Don Sergio respiraba por la herida; no le parecía bien que Horacio pasase la vida en la casa de la baronesa; no encontraba mal que la visitase, sino la asiduidad con que lo hacía. La baronesa enseñó la carta a su primo, y éste, que sin duda no buscaba más que un pretexto para escurrir el bulto, se acordó de lord Bacon, se sintió de pronto anglosajón, ario y hombre moral y dejó de presentarse en casa de la baronesa. Ella, que padecía el último brote de romanticismo de la juventud de la vejez, se desesperó, escribió cartas al galán, pero él siguió sintiéndose anglosajón y ario y acordándose de lord Bacon. Mientras tanto don Sergio, al ver que su carta no producía efecto, volvió a la carga y se presentó en la casa. —Pero, ¿qué le pasa a usted, Paquita?—dijo al ver a la baronesa desmejorada. —Creo que tengo el trancazo, según siento de pesada la cabeza. Estoy con dolores en todo el cuerpo. Me tiene usted completamente abandonada. En fin, Dios sobre todo.
- 68. Don Sergio dejó pasar la hojarasca de palabras y lamentaciones con que la baronesa trataba de sincerarse, y dijo: —Este sistema de vida no puede seguir. Hay que tener método, hay que tener régimen; así no puede ser. —Eso mismo estaba pensando yo—replicó la baronesa—. Sí, lo comprendo, a mí no me corresponde esa vida. Volveré a tomar otra casita de doce duros. —¿Y los muebles? —Los venderé. ¿Cómo decir que los había ya vendido? —No, yo...—El calcáreo iba a hacer una observación de buen comerciante, pero no se atrevió.—Luego esas visitas tan frecuentes de su primo de usted no están bien—añadió. —¿Pero si me persigue—murmuró con voz quejumbrosa la baronesa —qué voy a hacerle yo? Ese hombre tiene por mí una pasión loca; comprendo que es raro, porque ya a mis años... —No diga usted esas cosas, Paquita. —Pero nada; se ha convertido en mi duende. Pero ahora ya verá usted como no va a volver. —¡No ha de volver! Volverá hasta que usted no se lo diga claramente... —Si se lo he dicho, y por eso ya no volverá. —Entonces, mejor que mejor. La baronesa miró indignada a don Sergio; después tomó una actitud compungida. Don Sergio planteó sus planes de regeneración y pensó que Paquita debía dejar a niña Chucha, a quien el viejo calcáreo detestaba
- 69. cordialmente; pero la baronesa afirmó que la quería como a una hija, tanto o más que a sus perros, que eran casi para ella como las niñas de sus ojos. De pronto la baronesa se incorporó en el sofá. —Tengo un plan—le dijo a don Sergio—. Dígame usted si le parece bien. En El Imparcial de ayer ví anunciada una finca o casa en Cogolludo, con huerta y jardín, por cincuenta duros al año. Supongo que será cosa muy mala; pero, al fin, será un terreno y una choza, y a mí me basta con una cabañita. Podría ir arreglando esa choza. ¿Qué le parece a usted, don Sergio? —Pero, ¿para qué te vas a marchar de aquí? —Es que no se lo he querido decir—añadió la baronesa—; pero ese hombre me persigue—. Y contó una porción de embustes. Se recreaba la buena señora haciéndose la ilusión de que el primo la perseguía tenazmente, y todas las cartas que ella había escrito a él supuso que era él quien se las había escrito a ella. —Y claro—siguió diciendo—, no es cosa de ir al fin del mundo huyendo de ese ridículo trovador. —Pero Cogolludo no debe tener tren; te vas a aburrir. —¡Quia! Allá me meto en mi choza como una santa y me entretengo en regar el jardín y cuidar las flores... pero soy tan desgraciada que con seguridad ya habrán alquilado la casa. —No, eso no. Pero yo no veo la necesidad de marcharse. El chico no podrá ir al colegio. —Ya no tiene necesidad. Estudiará por libre. —Bueno; alquilaremos esa casa. —Si no, ese canalla me va a perseguir. Yo quisiera que le llevasen a la cárcel y le ahorcaran. ¡Ay, don Sergio! ¡Cuando vendrá Carlos VII!
- 70. No estoy por la libertad ni por las garantías constitucionales para los pillos. —Vamos, vamos, mujer. Ya veremos si se arregla eso de la casa. Y alíviate pronto. —Gracias, don Sergio; usted siempre tan fuerte. Es usted una roca... Tarpeya. Y sin saber dónde guardar el dinero. ¡Acuérdese usted de mí! Ya sabe usted que soy muy arregladita y que no pienso ni desperdicio nada. Era lo mejor que tenía la baronesa, que se conocía a fondo. Decididos a ir a Cogolludo, comenzaron a embalar los muebles entre niña Chucha y Manuel, cuando la mulata salió diciendo que ella lo sentía mucho, pero que se quedaba en Madrid en una casa. —Pero hija, ¿qué vas a hacer? La mulata, apurada a preguntas, confesó que un señor americano, un pequeño rastaquouére que sentía la nostalgia del cocotero, le había ofrecido el puesto de ama de llaves en su casa. La baronesa no se atrevió a hablarla de moralidad, y el único consejo que le dió fué que si el americano no se contentaba únicamente con que ella fuera ama de llaves, que se afirmara bien; pero la mulata no era tonta, y había, según dijo, tomado todas sus precauciones para caer en blando. Manuel quedó solo en la casa para terminar las diligencias necesarias para el traslado. Una tarde, de vuelta de la estación del Mediodía, se encontró con Mingote, que al verle echó a correr tras él. —¿A dónde vas?—le dijo—; cualquiera hubiese dicho que huías de mí. —¡Yo! ¡Qué disparate! me alegro mucho de verle. —Yo también.
- 71. —Mira, vamos a entrar en este café. Te convido. —Bueno. Entraron en el café de Zaragoza. Mingote pidió dos cafés, papel y pluma. —¿A ti te importaría algo escribir lo que voy a dictarte? —Hombre, según lo que sea. —Se trata de que me pongas una carta diciéndome que no te llamas Sergio Figueroa, sino Manuel Alcázar. —¿Y para qué quiere usted que le escriba eso? Si usted lo sabe tan bien como yo—contestó cándidamente Manuel. —Es una combina que me traigo. —Y yo, ¿qué voy ganando en eso? —Te puedes ganar treinta duros. —¿Sí? ¡Vengan! —No, cuando el negocio esté terminado. Viendo Mingote a Manuel tan propicio, le dijo que si se las apañaba para quitar a la baronesa los papeles falsificados de su identificación y se los entregaba, añadiría a los treinta veinte duros más. —Los papeles los tengo yo guardados—dijo Manuel—; si espera usted aquí un momento, voy y se los traigo a usted en seguida. —Bueno, aquí espero. ¡Qué infeliz es este muchacho!—murmuró Mingote—. Se figura que le voy a dar cincuenta duros. ¡Qué primo! Pasó una hora, luego otra; Manuel no aparecía. —¿Habré sido yo el primo?—exclamó Mingote—. Sin duda. ¿Me habrá engañado ese condenado niño?
- 72. Mientras esperaba Mingote, la baronesa y Manuel tomaban el tren. Fueron a Cogolludo, y la baronesa se llevó el gran chasco. Creía que el pueblo sería algo así como una aldea flamenca y se encontró con un poblachón en medio de una llanura. La casa alquilada estaba en un extremo del pueblo; era grande, con una puerta azul, tres ventanas chicas al camino y un corral en la parte de atrás. Debía de hacer más de diez años que no la habitaban. Al día siguiente de llegar la baronesa y Manuel la barrieron y fregaron. La baronesa se lamentaba amargamente de su resolución. —¡Ay, Dios mío!, ¡qué casa!—decía—. ¿Por qué habremos venido aquí? Y ¡qué pueblo! Yo había visto de paso algún pueblo de España, pero en el Norte, donde hay árboles. ¡Esto es tan seco, tan árido! Manuel se encontraba en sus glorias; la huerta de la casa no producía más que ortigas y yezgos, pero él supuso que se podría convertir aquel trozo de tierra, seco y lleno de plantas viciosas, en un vergel. Se puso a trabajar con fe. Primeramente escardó y quemó toda la hierba del huerto. Después removió la tierra con un pincho y sembró a discreción garbanzos, habichuelas y patatas, sin enterarse de si era o no el tiempo de la siembra. Luego pasó horas y horas sacando agua de un pozo profundísimo que había en medio del huerto, y como se desollaba las manos con la cuerda y además a la media hora de regar la tierra estaba seca, ideó una especie de torno con el cual se tardaba media hora en sacar un balde de agua. A los quince días de estancia allí tomó la baronesa una criada, y cuando ya la casa estuvo limpia fué a Madrid, sacó del colegio a Kate y la llevó a Cogolludo.
- 73. Kate, como tenía un espíritu práctico, llenó unas cuantas macetas de tierra y plantó una porción de cosas en ellas. —¿Para qué hace usted eso?—le dijo Manuel—, si dentro de poco estará todo esto lleno de plantas. —Yo quiero tener las mías—contestó la niña. Pasó un mes, y a pesar de los trabajos ímprobos de Manuel, no brotó nada de lo plantado por él. Sólo unos geranios y unos ajos puestos por la criada crecían, a pesar de la sequedad, admirablemente. Los tiestos de Kate también prosperaban; en las horas de calor los metía dentro de la casa y los regaba. Manuel, viendo que sus ensayos de horticultura fracasaban, se dedicó con rabia al exterminio de las avispas, que en grandes panales de celdas simétricas, ocultos en los intersticios de las tejas, se guarecían. Entabló con las avispas una lucha a muerte y no las pudo vencer; parecía que le habían tomado odio; le atacaban de una manera tan furiosa, que la mayoría de las veces tenía que batirse en retirada, expuesto a caerse del tejado lleno de picaduras. Los entretenimientos de Kate eran más tranquilos y pacíficos. Había arreglado su cuarto con un orden perfecto. Sabía embellecerlo todo. Con la cama, cubierta por la colcha blanca y oculta por las cortinas; los tiestos, en la ventana, en los que empezaban a brotar las plantas; su armario, y los cromos en las paredes azules, su alcoba tenía un aspecto de gracia encantador. Luego, era la muchacha de una bondad amable y serena. Había encontrado en el campo un gato herido, a quien perseguían unos chicos, a pedradas; lo recogió, a riesgo de ser arañada, lo cuidó y curó, y el gato la seguía ya por todas partes y sólo quería estar con ella.
- 74. Manuel obedecía a la Nena, ciegamente, sentía además una gran satisfacción al obedecerla; la consideraba como un dechado de perfecciones, y a pesar de esto, nunca se le ocurrió, ni en su fuero interno, enamorarse de ella. Quizá la encontraba demasiado buena, demasiado hermosa. Experimentaba Manuel la tendencia paradójica de todos los hombres de fantasía que creen amar la perfección y se enamoran de lo imperfecto. El verano transcurrió agradablemente; el calcáreo estuvo dos veces en Cogolludo, al parecer contento; pero, al fin de Agosto, las pesetas que recibía la baronesa no aparecieron. Escribió a don Sergio varias veces sacando a relucir la persecución de que era víctima, pues de este modo satisfacía la vanidad y el amor propio del viejo Cromwell; pero don Sergio no cayó en la celada. Indudablemente, Mingote había hablado. Esperó la baronesa algún tiempo trampeando, haciendo deudas. Un día, a principios de otoño, se presentó el guarda de la casa diciendo a la baronesa que la desalojara, que en Madrid no habían pagado el alquiler. Se desahogó la baronesa insultando y poniendo como un trapo a don Sergio; el guarda dijo que la orden suya era no dejar que se llevaran los muebles sin que le pagaran el alquiler. La baronesa sentía que su hija se enterara de sus trapisondas; calculó lo que valdrían los muebles, que ya en Madrid con las ventas y los empeños quedaron reducidos estrictamente a lo indispensable, y se decidió a dejarlos y a huir de Cogolludo. Una tarde en que salieron del pueblo a dar un paseo, la baronesa expuso a Kate, muy azorada, la situación. —¿Vamos a Madrid?—terminó diciendo. —Vamos. —¿Ahora mismo? —Ahora mismo.
- 75. Hacia frío. Comenzaba a lloviznar. La estación del tren estaba en un pueblo inmediato. Manuel sabía el camino. Marcharon los tres por entre lomas bajas; no encontraron a nadie. Kate iba un tanto asustada. —Vaya una facha rara que debemos de tener—decía la baronesa. A la hora y media de salir del pueblo, de repente, a la revuelta de un sendero, apareció el faro de señales de la vía férrea, un disco blanco como un alto fantasma. Soplaba un vientecillo sutil. Oyeron de pronto a lo lejos los silbidos agudos de un tren, aparecieron las linternas roja y blanca de la locomotora, fueron agrandándose en la obscuridad rápidamente, retembló la tierra, pasó la fila de vagones rechinando con una algarabía infernal, surgió una bocanada de humo blanco con incandescencias luminosas, cayó un diluvio de chispas al suelo y el tren huyó y quedaron dos farolillos rojos y uno verde danzando en la obscuridad de la noche, hasta que se escabulleron en seguida en las sombras. Estaban los tres cansados cuando entraron en la estación. Esperaron unas horas, y a la mañana del día siguiente llegaron a Madrid. La baronesa estaba azorada, fueron a una casa de huéspedes, les preguntaron si tenían equipaje, la baronesa dijo que no, y no supo encontrar ningún pretexto ni explicación; les dijeron que sin equipaje no les tomarían, a no ser que pagaran por adelantado, y la baronesa salió avergonzada. De allí pasaron por la casa de una amiga, pero se había mudado: no se sabían tampoco las señas de Horacio. La baronesa tuvo que empeñar un reloj de Kate y fueron a parar los tres a un hotel de tercera clase. Al cuarto día el dinero terminó. La baronesa había perdido su presencia de ánimo y en su rostro se notaba la fatiga y el cansancio. Escribió una carta humilde a su cuñado pidiéndole hospitalidad para ella y su hija, y la contestación tardaba. La baronesa se ocultaba de Kate para llorar.
- 76. La dueña del hotel les pasó la cuenta; le suplicó la baronesa que esperara unos días a que recibiera una carta, pero la mujer de la fonda, a quien la petición hecha en otra forma no le hubiera chocado, se figuró, por el tono empleado por la baronesa, que se trataba de engañarla, y dijo que no esperaba, que, si al día siguiente no la pagaban, avisaría a la justicia. Kate, al ver a su madre más afligida que de costumbre, le preguntó lo que le pasaba, y ella expuso la situación apurada en que se veían. —Voy a ver al embajador de mi país—dijo Kate resueltamente. —¿Tú sola? Iré yo. —No, que me acompañe Manuel. Fueron los dos a la Embajada; entraron en un portal grande. Dió su tarjeta Kate a un portero e inmediatamente la hicieron pasar. Manuel, sentado en un banco, esperó un cuarto de hora. Al cabo de este tiempo salió la muchacha al portal acompañada de un señor de aspecto venerable. Éste la acompañó hasta la puerta y habló con un lacayo con galones. El lacayo abrió la puerta de un coche que había frente a la puerta y permaneció con el sombrero en la mano. Kate se despidió del anciano señor; luego dijo a Manuel: —Vamos. Entró ella en el coche y después Manuel estupefacto. —Ya está todo arreglado—dijo la muchacha a Manuel—. El embajador ha telefoneado al hotel diciendo que pasen la cuenta a la Embajada. Manuel pudo notar en esta ocasión, y comprobarlo después repetidas veces, que las mujeres acostumbradas desde niñas a
- 77. doblegarse y a ocultar sus deseos tienen, cuando despliegan sus energías ocultas, un poder y una fuerza extraordinarios. La baronesa recibió la noticia alborozada, y en un arrebato de ternura besó a Kate repetidas veces y lloró amargamente. Días después se recibió la contestación del cuñado de la baronesa y un cheque para que se pusieran en camino. A pesar de lo que le prometió la baronesa a Manuel, éste comprendió que no le llevarían a él. Era natural. La baronesa compró ropa para la Nena y para ella. Una tarde de otoño se fueron madre e hija. Manuel las acompañó en coche hasta la estación. La baronesa sentía mucha tristeza de dejar Madrid; la Nena estaba, como siempre, al parecer serena y tranquila. En el trayecto, ninguno de los tres dijo una palabra. Bajaron del coche, entraron en la sala de espera; había que facturar un baúl y Manuel se encargó de ello. Después pasaron al andén y tomaron asiento en un vagón de segunda. Roberto paseaba por el andén de la estación pálido, de un lado a otro. La baronesa prometió al muchacho que volverían. Sonó la campana de la estación. Manuel se subió al coche. —Vamos, bájate—dijo la baronesa—. El tren va a empezar a andar. Manuel ofreció la mano tímidamente a la Nena. —Abrázala—dijo su madre. Manuel apenas se atrevió a rodear el talle de la muchacha con sus brazos. La baronesa le besó en las dos mejillas. —Adiós, Manuel—le dijo—, secándose una lágrima.
- 78. Echó andar a el tren; la Nena saludó desde la ventanilla con la mano; pasaron vagones y vagones con un ruido sordo; el tren aceleró la marcha. Manuel sintió una congoja grande; huyó el tren, silbando por los campos, y Manuel se llevó las manos a los ojos y sintió que estaba llorando. Roberto le agarró del brazo. —Vamos de aquí. —¿Es usted?—le dijo Manuel. —Sí. —Han sido muy buenas para mí—añadió Manuel tristemente.
- 79. SEGUNDA PARTE
- 80. CAPÍTULO I Sandoval.—Los sapos de Sánchez Gómez. Jacob y Jesús. Salieron juntos Manuel y Roberto de la estación del Norte. —¿Y otra vez a empezar?—le dijo Roberto.—¿Por qué no te decides de una vez a trabajar? —¿En dónde? Yo para buscar no sirvo. ¿Usted no sabe algo para mí? En alguna imprenta... —¿Te decidirás a entrar de aprendiz sin ganar nada? —Sí; ¿qué voy a hacer? —Si te parece bien, yo te llevaré al director de un periódico ahora mismo. Vamos. Subieron hasta la plaza de San Marcial; luego, por la calle de los Reyes, hasta la de San Bernardo, y en la calle del Pez entraron en una casa. Llamaron en el piso principal y una mujer esmirriada salió a la puerta y les dijo que aquél por quien preguntó Roberto estaba durmiendo y no quería que se le despertase. —Soy amigo suyo—replicó Roberto—, yo le despertaré.
- 81. Entraron los dos por un corredor a un cuarto obscuro, en donde olía a iodoformo de una manera apestosa. Roberto llamó. —¡Sandoval! —¿Qué hay? ¿Qué sucede?—gritó una voz fuerte. —Soy yo; Roberto. Se oyeron los pasos de un hombre desnudo que abrió las maderas del balcón y luego se le vió volver y meterse en una cama grande. Era un hombre de unos cuarenta años, rechoncho, grasiento, de barba negra. —¿Qué hora es?—dijo desperezándose. —Las diez. —¡Qué barbaridad! ¿Es tan temprano? Me alegro que me hayas despertado; tengo que hacer muchas cosas. Da un grito por el pasillo. Roberto lanzó un ¡eh! sonoro, y se presentó en el cuarto una muchacha pintada, con aire de mal humor. —Anda, tráeme la ropa—la dijo Sandoval, y de un esfuerzo se sentó en la cama, bostezó estúpidamente y se puso a rascarse los brazos. —¿A qué venías?—preguntó. —Pues como el otro día dijiste que necesitabas un chico en la redacción, te traigo éste. —Pues, hombre, tengo ya otro. —Entonces nada. —Pero en la imprenta creo que necesitan. —A mí ese Sánchez Gómez no me hace mucho caso.
- 82. —Se lo diré yo; no me puede negar eso. —¿Te se olvidará? —No, no se olvidará. —¡Bah! Escríbele; es mejor. —Ya le escribiré. —No, ahora; ponle unas letras. Mientras hablaban, Manuel observó con curiosidad el cuarto, de un desorden y suciedad grandes. El mobiliario lo componían: la cama de matrimonio, una cómoda, una mesa, un aguamanil de hierro, un estante y dos sillas rotas. Sobre la cómoda y en el estante se amontonaban libros desencuadernados y papeles; en las sillas enaguas y vestidos de mujer; el suelo estaba lleno da puntas de cigarro, de trozos de periódico y de pedazos de algodón utilizados para alguna cura; debajo de la mesa aparecía una jofaina de hierro convertida en brasero, llena de ceniza y de carbones apagados. Cuando la muchacha pintada vino con el traje y la camisa, Sandoval se levantó en calzoncillos y anduvo buscando un jabón entre los papeles, hasta que lo encontró. Se fué a lavar en la palangana del aguamanil, llena de agua sucia hasta arriba, en la que nadaban remolinos de pelos de mujer. —¿Quieres echar el agua?—dijo el periodista a la muchacha humildemente. —Echala tú—contestó ella de mala manera, saliendo del cuarto. Sandoval salió en calzoncillos al corredor con la palangana en la mano, después volvió, se lavó y fué vistiéndose. Sobre los libros y los papeles se veían algún peine grasiento, algún cepillo de dientes gastado y rojo por la sangre de las encías; un cuello postizo con ribetes de mugre, una caja de polvos de arroz llena de abolladuras, con la brocha apelmazada y negra.
- 83. Después de vestido Sandoval, se transformó a los ojos de Manuel; tomó un aire de distinción y elegancia, escribió la carta que le pedían, y Roberto y Manuel salieron de la casa. —Se ha quedado maldiciendo de nosotros—dijo Roberto. —¿Por qué? —Porque es perezoso como un turco. Perdona todo menos que le hagan trabajar. Salieron los dos nuevamente a la calle de San Bernardo y entraron en una callejuela transversal. Se detuvieron frente a una casa pequeña que salía de la línea de las demás. —Esta es la imprenta—dijo Roberto. Manuel miró; ni letrero, ni muestra, ni indicación alguna de que aquello fuera una imprenta. Empujó Roberto una puertecilla y entraron en un sótano negro, iluminado por la puerta de un patio húmedo y sucio. Un tabique recién blanqueado, en donde se señalaban huellas impresas de dedos y de manos enteras, dividía este sótano en dos compartimentos. Se amontonaban en el primero una porción de cosas polvorientas; el otro, el interior, parecía barnizado de negro; una ventana lo iluminaba; cerca de ella arrancaba una escalera estrecha y resbaladiza que desaparecía en el techo. En medio de este segundo compartimento un hombre barbudo, flaco y negro, subido en una prensa grande, colocaba el papel que allí parecía blanco como la nieve sobre la platina de la máquina, y otro hombre lo recogía. En un rincón funcionaba trabajosamente un motor de gas que movía la prensa. Subieron Manuel y Roberto por la escalera a un cuarto largo y estrecho que recibía la luz por dos ventanas a un patio. Adosadas a las paredes y en medio estaban los casilleros de las letras, y sobre ellos colgaban algunas lámparas eléctricas, envueltas en cucuruchos de papel de periódico, que servían de pantalla.
- 84. En las cajas trabajaban tres hombres y un chico; uno de los hombres cojo, de blusa azul larga, sombrero hongo, aspecto de mal humor, con los anteojos puestos, se paseaba de un lado a otro. Roberto saludó al señor cojo y le entregó la carta de Sandoval. El cojo cogió la carta y gruñó malhumorado: —No sé para que me vienen con estas comisiones. ¡Maldita sea la!... —Este es el chico a quien hay que enseñarle el oficio—interrumpió Roberto fríamente. —Como no le enseñe yo la...—y el cojo soltó diez o doce barbaridades y un rosario de blasfemias. —¿Hoy está usted de mal humor? —Estoy como me da la gana... tanto amolar... porque me sale así de los santísimos... ¿Sabe usted? —Bueno, hombre, bueno—repuso Roberto, y añadió en un aparte alto de teatro, de los que oye todo el mundo:—¡Qué paciencia hay que tener con este animal! —Es una broma—siguió diciendo el cojo sin hacer caso del aparte—; que el chico quiere aprender el oficio, ¿y a mí qué?; que no tiene que comer, ¿y a mí qué? Que se vaya con dos mil pares... con viento fresco. —¿Le va usted a enseñar o no, señor Sánchez? Yo tengo que hacer, no quiero perder el tiempo. —¡Ah, usted no quiere perder el tiempo! Pues váyase usted, hombre; a bien que yo no necesito que se quede usted aquí, que se quede el chico; usted aquí estorba. —Gracias. Tú quédate aquí—dijo Roberto a Manuel—, ya te dirán lo que tienes que hacer.
- 85. Manuel quedó perplejo, vió a su protector que se marchaba, miró a todos lados, y viendo que no le hacían caso se fué acercando a la escalera y bajó dos peldaños. —¡Eh! ¿Adónde vas?—le gritó el cojo—. ¿Es que quieres o no quieres aprender el oficio? ¿Qué es esto? Manuel quedó nuevamente confuso. —Eh, tú, Yaco—gritó el cojo, dirigiéndose a uno de los hombres que trabajaban—, enséñale la caja a este choto. El aludido, un hombrecillo flaco y muy moreno, con una barba negrísima, que trabajaba con una rapidez asombrosa, echó una mirada indiferente a Manuel y volvió a su trabajo. El chico permaneció inmóvil, y viéndolo así el otro cajista, un joven rubio, de aspecto enfermizo, le dijo al compañero de la barba en tono burlón, con una canturia extraña: —¡Ah, Yaco! ¿por qué no le enseñas al muchacho las letras? —Enséñale tú—contestó el que llamaban Yaco. —Ah, Yaco, veo que la ley de Moisés os hace muy egoístas, Yaco. ¿No quieres perder tiempo, Yaco? El de la barba arrojó a su compañero una mirada siniestra; el rubio se echó a reir y le indicó a Manuel en dónde estaban las letras; después trajo una columna impresa que sacó rápidamente de un marco de hierro, y dijo: —Ves echando cada letra en su cajetín. Manuel comenzó a hacerlo con mucha lentitud. El cajista rubio llevaba una blusa azul larga y un sombrero hongo, a un lado de la cabeza. Inclinado sobre el chibalete, con los ojos muy cerca de las cuartillas, el componedor en la mano izquierda, hacía
- 86. líneas con una rapidez extraordinaria; su mano derecha saltaba vertiginosamente de cajetín a cajetín. Con frecuencia se paraba a encender un cigarro, miraba a su barbudo compañero y le preguntaba una cosa, o muy tonta o de esas que no tienen contestación posible, en tono jovial, pregunta a la cual el otro no contestaba más que con una mirada siniestra de sus ojos negros. Dieron las doce, dejaron todos el trabajo y se fueron. Manuel quedó solo en la imprenta. Al principio abrigó la esperanza de que le darían algo de comer; luego pudo convencerse de que nadie se había preocupado de su alimentación. Reconoció la imprenta; nada, por desgracia, era comestible; pensó que quizás aquellos rodillos, quitándoles la tinta de encima, podrían ser aprovechados, pero no se decidió. A las dos volvió Yaco; poco después el rubio, que se llamaba Jesús, y comenzaron de nuevo el trabajo. Manuel siguió en su tarea de distribución de letras, y Jesús y Yaco en la de componer. El cojo corregía galeradas, las entintaba, sacaba una prueba poniendo encima de ellas un papel y golpeando con un mazo, y después, con unas pinzas, extraía unas letras y las iba substituyendo por otras. Jesús a media tarde dejó de componer, cambió de faena, cogía las galeradas, atadas con un bramante, las soltaba, formaba columnas, las metía en un marco de hierro y las sujetaba dentro con cuñas. El marco se lo llevaba uno de los maquinistas del sótano y volvía con él al cabo de una hora. Jesús substituía en el marco de hierro unas columnas por otras y se llevaban de nuevo la forma. Poco después se repetía la misma operación. Luego de trabajar toda la tarde iban a salir a las siete, cuando Manuel se acercó a Jesús y le dijo: —¿No me dará el amo de comer?
- 87. —¡Quia! —Yo no tengo dinero; no he podido tampoco almorzar. —¿Ah, no? Anda, vente conmigo. Salieron juntos de la imprenta y entraron en una tabernucha de la calle de Silva, en donde comía Jesús. Habló éste con el tabernero y después le dijo a Manuel: —Aquí te darán el cocido de fiado. Yo he respondido por ti. A ver si no haces una charranada. —Descuide usted. —Bueno, vamos adentro, hoy convido yo. Penetraron en el interior de la tasca y se sentaron los dos en una mesa. Les trajeron una fuente con guisado, pan y vino. Mientras comían, Jesús contó de una manera humorística una porción de anécdotas del amo de la imprenta, de los periodistas y, sobre todo, de Yaco, el de la barba, que era judío, muy buena persona, pero avaro y sórdido hasta perderse de vista. Jesús le solía tomar el pelo y le incomodaba para oirle. Al concluir de cenar, Jesús preguntó a Manuel: —¿Tienes sitio donde dormir? —No. —Ahí, en la imprenta, debe haber. Volvieron a la imprenta, y el cajista le pidió al cojo que permitiera a Manuel dormir en algún rincón. —Moler—exclamó el cojo—, esto va a ser el asilo de la Montaña. ¡Vaya una golfería! Porque el cojo será muy malo pero aquí todo el
- 88. mundo viene. Claro. A la gandinga. Gruñendo, como era su costumbre, el cojo abrió un cuartucho, al que se subía por unas escaleras, lleno de grabados envueltos en papeles, y después señaló un rincón, en donde había paja de jergones y unas mantas. Durmió Manuel en la covacha hecho un príncipe. Al día siguiente, el dueño le mandó ir al sótano. —Mira lo que hace éste y luego haz tú lo mismo—le dijo, indicándole al hombre flaco y barbudo subido a la plataforma de la máquina. Cogía éste una hoja de papel de un montón y la colocaba sobre la platina, venían al momento las lengüetas de la prensa a agarrar la hoja con la seguridad de los dedos de una mano; al movimiento del volante, la máquina tragaba el papel y al poco rato salía impreso por un lado, y unas varillas, como las de un abanico, lo depositaban automáticamente en una platina baja. Manuel aprendió pronto la maniobra. El amo dispuso que Manuel trabajase por la mañana en las cajas, y por la tarde, y parte de la noche, en la máquina, y le asignó seis reales de jornal al día. Por la tarde se podía aguantar el trabajo en el sótano, pero de noche imposible. Entre el motor de gas y los quinqués de petróleo quedaba la atmósfera asfixiante. A la semana de estar allí, Manuel había intimado con Jesús y con Yaco y se tuteaba con los dos. Jesús le aconsejaba a Manuel el que se aplicase en las cajas y aprendiera pronto a componer. —Al menos se tiene la pitanza segura. —Pero es muy difícil—decía Manuel. —Quia, hombre, acostumbrándose es más sencillo que cargar cubas de agua.
- 89. Manuel trabajaba siempre que podía, esforzándose en adquirir ligereza; algunas noches hacía líneas, y era para él un motivo de orgullo el verlas después impresas. Jesús se entretenía en embromar al judío, remedándole en su manera de hablar. Habían vivido los dos algunos meses en la misma casa. Yaco (Jacob era su nombre) con su familia, y Jesús con sus dos hermanas. Le entusiasmaba a Jesús sacar a Jacob de sus casillas y oirle decir maldiciones pintorescas en su lengua melosa y suave, arrastrando las eses. Según decía Jesús, en casa de Jacob hablaban su mujer, su suegro y él, en la más extraña jerigonza que imaginarse puede, una mezcla de árabe y de castellano arcaico que sonaba a algo muy raro. —¿Te acuerdas, Yaco—le decía Jesús remedándole—, cuando llevaste a Mesoda, a tu mujer, aquel canario? Y te preguntaba ella: ¡Ah, Yaco! ¿qué es ese pasharo que tiene las plumas amarias? Y tú le contestabas: ¡Ah, Mesoda!, este pasharo es un canario y te lo traigo para tú. Jacob, al ver que todo el mundo se reía, lanzaba una mirada terrible a Jesús y le decía: —¡Ah roín, te venga un dardo que borre tu nombre del libro de los vivos! —Y cuando Mesoda—proseguía, Jesús te decía—: Finca aquí, Yaco, finca aquí. ¡Ah, Yaco, qué mala estoy! Tengo una paloma en el corasón, un martio en cada sién y un pescao en la nuca. ¡Llámale a mi babá, que me traiga una ramita de letuario, Yaco! Estas intimidades de su hogar, tratadas en broma, exasperaban a Jacob, y oyéndolas se exaltaba, y sus imprecaciones podían dejar atrás las de Camila. —No respetas la familia, perro, terminaba diciendo.
- 90. —¡La familia!—le replicaba Jesús—. Lo primero que debe hacer uno es olvidarla. Los padres y los hermanos, y los tíos y los primos, no sirven mas que para hacerle a uno la pascua. Lo primero que un hombre debe aprender es a desobedecer a sus padres y a no creer en el Eterno. —Calla cafer, calla. Te veas como el vapó con agua en los lados y fuego en el corasón. Te barra la escoba negra si sigues blasfemando así. Jesús se reía y, después de oirle hablar a Jacob, añadía: —Hace unos miles de años, este animal que ahora no es más que un tipógrafo, hubiera sido un profeta y estaría en la Biblia al lado de Matatías, de Zabulón y de toda esa morralla. —No digas necedades—replicaba Jacob. Después de la discusión, Jesús le decía: —Tú ya sabes, Yaco, que nos separa un abismo de ideas; pero a pesar de esto, si quieres aceptar el convite de un cristiano, te convido a una copa. Jacob movía la cabeza y aceptaba.
- 91. Welcome to our website – the perfect destination for book lovers and knowledge seekers. We believe that every book holds a new world, offering opportunities for learning, discovery, and personal growth. That’s why we are dedicated to bringing you a diverse collection of books, ranging from classic literature and specialized publications to self-development guides and children's books. More than just a book-buying platform, we strive to be a bridge connecting you with timeless cultural and intellectual values. With an elegant, user-friendly interface and a smart search system, you can quickly find the books that best suit your interests. Additionally, our special promotions and home delivery services help you save time and fully enjoy the joy of reading. Join us on a journey of knowledge exploration, passion nurturing, and personal growth every day! ebookbell.com