Expert system for information system risk estimate at the enterprise level.

Rosu, Sebastian Marius ; Guran, Marius ; Dragomirescu, Cristian 等

1. INTRODUCTION

In order to survive, whether organizations are composed of one or many enterprise (holding) or organizations are small, medium or large, it is necessary to learn from the past, supervise the present and plan the future. In this regard, the enterprises continue to implement IT strategies & architectures, to improve manufacture, research, products quality, sales, and services and to control costs. All enterprises have a local area network, an intranet or/and Internet, servers and workstations for operations, administration and management that work together for the same objective: profits. The enterprises uses Internet or Internet technologies to attract, retain and cultivate relationships with customers, streamline supply-chain, manufacturing, and procurement systems and automate corporate processes to deliver the right products and services to customers quickly and cost-effectively (Rosu et al., 2007), also to capture, explore, analyze, and automate corporate processes information on customers and company operations in order to provide better business decisions. As a result of a new product development paradigm, there is a greater need for software tools to effectively support the formal representation, collect and exchange product information during the product development stage (Dragoi et al., 2005). In a real meaning, an e-business is any business that uses Internet or Internet technologies (Dragoi, 2003) to attract, retain and cultivate relationships with customers, streamline supply-chain, manufacturing, and procurement systems and automate corporate processes to deliver the right products and services to customers quickly and cost-effectively, also to capture, explore, analyze, and automate corporate processes information on customers and company operations in order to provide better business decisions.

2. RMP AS PART OF PMP

Project Management is a method of organizing and managing resources (data, information, knowledge, skills, tools, techniques, etc.) so that the project is completed within defined destination, quality, time and cost constraints. Generally, projects need to be performed and delivered under certain constraints. Traditionally, these constraints have been listed as destination, time, and quality and cost (see figure 1 where each side represents a constraint).

[FIGURE 1 OMITTED]

In the enterprise, we can distinguish some basic project components (steps) in the development of a project (Rosu & Draghici, 2007): start of project study, start project planning, start project execution, basic project design ready, project introduction, project monitoring and controlling, release project product, project product acceptance, close project and retrospective investigation of project. Enterprise project management is all that mix of components of control, communications, leadership, and teamwork, resource management, which goes into a successful project basis on complete quality process components. Good project management deals with three factors: time, cost and performance. In order to bring the many components of a large project into control there is a large toolkit of techniques, methodologies, and tools. These techniques provide the tools for managing different components involved in a project: planning and scheduling, developing a product, managing financial and capital resources, and monitoring progress--see

the PMP model in figure 2 (Rosu et al., 2007).

Enterprise project development presupposes knowledge and assumption of multiple risks. The risk management process includes three phases:

* Risk identification;

* Risk analyses;

* Risk feedback.

[FIGURE 2 OMITTED]

[FIGURE 3 OMITTED]

In the enterprise activities risk eludes probability to not perform the establish objectives such as:

* Performance--quality standards failure;

* Schedule--execution terms failure;

* Costs--budget exceeding.

Risk factors are all factors that can have probability to deviate a plan. Risk management process is an important component of a successful project development process with informational system support. Risk is the net negative impact of the exercise of vulnerability, considering both the probability and the impact of occurrence. Risk management is the process of identifying risk, assessing risk, and taking steps to reduce risk to an acceptable level (see the RMP model in figure 3).

The risk management process should not be treated primarily as a technical function carried out by the IT experts who operate and manage the IT system, but as an essential management function of the organization.

3. AN EXPERT SYSTEM FOR RISK ESTIMATION

Information systems evaluation problem become important by dimension, cost, strategic place occupied by the system advance in time. For projects development in good conditions, the information systems must be assured and surveyed from reliability, quality and maintenance viewpoint. All information system has effects at project development activity, effects that make up in risk factors.

We analyze all these factors and elaborate an expert system implemented in VP-Expert (we used expert system generator VP-Expert version 2.1, by Brian Sawyer, Educational Version, distributed by Paperback Software International), which effectuates risk evaluation for an information system, emerged in harnessed in an enterprise pursuant to proper rules. Production rules form the knowledge representation model used in this work. In ESTRISK.KBS knowledge base there are if-then structure rules excluding the rules for inference engine operations.

Before make the knowledge base, it was establishing the code variables: activity character, utility for project team and for management team, revenues, cost, users number, interfaces project tem proportion, etc.

For all variables, we assign a value (between 1 up to 5) adequate to minimum and maximum risk level. Each value has an importance expressed by a factor with predetermined values (between 1 up to 10). For all variables, the pondered factors must be introduced from keyboard.

According to final score, the evaluated informatics system receives a qualifying--very complex, moderate complexity or simple system (see figure 4 the evaluation results).

[FIGURE 4 OMITTED]

4. CONCLUSION

In this new digital era, enterprises use automated information technology (IT) systems to process their information for better support of their missions, risk management plays a critical role in protecting an organization's information assets, and therefore its mission, from IT--related risk. Risk management process is an important component of a successful project development process with informational system support.

Here, it was describe the risk management as part of project management process, and was present a model for information system risk estimate using an expert system realized at PREMINV Research Center (Polytechnic University of Bucharest) in a university and Romanian SME partnership.

In Romania just few companies developed proper risk measure and cover mechanisms. In the future, we intend to realize other similar expert systems to evaluate all enterprise activities who involve risks.

5. REFERENCES

Rosu, S. M.; Draghici, A. & Guran, M. (2007). Knowledge Transfer in the Enterprise Business Intelligence, Annals of DAAAM for 2007 & Proceedings of the 18th International DAAAM Symposium, October 24th-27th, B. Katalinic (Ed.), published by DAAAM International, Vienna, Austria, pp. 647-648, ISBN 3-901509-58-5

Dragoi, G.; Cotet, C. E.; Patrascu, G.; Rosu, L. & Rosu, S. M. (2005). Internet/Intranet/Extranet-based systems for virtual product development environment in the CESICED platform, Proceedings of the 8th Conference on Management of Innovative Technologies (MIT'2005), 24th-26th September 2005, pp. 67-72, ISBN 961-6238-96-5, Fiesa-Piran, Slovenia

Dragoi G. (2003). Intreprinderea Integrata: metodele, modele, tehnici si instrumente de dezvoltare si realizare a produselor, published by PolitehnicaPress, Bucharest

Rosu, S. M. & Draghici, A. (2008). Information system risk estimate as part of project development by virtual teams using expert systems, Academic Journal of Manufacturing Engineering, no. 2/2008, pp. 135-142, ISSN 1583-7904

Rosu, S. M., Dragoi, G., Guran, M., Rosu, L. (2007). Material management process with database support for virtual project development by virtual teams at the enterprise level, Proceedings of the 9th International Conference on Management of Innovative Technologies--MIT' 2007, October 9th-10th, pp. 99-106, ISBN 978-961-6536-19-6, Fiesa-Piran, Slovenia