Theo Tryfonas Centre in Systems, Faculty of Engineering
-
Upload
elaine-hudson -
Category
Documents
-
view
34 -
download
0
description
Transcript of Theo Tryfonas Centre in Systems, Faculty of Engineering
Theo Tryfonas
Centre in Systems, Faculty of Engineering
Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and Protection of Information 2009 - Brno, Czech Republic
2 Outline
• Competitor Intelligence (CI) and tools
• Software development process and informational
requirements
• An integration framework
• Relationship to infosec and challenges
3 The importance of Intelligence
“If you know the enemy and know yourself, you
need not fear the result of 100 battles. If you know
yourself but not the enemy, for every victory gained
you will also suffer a defeat. If you know neither the
enemy nor yourself, you will succumb in every
battle”
General Sun-Tzu, c. 544-496 BC (?)
Recent industrial espionage cases4
5 Competitor Intelligence and competitive advantage
• Many forms of intelligence– National Intelligence, Military Intelligence, Criminal
Intelligence, Corporate Intelligence, Business Intelligence, Competitive Intelligence etc.
• CI: A systematic and ethical program for gathering,
analyzing, and managing information that can
affect a company's plans, decisions, and
operations.
6 The CI process
• The process of monitoring the competitive
environment.– 80% of large multinationals have an organized system for
collecting intelligence– 60% of US companies (of that review sample)
• It includes competitive, technical, people, and
market intelligence.
7 The CI process
Integrative CI model showing intelligence
information processing stages (Bouthilier &
Shearer, 2003)
8 CI tools and applications...
• Generic (e.g. databases) and specific (e.g. price
monitoring agents)– Mind mapping, system dynamics, textual analysis, …
• Knowledge management/information engineering
focused– Requirements elicitation, Data mining, Artificial intelligence,
OLAP, Visualisation, Collaboration portals etc.
• The Internet!
(table 1 in the paper: tool/function/description)
9 ... facilitating
• Porter’s five forces analysis (consumer, vendor,
competitor, new entrants, substitutes)
• SWOT analysis (strength-weakness-opportunity-
threat)
• Competitor profiling
• Benchmarking (measuring against competition)
• Customer-led/requirements-driven design
• Etc. etc.
10 The software market: Monopolies and ‘The cathedral and the bazaar’
• The software industry faces extreme pressures to
provide new applications that add value in today's
competitive environment. (authors’ JCIM paper)
• ‘Siloed’ market with near-monopolies for core
technologies– E.g. OS (Microsoft), database (Oracle)
• Intellectual property protection drive, s/w licencing and
(personal view) misunderstanding of the digital product
in pricing strategy – OSS/FS vs. commercial
11 Software processes and development lifecycles
• Developing a product in isolation is impossible –
especially software– User needs, technology platforms, development tools,
laws and regulations, available products and their shortcomings etc. etc.
• Information gathering is critical throughout the
development lifecycle– Both technical and organisational/market driven– To appreciate cost and risk and anticipated revenue
12 SDLC
The informational requirements
are similar regardless of the
nature of the process (linear,
iterative, ...)
Fig from
http://en.wikipedia.org/wiki/Iterative_development
Fig. from
http://en.wikipedia.org/wiki/Software_development_process
13 Indicative informational requirements in the SDLC – intelligence input
• Requirements analysis– User needs and preferences, threats and threat agents, existing products, emerging
markets, ...
• Design– Input from previous stage– Competitive products designs, ...
• Coding– Input from previous stage– Target platform APIs, threats and threat agent tools, target platform or build technology
known vulnerabilities and exploits, ...
• Testing– Input from previous stage– User needs and preferences, ...
• Etc. etc.
Integration of CI into SDLC14
Integration of CI into SDLC (cont’d)15
16 CI/Infosec interface: Knowing others, protecting yourself
• Information security practices can assure the
ethical gathering and processing of information
(e.g. via compliance with Data Protection Acts)
• as well as protection from unethical gathering
(industrial espionage of third parties, risk of internal
threat etc.)
17 Conclusions
• Understanding the market, user needs and how to price the resulting
product has a profound impact on software – and its security– Piracy and IP protection, put-to-market pressure etc.
• Competitor intelligence is usually viewed as a task of marketers – it isn’t– Many technical aspects, threat environment and hi-tech espionage, need for
professional integrity assurance
• Software processes are now (after many years of preaching) being
modified to meet infosec requirements – perhaps they could also
formalise the intelligence input to the development/security processes– to capitalise on the maturity of the CI discipline and on the interface of security
with real-life business