François Chung, Ph.D.

Tag: requirement analysis

ISO 9001 & ISO 27001

ISO 9001 & ISO 27001

Advisera training, MOOC (2022). These 2 online courses provide all of the key information needed to know about both ISO 9001 (quality management) and ISO 27001 (information security) standards, including the requirements, best practices for compliance and how to implement them for any type of business. These courses are made for beginners with no prior knowledge in quality management, information security and ISO standards.

ISO 9001: Quality management

Main topics:

  • Introduction to ISO 9001;
  • The planning phase;
  • Operations;
  • The Check and Act phases.

ISO 27001: Information security

Main topics:

  • Introduction to ISO 27001;
  • The planning phase;
  • Risk management;
  • The Do phase;
  • The Check and Act phases.

References

ArchiMate 3 in practice

ArchiMate 3 in practice

Orsys training, Belgium (2022). This 2-day on-site training introduces ArchiMate, an open enterprise architecture modeling language to support the description, analysis and visualization of architecture within and across business domains. ArchiMate offers a common language for describing the construction and operation of business processes, organizational structures, information flows, IT systems and technical infrastructure.

Day 1

Main topics:

  • ArchiMate 3.0: Core Framework, standard and benefits;
  • The Open Group Architecture Framework (TOGAF);
  • Elements: aspects and relationships;
  • Business layer: essentials and hands-on;
  • Application layer: essentials and hands-on;
  • Information structure;
  • Cross-layer relationships.

Day 2

Main topics:

  • Technology layer: essentials and hands-on;
  • ArchiMate: layered and total views;
  • ArchiMate viewpoints;
  • Motivation view;
  • Services in ArchiMate;
  • Vertical slicing through the layers.

References

Related articles

Learn more

Identity proofing

Identity proofing

Zetes project @Brussels, Belgium (2021). Identity proofing consists in verifying for a given level of assurance that a person, who is claiming an identity, is indeed the correct person. This identity proofing process can be performed manually by a human operator, either on site (through physical presence) or online (remotely through videoconference), but also automatically (e.g. fully automated online or in a controlled environment).

At the European level, the European Telecommunications Standards Institute (ETSI) is working on technical specification ETSI TS 119 46 to lay the foundations on a new identity proofing standard, whose aim is to be applicable in areas such as the issuance of electronic identity (eID) and Know Your Customer (KYC) processes, with several person types considered: natural person, legal person, and natural person representing a legal person.

One of the objectives of this specification is to provide controls against two main identity proofing threats:

  • Falsified evidence: A person claims an incorrect identity using forged evidence;
  • Identity theft: A person uses valid evidence associated with another person.

Therefore, implementing identity proofing requires a risk-based and outcome-based approach where requirements can be tuned up to a desired level of assurance (i.e. degree of certainty) of the result, depending on the context (e.g. purpose of the identity proofing, regulatory environment, acceptable risk regarding the result of the process).

In this project, my tasks are related to the analysis of technical specification ETSI TS 119 46 so as to investigate what parts of the identity proofing process are already developed and available at Zetes (and therefore could be reused), how the missing parts can be implemented in practice and what are the possible impacts of the implementation on the existing products and solutions.

References

Project

Related articles

Learn more

ETSI - European Telecommunications Standards Institute

Business process and decision modeling

Business process and decision modeling

HPI training, MOOC (2021). This online training introduces concepts of business process modeling using the Business Process Model and Notation (BPMN) industry standard. Based on a thorough understanding of BPMN, the last part of the training covers decision models using the Decision Model and Notation (DMN). Decision models complement process models by representing concrete, operational decisions, both with their structure and their decision logics.

Week 1: Introduction to business process management

Main topics:

  • Defining business processes;
  • Business process models;
  • Interacting business processes;
  • Models and instances;
  • Business process lifecycle.

Week 2: Basic business process modeling

Main topics:

  • Process activities;
  • Exclusive and parallel gateways;
  • Inclusive gateways and loops;
  • Start, intermediate and end events;
  • Concurrency.

Week 3: Analyzing the behavior of process models

Main topics:

  • Process behavior;
  • Structural soundness;
  • Simulating business processes;
  • Petri nets and process analysis;
  • Checking soundness.

Week 4: Advanced business process modeling

Main topics:

  • Sub-processes and boundary events;
  • Activity modifiers;
  • Event-based gateway;
  • Modeling organizations;
  • Resource allocation patterns.

Week 5: Data in business process models

Main topics:

  • Organizing process models;
  • Data and data flow;
  • Data execution semantics;
  • Structured data and sub-processes;
  • Object lifecycle conformance.

Week 6: Business decision modeling

Main topics:

  • Implementation of decisions;
  • Decision requirements diagrams;
  • Semantics of decision tables;
  • Analysis of decision tables;
  • Consistency of processes and decisions.

References

Related articles

ArchiMate 3 in practice (Orsys training)
UML class diagrams (edX training)

Learn more

BPMN - Business Process Model and Notation
DMN - Decision Model and Notation
openHPI - Hasso Plattner Institute

PKI for identity documents

PKI for identity documents

Zetes project @Brussels, Belgium (2021). A Public Key Infrastructure (PKI) is a set of physical components (e.g. computers and hardware), human procedures (e.g. checks and validation) and software (e.g. system and applications) intended to manage the public keys of the users of a system. The objective is the secure electronic transfer of information for a range of online activities, such as e-commerce and electronic identification (eID).

In the case of electronic identity documents, such as the identity card, a PKI makes it possible to bind public keys to the identity of citizens, whose personal information is not only printed on the identity card, but also stored in the identity card chip. This system not only allows citizens to use their card to identify themselves online (authentication), but also to sign digital documents using a Qualified Electronic Signature (QES).

A PKI can also be used in an international scheme, such as for the verification of passports at country borders. In that case, a country emits passports for its citizens and also puts in place a PKI to allow other countries to check those passports. This means that, when a citizen presents a passport at the border control, the inspection system checks the identity information both printed on the passport and stored in the passport chip.

As a Functional Analyst and Product Owner within Zetes People ID’s development team, my tasks are related to the analysis of PKI software needs, whether internal or from the customer (e.g. requirement gathering and product presentation), PKI software implementation (e.g. software releases and documentation) and project management (e.g. project coordination during change requests).

References

Related article

Identity proofing (Zetes project)

Learn more