1 / 17

Theo Tryfonas Centre in Systems, Faculty of Engineering

Theo Tryfonas Centre in Systems, Faculty of Engineering. Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and Protection of Information 2009 - Brno, Czech Republic. Outline. Competitor Intelligence (CI) and tools

Download Presentation

Theo Tryfonas Centre in Systems, Faculty of Engineering

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Theo TryfonasCentre in Systems, Faculty of Engineering Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and Protection of Information 2009 - Brno, Czech Republic

  2. Outline • Competitor Intelligence (CI) and tools • Software development process and informational requirements • An integration framework • Relationship to infosec and challenges

  3. The importance of Intelligence “If you know the enemy and know yourself, you need not fear the result of 100 battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle” General Sun-Tzu, c. 544-496 BC (?)

  4. Recent industrial espionage cases

  5. Competitor Intelligence and competitive advantage • Many forms of intelligence • National Intelligence, Military Intelligence, Criminal Intelligence, Corporate Intelligence, Business Intelligence, Competitive Intelligence etc. • CI: A systematic and ethical program for gathering, analyzing, and managing information that can affect a company's plans, decisions, and operations.

  6. The CI process • The process of monitoring the competitive environment. • 80% of large multinationals have an organized system for collecting intelligence • 60% of US companies (of that review sample) • It includes competitive, technical, people, and market intelligence.

  7. The CI process Integrative CI model showing intelligence information processing stages (Bouthilier & Shearer, 2003)

  8. CI tools and applications... • Generic (e.g. databases) and specific (e.g. price monitoring agents) • Mind mapping, system dynamics, textual analysis, … • Knowledge management/information engineering focused • Requirements elicitation, Data mining, Artificial intelligence, OLAP, Visualisation, Collaboration portals etc. • The Internet! (table 1 in the paper: tool/function/description)

  9. ... facilitating • Porter’s five forces analysis (consumer, vendor, competitor, new entrants, substitutes) • SWOT analysis (strength-weakness-opportunity-threat) • Competitor profiling • Benchmarking (measuring against competition) • Customer-led/requirements-driven design • Etc. etc.

  10. The software market: Monopolies and ‘The cathedral and the bazaar’ • The software industry faces extreme pressures to provide new applications that add value in today's competitive environment. (authors’ JCIM paper) • ‘Siloed’ market with near-monopolies for core technologies • E.g. OS (Microsoft), database (Oracle) • Intellectual property protection drive, s/w licencing and (personal view) misunderstanding of the digital product in pricing strategy – OSS/FS vs. commercial

  11. Software processes and development lifecycles • Developing a product in isolation is impossible – especially software • User needs, technology platforms, development tools, laws and regulations, available products and their shortcomings etc. etc. • Information gathering is critical throughout the development lifecycle • Both technical and organisational/market driven • To appreciate cost and risk and anticipated revenue

  12. SDLC The informational requirements are similar regardless of the nature of the process (linear, iterative, ...) Fig. from http://en.wikipedia.org/wiki/Software_development_process Fig from http://en.wikipedia.org/wiki/Iterative_development

  13. Indicative informational requirements in the SDLC – intelligence input • Requirements analysis • User needs and preferences, threats and threat agents, existing products, emerging markets, ... • Design • Input from previous stage • Competitive products designs, ... • Coding • Input from previous stage • Target platform APIs, threats and threat agent tools, target platform or build technology known vulnerabilities and exploits, ... • Testing • Input from previous stage • User needs and preferences, ... • Etc. etc.

  14. Integration of CI into SDLC

  15. Integration of CI into SDLC (cont’d)

  16. CI/Infosec interface: Knowing others, protecting yourself • Information security practices can assure the ethical gathering and processing of information (e.g. via compliance with Data Protection Acts) • as well as protection from unethical gathering (industrial espionage of third parties, risk of internal threat etc.)

  17. Conclusions • Understanding the market, user needs and how to price the resulting product has a profound impact on software – and its security • Piracy and IP protection, put-to-market pressure etc. • Competitor intelligence is usually viewed as a task of marketers – it isn’t • Many technical aspects, threat environment and hi-tech espionage, need for professional integrity assurance • Software processes are now (after many years of preaching) being modified to meet infosec requirements – perhaps they could also formalise the intelligence input to the development/security processes • to capitalise on the maturity of the CI discipline and on the interface of security with real-life business

More Related