theo tryfonas centre in systems, faculty of engineering
DESCRIPTION
Theo Tryfonas Centre in Systems, Faculty of Engineering. Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and Protection of Information 2009 - Brno, Czech Republic. Outline. Competitor Intelligence (CI) and tools - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/1.jpg)
Theo Tryfonas
Centre in Systems, Faculty of Engineering
Embedding Competitor Intelligence Capability in the Software Development Lifecycle Security and Protection of Information 2009 - Brno, Czech Republic
![Page 2: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/2.jpg)
2 Outline
• Competitor Intelligence (CI) and tools
• Software development process and informational
requirements
• An integration framework
• Relationship to infosec and challenges
![Page 3: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/3.jpg)
3 The importance of Intelligence
“If you know the enemy and know yourself, you
need not fear the result of 100 battles. If you know
yourself but not the enemy, for every victory gained
you will also suffer a defeat. If you know neither the
enemy nor yourself, you will succumb in every
battle”
General Sun-Tzu, c. 544-496 BC (?)
![Page 4: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/4.jpg)
Recent industrial espionage cases4
![Page 5: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/5.jpg)
5 Competitor Intelligence and competitive advantage
• Many forms of intelligence– National Intelligence, Military Intelligence, Criminal
Intelligence, Corporate Intelligence, Business Intelligence, Competitive Intelligence etc.
• CI: A systematic and ethical program for gathering,
analyzing, and managing information that can
affect a company's plans, decisions, and
operations.
![Page 6: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/6.jpg)
6 The CI process
• The process of monitoring the competitive
environment.– 80% of large multinationals have an organized system for
collecting intelligence– 60% of US companies (of that review sample)
• It includes competitive, technical, people, and
market intelligence.
![Page 7: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/7.jpg)
7 The CI process
Integrative CI model showing intelligence
information processing stages (Bouthilier &
Shearer, 2003)
![Page 8: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/8.jpg)
8 CI tools and applications...
• Generic (e.g. databases) and specific (e.g. price
monitoring agents)– Mind mapping, system dynamics, textual analysis, …
• Knowledge management/information engineering
focused– Requirements elicitation, Data mining, Artificial intelligence,
OLAP, Visualisation, Collaboration portals etc.
• The Internet!
(table 1 in the paper: tool/function/description)
![Page 9: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/9.jpg)
9 ... facilitating
• Porter’s five forces analysis (consumer, vendor,
competitor, new entrants, substitutes)
• SWOT analysis (strength-weakness-opportunity-
threat)
• Competitor profiling
• Benchmarking (measuring against competition)
• Customer-led/requirements-driven design
• Etc. etc.
![Page 10: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/10.jpg)
10 The software market: Monopolies and ‘The cathedral and the bazaar’
• The software industry faces extreme pressures to
provide new applications that add value in today's
competitive environment. (authors’ JCIM paper)
• ‘Siloed’ market with near-monopolies for core
technologies– E.g. OS (Microsoft), database (Oracle)
• Intellectual property protection drive, s/w licencing and
(personal view) misunderstanding of the digital product
in pricing strategy – OSS/FS vs. commercial
![Page 11: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/11.jpg)
11 Software processes and development lifecycles
• Developing a product in isolation is impossible –
especially software– User needs, technology platforms, development tools,
laws and regulations, available products and their shortcomings etc. etc.
• Information gathering is critical throughout the
development lifecycle– Both technical and organisational/market driven– To appreciate cost and risk and anticipated revenue
![Page 12: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/12.jpg)
12 SDLC
The informational requirements
are similar regardless of the
nature of the process (linear,
iterative, ...)
Fig from
http://en.wikipedia.org/wiki/Iterative_development
Fig. from
http://en.wikipedia.org/wiki/Software_development_process
![Page 13: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/13.jpg)
13 Indicative informational requirements in the SDLC – intelligence input
• Requirements analysis– User needs and preferences, threats and threat agents, existing products, emerging
markets, ...
• Design– Input from previous stage– Competitive products designs, ...
• Coding– Input from previous stage– Target platform APIs, threats and threat agent tools, target platform or build technology
known vulnerabilities and exploits, ...
• Testing– Input from previous stage– User needs and preferences, ...
• Etc. etc.
![Page 14: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/14.jpg)
Integration of CI into SDLC14
![Page 15: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/15.jpg)
Integration of CI into SDLC (cont’d)15
![Page 16: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/16.jpg)
16 CI/Infosec interface: Knowing others, protecting yourself
• Information security practices can assure the
ethical gathering and processing of information
(e.g. via compliance with Data Protection Acts)
• as well as protection from unethical gathering
(industrial espionage of third parties, risk of internal
threat etc.)
![Page 17: Theo Tryfonas Centre in Systems, Faculty of Engineering](https://reader030.vdocuments.net/reader030/viewer/2022032709/568131b2550346895d981eb6/html5/thumbnails/17.jpg)
17 Conclusions
• Understanding the market, user needs and how to price the resulting
product has a profound impact on software – and its security– Piracy and IP protection, put-to-market pressure etc.
• Competitor intelligence is usually viewed as a task of marketers – it isn’t– Many technical aspects, threat environment and hi-tech espionage, need for
professional integrity assurance
• Software processes are now (after many years of preaching) being
modified to meet infosec requirements – perhaps they could also
formalise the intelligence input to the development/security processes– to capitalise on the maturity of the CI discipline and on the interface of security
with real-life business