About Us Our Work Employment News & Events
MITRE Remote Access for MITRE Staff and Partners Site Map

Envision

Home > News & Events > MITRE Publications > The Edge >

MITRE Research Addresses Enterprise Modernization Challenges

Anne Cady

   MITRE scientists and engineers pursue numerous research projects on a wide range of technical areas each year to create knowledge and push it throughout the company and into the public arena. These projects are aligned with the needs of our sponsors. Many of the research projects in MITRE's technology program address technical challenges associated with enterprise modernization. Examples of such projects include those pertaining to large-scale data integration, data mining, text mining, knowledge management, decision support, the semantic Web, executable architectures, and many aspects of information security.

Since enterprise modernization per se in government agencies incurs challenges that are not being addressed by commercial companies or product vendors, MITRE has also initiated some internally funded research projects to help our sponsors find the best approaches and technologies to meet these challenges. Following are summaries of three of these research projects.

Security in Enterprise Engineering

It is ironic that when it comes to acquiring and building information systems that are the lifeblood of many modern enterprises, decision-makers often give little thought to how such systems will be protected from the potentially hostile environments in which they operate. A traditional emphasis on power and capacity, combined with a lack of understanding of security and reliability, has left much of the computing infrastructure of the world as vulnerable as a delicate machine left to sit outside, uncovered, in stormy weather.

MITRE's Center for Enter-prise Modernization (CEM) established a research project called Security for Enterprise Engineering (SEE) to address this situation by providing a framework that enterprise planners, decision-makers, architects, and designers can use to make safety and security an integral part of the information architecting and implementation process.

The difficulty of providing adequate information security increases as systems or enterprises grow larger and more distributed because such systems present far more opportunities for both inadvertent and malicious damage to information resources. This problem is compounded by the fact that most security mechanisms and capabilities are developed within relatively narrow, well-defined contexts. Unfortunately, many serious information security omissions and errors don't occur at the local level but are actually "built in" (inadvertently) during the planning and development of an entire enterprise.

Given this situation, the overall objective of SEE is to encourage decision-makers to develop a better understanding of proven methods for implementing enterprise-level information security. As a starting point for entering into the enterprise planning and architecting world, our SEE team chose the well-known framework created by Zachman as an analytical tool for ensuring that important issues in the planning and development of enterprise information systems are not overlooked. For each level of enterprise planning represented in the Zachman, the SEE team identifies security concerns, appropriate protection mechanisms, and best practices that should be considered. The team chose to use security "patterns" (which are analogous to design patterns) as the mechanism to package security best practices at different levels of architecting and development.

Based on interactions with both the security and system design communities, pattern-based solutions linked to an architecture framework look like a promising way to help make computer systems more secure in an increasingly hostile global information environment.

Virtual Enterprises

It became clear after 9/11 that numerous government agencies need to work together more closely to provide services to U.S. citizens in a coordinated, multi-agency mode. Such programs include homeland security, joint military missions, international trade, counter-narcotics, transportation security, emergency health and safety services, and e-government. Some of these missions, for example border control, require access to routine government records, accounts, transactions, and information services, potentially encompassing enormous volumes of data.

A group of organizations participating in a multi-agency mission work as a virtual enterprise, but each of the organizations also has its own separate mission and information architecture. Because of differences in scope, content, and stages of development or evolution of these architectures, we often find existing information gaps, redundancies, inconsistencies, and constraints on interoperability when these agencies need to function together to accomplish complex missions.

Recent General Accounting Office (GAO) reports highlight the critical role of an enterprise architecture in planning and justifying new enterprise modernization investments at government agencies. These architectures should be updated in a way that ensures consistency and integration across the full scope of the organization's business areas. At this point, individual agencies are still working on their own architectures to achieve their own applications.

The requirements are even more important and challenging when it comes to operating in the complex government-wide, multiagency enterprise environment.

CEM has initiated an internal research project to investigate the dynamic and complex nature of such virtual enterprises—including their planning, strategy, management, and technical elements. In particular, this project will address the technical challenges of interoperability, information sharing, and performance measurement, as well as the governance challenges of multi-agency activities, including planning, budgeting, resource allocation, and operational performance. Our goal is to develop a Multi-agency Planning Toolkit that incorporates features from commercial process modeling environments, as well as static information architecture products conforming to defined architecture frameworks.

Figure 1

MITRE research in areas such as how to build more security into information systems and how to create architectures that will allow better interoperability among government agencies will help sponsors solve problems in implementing effective enterprise modernization programs.

Enterprise Portfolio Management

What is enterprise portfolio management? This can best be answered by considering three epochs in the evolution of investment management procedures in both public and private-sector organizations. In the decades before 1990, organizations developed and implemented project-level investment selection and control methods and procedures. These procedures helped decision-makers select the individual projects and initiatives that were most closely linked with the strategic direction of the organization. Once selected, project management and control procedures were put in place to ensure that a funded project achieved its intended objectives within cost, schedule, technical, and performance baselines.

In the second epoch, which evolved in the 1990s, organizations recognized the need for a portfolio management approach to investment decision-making. Here, the focus was at a more aggregate level (rather than at the individual project level). A cornerstone of the portfolio management approach is the select-control-evaluate paradigm put forward by the GAO in 1997. This framework helps decision-makers achieve organizational goals and objectives by identifying, selecting, financing, and monitoring the most appropriate mix of projects and initiatives.

The third epoch—enterprise portfolio management—is now in the evolutionary stage. An enterprise involves an amalgamation of interdependent resources (people, processes, facilities, and technologies) organized to obtain a strategic advantage in support of mission or business objectives. Thus, by its very nature, enterprise investment management is larger in scope and more complex than either project management or portfolio management. This is because, at the enterprise level, decision-makers must not only consider the investment options under their control but also take into account how the alternatives they have analyzed affect, and are affected by, other components of the enterprise.

MITRE is conducting an internal research project to address enterprise portfolio management and how it relates to the overall enterprise life cycle and the enterprise architecture of an organization. The emphasis is on developing and integrating analytically based methods, tools, and procedures. While much of the focus in the public sector has been on IT investments, the enterprise-level portfolio management process has applicability to other types of investment as well, such as human capital and non-IT assets.

 

For more information, please contact Anne Cady using the employee directory.

Page last updated: November 12, 2003   |   Top of page

Homeland Security Center Center for Enterprise Modernization Command, Control, Communications and Intelligence Center Center for Advanced Aviation System Development

 
 
 

Solutions That Make a Difference.®
Copyright © 1997-2013, The MITRE Corporation. All rights reserved.
MITRE is a registered trademark of The MITRE Corporation.
Material on this site may be copied and distributed with permission only.
IDG's Computerworld Names MITRE a "Best Place to Work in IT" for Eighth Straight Year The Boston Globe Ranks MITRE Number 6 Top Place to Work Fast Company Names MITRE One of the "World's 50 Most Innovative Companies"
 

Privacy Policy | Contact Us