Adding Value to Statistics in the Data Revolution Age

As many statistical offices in accordance with the European Statistical System commitment to Vision 2020, since the second half of 2014 Istat has implemented its internal standardisation and industrialisation process within the framework of a common Business Architecture. Istat modernisation programme aims at building services and infrastructures within a plug-and-play framework to foster innovation, promote reuse and move towards full integration and interoperability of statistical process, consistent with a service-oriented architecture. This is expected to lead to higher effectiveness and productivity by improving the quality of statistical information and reducing the response burden. This paper addresses the strategy adopted by Istat which is focused on exploiting administrative data and new data sources in order to achieve its key goals enhancing value to users. The strategy is based on some priorities that consider services centred on users and stakeholders as well as Linked Open Data, to allow Machine-to-Machine data and metadata integration through definition of common statistical ontologies and semantics

Software Startups -- A Research Agenda

Software startup companies develop innovative, software-intensive products within limited time frames and with few resources, searching for sustainable and scalable business models. Software startups are quite distinct from traditional mature software companies, but also from micro-, small-, and medium-sized enterprises, introducing new challenges relevant for software engineering research. This paper's research agenda focuses on software engineering in startups, identifying, in particular, 70+ research questions in the areas of supporting startup engineering activities, startup evolution models and patterns, ecosystems and innovation hubs, human aspects in software startups, applying startup concepts in non-startup environments, and methodologies and theories for startup research. We connect and motivate this research agenda with past studies in software startup research, while pointing out possible future directions. While all authors of this research agenda have their main background in Software Engineering or Computer Science, their interest in software startups broadens the perspective to the challenges, but also to the opportunities that emerge from multi-disciplinary research. Our audience is therefore primarily software engineering researchers, even though we aim at stimulating collaborations and research that crosses disciplinary boundaries. We believe that with this research agenda we cover a wide spectrum of the software startup industry current needs

Simulation-based impact analysis for sustainable manufacturing design and management

This research focuses on effective decision-making for sustainable manufacturing design and management. The research contributes to the decision-making tools that can enable sustainability analysts to capture the aspects of the economic, environmental and social dimensions into a common framework. The framework will enable the practitioners to conduct a sustainability impact analysis of a real or proposed manufacturing system and use the outcome to support sustainability decision. In the past, the industries had focused more on the economic aspects in gaining and sustaining their competitive positions; this has changed in the recent years following the Brundtland report which centred on incorporating the sustainability of the future generations into our decision for meeting today’s needs (Brundtland, 1987). The government regulations and legislation, coupled with the changes in consumers’ preference for ethical and environmentally friendly products are other factors that are challenging and changing the way companies, and organisations perceive and drive their competitive goals (Gu et al., 2015). Another challenge is the lack of adequate tools to address the dynamism of the manufacturing environment and the need to balance the business’ competitive goal with sustainability requirements. The launch of the Life Cycle Sustainability Analysis (LCSA) framework further emphasised the needs for the integration and analysis of the interdependencies of the three dimensions for effective decision-making and the control of unintended consequences (UNEP, 2011). Various studies have also demonstrated the importance of interdependence impact analysis and integration of the three sustainability dimensions of the product, process and system levels of sustainability (Jayal et al., 2010; Valdivia et al., 2013; Eastwood and Haapala, 2015). Although there are tools capable of assessing the performance of either one or two of the three sustainability dimensions, the tools have not adequately integrated the three dimensions or address the holistic sustainability issues. Hence, this research proposes an approach to provide a solution for successful interdependence impact analysis and trade-off amongst the three sustainability dimensions and enable support for effective decision-making in a manufacturing environment. This novel approach explores and integrates the concepts and principles of the existing sustainability methodologies and frameworks and the simulation modelling construction process into a common descriptive framework for process level assessment. The thesis deploys Delphi study to verify and validate the descriptive framework and demonstrates its applicability in a case study of a real manufacturing system. The results of the research demonstrate the completeness, conciseness, correctness, clarity and applicability of the descriptive framework. Thus, the outcome of this research is a simulation-based impact analysis framework which provides a new way for sustainability practitioners to build an integrated and holistic computer simulation model of a real system, capable of assessing both production and sustainability performance of a dynamic manufacturing system

Uncovering Situations of Cargo Cult Behavior in Agile Software Development Method Use

Misinterpretations and faulty use of Software Development Method (SDM) practices and principles are identified pitfalls in Software Development (SD). Previous research indicates cases with method adoption and use failures; one reason could be the SDM Cargo Cult (CC) behavior, where SD organizations claim to be agile but not doing agile. Previous research has suggested the SDM CC framework as an analytical tool. The aim of this paper is to refine the SDM CC framework and empirically test this version of the framework. We use data from an ethnographical study on three SD teams’ Daily Scrum Meetings (DSM). The empirical material was collected through observations, interviews, and the organization’s business documents. We uncovered twelve CC situations in the SD teams’ use of the DSM practice, structured into seven categories of SDM deviations: bringing irrelevant information, canceling meetings, disturbing the team, receiving unclear information, bringing new requirements, problem-solving, and task distribution

Development of Secure Software : Rationale, Standards and Practices

The society is run by software. Electronic processing of personal and financial data forms the core of nearly all societal and economic activities, and concerns every aspect of life. Software systems are used to store, transfer and process this vital data. The systems are further interfaced by other systems, forming complex networks of data stores and processing entities.This data requires protection from misuse, whether accidental or intentional. Elaborate and extensive security mechanisms are built around the protected information assets. These mechanisms cover every aspect of security, from physical surroundings and people to data classification schemes, access control, identity management, and various forms of encryption. Despite the extensive information security effort, repeated security incidents keep compromising our financial assets, intellectual property, and privacy. In addition to the direct and indirect cost, they erode the trust in the very foundation of information security: availability, integrity, and confidentiality of our data. Lawmakers at various national and international levels have reacted by creating a growing body of regulation to establish a baseline for information security. Increased awareness of information security issues has led to extend this regulation to one of the core issues in secure data processing: security of the software itself. Information security contains many aspects. It is generally classified into organizational security, infrastructure security, and application security. Within application security, the various security engineering processes and techniques utilized at development time form the discipline of software security engineering. The aim of these security activities is to address the software-induced risk toward the organization, reduce the security incidents and thereby lower the lifetime cost of the software. Software security engineering manages the software risk by implementing various security controls right into the software, and by providing security assurance for the existence of these controls by verification and validation. A software development process has typically several objectives, of which security may form only a part. When security is not expressly prioritized, the development organizations have a tendency to direct their resources to the primary requirements. While producing short-term cost and time savings, the increased software risk, induced by a lack of security and assurance engineering, will have to be mitigated by other means. In addition to increasing the lifetime cost of software, unmitigated or even unidentified risk has an increased chance of being exploited and cause other software issues. This dissertation concerns security engineering in agile software development. The aim of the research is to find ways to produce secure software through the introduction of security engineering into the agile software development processes. Security engineering processes are derived from extant literature, industry practices, and several national and international standards. The standardized requirements for software security are traced to their origins in the late 1960s, and the alignment of the software engineering and security engineering objectives followed from their original challenges to the current agile software development methods. The research provides direct solutions to the formation of security objectives in software development, and to the methods used to achieve them. It also identifies and addresses several issues and challenges found in the integration of these activities into the development processes, providing directly applicable and clearly stated solutions for practical security engineering problems. The research found the practices and principles promoted by agile and lean software development methods to be compatible with many security engineering activities. Automated, tool-based processes and the drive for efficiency and improved software quality were found to directly support the security engineering techniques and objectives. Several new ways to integrate software engineering into agile software development processes were identified. Ways to integrate security assurance into the development process were also found, in the form of security documentation, analyses, and reviews. Assurance artifacts can be used to improve software design and enhance quality assurance. In contrast, detached security engineering processes may create security assurance that serves only purposes external to the software processes. The results provide direct benefits to all software stakeholders, from the developers and customers to the end users. Security awareness is the key to more secure software. Awareness creates a demand for security, and the demand gives software developers the concrete objectives and the rationale for the security work. This also creates a demand for new security tools, processes and controls to improve the efficiency and effectiveness of software security engineering. At first, this demand is created by increased security regulation. The main pressure for change will emanate from the people and organizations utilizing the software: security is a mandatory requirement, and software must provide it. This dissertation addresses these new challenges. Software security continues to gain importance, prompting for new solutions and research.Ohjelmistot ovat keskeinen osa yhteiskuntamme perusinfrastruktuuria. Merkittävä osa sosiaalisesta ja taloudellisesta toiminnastamme perustuu tiedon sähköiseen käsittelyyn, varastointiin ja siirtoon. Näitä tehtäviä suorittamaan on kehitetty merkittävä joukko ohjelmistoja, jotka muodostavat mutkikkaita tiedon yhteiskäytön mahdollistavia verkostoja. Tiedon suojaamiseksi sen ympärille on kehitetty lukuisia suojamekanismeja, joiden tarkoituksena on estää tiedon väärinkäyttö, oli se sitten tahatonta tai tahallista. Suojausmekanismit koskevat paitsi ohjelmistoja, myös niiden käyttöympäristöjä ja käyttäjiä sekä itse käsiteltävää tietoa: näitä mekanismeja ovat esimerkiksi tietoluokittelut, tietoon pääsyn rajaaminen, käyttäjäidentiteettien hallinta sekä salaustekniikat. Suojaustoimista huolimatta tietoturvaloukkaukset vaarantavat sekä liiketoiminnan ja yhteiskunnan strategisia tietovarantoj että henkilökohtaisia tietojamme. Taloudellisten menetysten lisäksi hyökkäykset murentavat luottamusta tietoturvan kulmakiviin: tiedon luottamuksellisuuteen, luotettavuuteen ja sen saatavuuteen. Näiden tietoturvan perustusten suojaamiseksi on laadittu kasvava määrä tietoturvaa koskevia säädöksiä, jotka määrittävät tietoturvan perustason. Lisääntyneen tietoturvatietoisuuden ansiosta uusi säännöstö on ulotettu koskemaan myös turvatun tietojenkäsittelyn ydintä,ohjelmistokehitystä. Tietoturva koostuu useista osa-alueista. Näitä ovat organisaatiotason tietoturvakäytännöt, tietojenkäsittelyinfrastruktuurin tietoturva, sekä tämän tutkimuksen kannalta keskeisenä osana ohjelmistojen tietoturva. Tähän osaalueeseen sisältyvät ohjelmistojen kehittämisen aikana käytettävät tietoturvatekniikat ja -prosessit. Tarkoituksena on vähentää ohjelmistojen organisaatioille aiheuttamia riskejä, tai poistaa ne kokonaan. Ohjelmistokehityksen tietoturva pyrkii pienentämään ohjelmistojen elinkaarikustannuksia määrittämällä ja toteuttamalla tietoturvakontrolleja suoraan ohjelmistoon itseensä. Lisäksi kontrollien toimivuus ja tehokkuus osoitetaan erillisten verifiointija validointimenetelmien avulla. Tämä väitöskirjatutkimus keskittyy tietoturvatyöhön osana iteratiivista ja inkrementaalista ns. ketterää (agile) ohjelmistokehitystä. Tutkimuksen tavoitteena on löytää uusia tapoja tuottaa tietoturvallisia ohjelmistoja liittämällä tietoturvatyö kiinteäksi osaksi ohjelmistokehityksen prosesseja. Tietoturvatyön prosessit on johdettu alan tieteellisestä ja teknillisestä kirjallisuudesta, ohjelmistokehitystyön vallitsevista käytännöistä sekä kansallisista ja kansainvälisistä tietoturvastandardeista. Standardoitujen tietoturvavaatimusten kehitystä on seurattu aina niiden alkuajoilta 1960-luvulta lähtien, liittäen ne ohjelmistokehityksen tavoitteiden ja haasteiden kehitykseen: nykyaikaan ja ketterien menetelmien valtakauteen saakka. Tutkimuksessa esitetään konkreettisia ratkaisuja ohjelmistokehityksen tietoturvatyön tavoitteiden asettamiseen ja niiden saavuttamiseen. Tutkimuksessa myös tunnistetaan ongelmia ja haasteita tietoturvatyön ja ohjelmistokehityksen menetelmien yhdistämisessä, joiden ratkaisemiseksi tarjotaan toimintaohjeita ja -vaihtoehtoja. Tutkimuksen perusteella iteratiivisen ja inkrementaalisen ohjelmistokehityksen käytäntöjen ja periaatteiden yhteensovittaminen tietoturvatyön toimintojen kanssa parantaa ohjelmistojen laatua ja tietoturvaa, alentaen täten kustannuksia koko ohjelmiston ylläpitoelinkaaren aikana. Ohjelmistokehitystyön automatisointi, työkaluihin pohjautuvat prosessit ja pyrkimys tehokkuuteen sekä korkeaan laatuun ovat suoraan yhtenevät tietoturvatyön menetelmien ja tavoitteiden kanssa. Tutkimuksessa tunnistettiin useita uusia tapoja yhdistää ohjelmistokehitys ja tietoturvatyö. Lisäksi on löydetty tapoja käyttää dokumentointiin, analyyseihin ja katselmointeihin perustuvaa tietoturvan todentamiseen tuotettavaa materiaalia osana ohjelmistojen suunnittelua ja laadunvarmistusta. Erillisinä nämä prosessit johtavat tilanteeseen, jossa tietoturvamateriaalia hyödynnetään pelkästään ohjelmistokehityksen ulkopuolisiin tarpeisiin. Tutkimustulokset hyödyttävät kaikkia sidosryhmiä ohjelmistojen kehittäjistä niiden tilaajiin ja loppukäyttäjiin. Ohjelmistojen tietoturvatyö perustuu tietoon ja koulutukseen. Tieto puolestaan lisää kysyntää, joka luo tietoturvatyölle konkreettiset tavoitteet ja perustelut jo ohjelmistokehitysvaiheessa. Tietoturvatyön painopiste siirtyy torjunnasta ja vahinkojen korjauksesta kohti vahinkojen rakenteellista ehkäisyä. Kysyntä luo tarpeen myös uusille työkaluille, prosesseille ja tekniikoille, joilla lisätään tietoturvatyön tehokkuutta ja vaikuttavuutta. Tällä hetkellä kysyntää luovat lähinnä lisääntyneet tietoturvaa koskevat säädökset. Pääosa muutostarpeesta syntyy kuitenkin ohjelmistojen tilaajien ja käyttäjien vaatimuksista: ohjelmistojen tietoturvakyvykkyyden taloudellinen merkitys kasvaa. Tietoturvan tärkeys tulee korostumaan entisestään, lisäten tarvetta tietoturvatyölle ja tutkimukselle myös tulevaisuudessa

The social foundations of the bureaucratic order

This article views the bureaucratic form of organization as both an agent and an expression of key modern social innovations that are most clearly manifested in the non-inclusive terms by which individuals are involved in organizations. Modern human involvement in organizations epitomizes and institutionally embeds the crucial yet often overlooked cultural orientation of modernity whereby humans undertake ac-tion along well-specified and delimited paths thanks to their capacity to isolate and suspend other personal or social considerations. The organizational involvement of humans qua role agents rather than qua persons helps unleash formal organizing from being tied to the indolence of the human body and the languish process of per-sonal or psychological reorientation. Thanks to the loosening of these ties, the bu-reaucratic organization is rendered capable to address the shifting contingencies un-derlying modern life by reshuffling and re-assembling the roles and role patterns by which it is made. The historically unique adaptive capacity of bureaucracy remains though hidden behind the ubiquitous presence of routines and standard operating procedures –requirements for the standardization of roles– that are mistakenly ex-changed for the essence of the bureaucratic form

Training Competences in Industrial Risk Prevention with Lego® Serious Play®: A Case Study

This paper proposes the use of the Lego® Serious Play® (LSP) methodology as a facilitating tool for the introduction of competences for Industrial Risk Prevention by engineering students from the industrial branch (electrical, electronic, mechanical and technological engineering), presenting the results obtained in the Universities of Cadiz and Seville in the academic years 2017–2019. Current Spanish legislation does not reserve any special legal attribution, nor does it require specific competence in occupational risk prevention for the regulated profession of a technical industrial engineer (Order CIN 351:2009), and only does so in a generic way for that of an industrial engineer (Order CIN 311:2009). However, these universities consider the training in occupational health and safety for these future graduates as an essential objective in order to develop them for their careers in the industry. The approach is based on a series of challenges proposed (risk assessments, safety inspections, accident investigations and fire protection measures, among others), thanks to the use of “gamification” dynamics with Lego® Serious Play®. In order to carry the training out, a set of specific variables (industrial sector, legal and regulatory framework, business organization and production system), and transversal ones (leadership, teamwork, critical thinking and communication), are incorporated. Through group models, it is possible to identify dangerous situations, establish causes, share and discuss alternative proposals and analyze the economic, environmental and organizational impact of the technical solutions studied, as well as take the appropriate decisions, in a creative, stimulating, inclusive and innovative context. In this way, the theoretical knowledge which is acquired is applied to improve safety and health at work and foster the prevention of occupational risks, promoting the commitment, effort, motivation and proactive participation of the student teams.Spanish Ministry of Science, Innovation and Universities / European Social Fund: Ramón y Cajal contract (RYC-2017-22222

Team Learning, Team Performance, Entrepreneurial Intention, and Self-Regulated Learning in Entrepreneurship Education of UNUSA Students

In this paper the authors investigate the effect of Self-regulated Learning (SRL), team learning, and entrepreneurial intention on various assessment types in the context of an entrepreneurship class. The investigation was utilized with quantitative methods, and saturated technique was performed by collecting several samples from 135 students at Universitas Nahdlatul Ulama (UNUSA). The analysis is conducted with Partial Least Square, resulting in Positive relation of entrepreneurial intention and team learning strengthened by self-regulated learning (SRL). Whereas team learning and team performance is positively related to entrepreneurship intention. And psychological security strengthens the relationship between team learning and team performance