Organizational Cultural Competence Assessment of Health-Related Academic Units

The US is increasingly becoming more diverse; however, racial and ethnic minorities are more likely to experience health disparities and poor health outcomes. To better respond to the needs of diverse populations, cultural competence training for future health professionals is needed. Important to the cultural competence of individuals is organizational cultural competence. Models and recommendations have been developed to apply cultural competence education and training formally in government agencies, health care organizations, and academia. An example of such a model in academia is the Dotson Organizational Cultural Competence Model for Health-Related Academic Units, which consists of 4 domains (organizational accountability, stakeholder diversity, access, and communication) with 63 criteria statements. Missing is assessment of organizational cultural competence in academia and the extent to which it is applied in these units. The purpose of this thesis research was to assess the organizational cultural competence performance of post-secondary health-related academic units using the theoretical framework of a capability maturity model. Using a web-based survey, administrators from health-related academic units reported the extent to which organizational cultural competence criteria statements were applied in their units using a Likert-like scale (1 = Strongly agree, 6 = Strongly disagree). The overall cultural competence of units was described using means and standard deviations of total score from criteria statements and domain scores. Univariate analysis of variance (ANOVA) revealed no differences by academic homes in applying cultural competence. However, MANOVA revealed significant differences within domains by categorized academic home for overall cultural competence (p = 0.013). MANOVA of overall cultural competence and overall cultural competence experience was significant (p = 0.005). MANOVA revealed significance within domain scores by organizational cultural competence experience (p = 0.028). From Bonferroni post-hoc analysis significance was found within the organizational accountability (p = 0.003) and communication domains (p = 0.004). Units that engage in diversity planning, curriculum and student evaluations for cultural competence have higher levels of cultural competence. Cultural competence models suggest that cultural competency is an evolving process. Future research should evaluate units from more stakeholder perspectives and link the cultural competence continuum with the capability maturity model

Model of Critical Factors for Outsourcing Agile Development

Companies are beginning to combine outsourcing with Agile software engineering techniques with the goal of receiving the benefits of both – faster time to market, greater quality, and smaller costs. Since Agile was originally developed to work principally with small collocated teams, scalability of Agile to the enterprise, and simultaneous use of Agile and outsourcing are questions concerning applicability of Agile techniques to global business environments. This paper first summarizes current experience studies and research in Agile, enterprise Agile and Agile outsourcing, to identify factors likely to affect success on Agile projects. It then extends a model originally developed by Chow and Cao (2007) to account for these factors. Finally it outlines an experiment whose goal is to determine which of these factors drives successful projects that use both Agile and outsourcing

A Framework for Understanding, Prioritizing, and Applying Systems Security Engineering Processes, Activities, and Tasks

Current systems security practices lack an effective approach to prioritize and tailor systems security efforts to develop and field secure systems in challenging operational environments, which results in business and mission stakeholders becoming more susceptible to an array of disruptive events. This work informs Systems Engineers on recent developments in the field of system security engineering and provides a framework for more fully understanding the application of Systems Security Engineering (SSE) processes, activities, and tasks as described in the recently released National Institute of Standards and Technology (NIST) Special Publication 800-160. This SSE framework uniquely offers a repeatable and tailorable methodology that allows system developers to focus on high Return-on-Investment (RoI) SSE processes, activities, and tasks to more efficiently meet stakeholder protection needs and deliver trustworthy secure systems

Expanding software process improvement models beyond the software process itself

Bibliography: pages 182-188.The problems besetting software development and maintenance are well recorded and numerous strategies have been adopted over the years to overcome the so-called "software crisis". One increasingly popular strategy focuses on managing the processes by which software is built, maintained and managed. As such, many software organisations see software process improvement initiatives as an important strategy to help them improve their software development and maintenance performance. Two of the more popular software process improvement (SPI) models used by the software industry to help them in this endeavour are the Capability Maturity Model for Software (SW-CMM) from the Software Engineering Institute and the Software Process Improvement and Capability determination (SPICE) model from the International Standards Organisation. This research begins with the supposition that, although these SPI models have added significant value to many organisations, they have a potential shortcoming in that they tend to focus almost exclusively on the software process itself and seem to neglect other organisational aspects that could contribute to improved software development and maintenance performance. This research is concerned with exploring this potential shortcoming and identifying complementary improvement areas that the SW -CMM and SPICE models fail to address adequately. A theoretical framework for extending the SW-CMM and SPICE models is proposed. Thereafter complementary improvement areas are identified and integrated with the SW-CMM and SPICE models to develop an Extended SPI Model. This Extended SPI Model adopts a systemic view of software process and IS organisational improvement by addressing a wide range of complementary improvement considerations. A case study of an SPI project is described, with the specific objective of testing and refining the Extended SPI Model. The results seem to indicate that the framework and Extended SPI Model are largely valid, although a few changes were made in light of the findings of the case study. Finally, the implications of the research for both theory and practice are discussed

Software Quality Skills in CMM-Based Development Environments

This paper examines the complex software development environment in which IS professionals commonly function today. Skills and competencies appropriate to this environment are increasingly related to managing change and adopting change agent roles. These skills and competencies are discussed in relation to complex and changing environments. Asurvey of IS professionals evaluates their perceptions of the importance of these competencies and their own capability in these areas. Observations and conclusions in this paper are primarily drawn from research on organizations that have initiated software process improvement initiatives (McGuire 1996a; 1996b; 1997)

Culture dimensions in software development industry: The effects of mentoring

Software development is a human centric and sociotechnical activity and like all human activities is influenced by cultural factors. However, software engineering is being further affected because of the globalization in software development. As a result, cultural diversity is influencing software development and its outcomes. The software engineering industry, a very intensive industry regarding human capital, is facing a new era in which software development personnel must adapt to multicultural work environments. Today, many organizations present a multicultural workforce which needs to be managed. This paper analyzes the influence of culture on mentoring relationships within the software engineering industry. Two interesting findings can be concluded from our study: (1) cultural differences affect both formal and informal mentoring, and (2) technical competences are not improved when implementing mentoring relationships

Development of Secure Software : Rationale, Standards and Practices

The society is run by software. Electronic processing of personal and financial data forms the core of nearly all societal and economic activities, and concerns every aspect of life. Software systems are used to store, transfer and process this vital data. The systems are further interfaced by other systems, forming complex networks of data stores and processing entities.This data requires protection from misuse, whether accidental or intentional. Elaborate and extensive security mechanisms are built around the protected information assets. These mechanisms cover every aspect of security, from physical surroundings and people to data classification schemes, access control, identity management, and various forms of encryption. Despite the extensive information security effort, repeated security incidents keep compromising our financial assets, intellectual property, and privacy. In addition to the direct and indirect cost, they erode the trust in the very foundation of information security: availability, integrity, and confidentiality of our data. Lawmakers at various national and international levels have reacted by creating a growing body of regulation to establish a baseline for information security. Increased awareness of information security issues has led to extend this regulation to one of the core issues in secure data processing: security of the software itself. Information security contains many aspects. It is generally classified into organizational security, infrastructure security, and application security. Within application security, the various security engineering processes and techniques utilized at development time form the discipline of software security engineering. The aim of these security activities is to address the software-induced risk toward the organization, reduce the security incidents and thereby lower the lifetime cost of the software. Software security engineering manages the software risk by implementing various security controls right into the software, and by providing security assurance for the existence of these controls by verification and validation. A software development process has typically several objectives, of which security may form only a part. When security is not expressly prioritized, the development organizations have a tendency to direct their resources to the primary requirements. While producing short-term cost and time savings, the increased software risk, induced by a lack of security and assurance engineering, will have to be mitigated by other means. In addition to increasing the lifetime cost of software, unmitigated or even unidentified risk has an increased chance of being exploited and cause other software issues. This dissertation concerns security engineering in agile software development. The aim of the research is to find ways to produce secure software through the introduction of security engineering into the agile software development processes. Security engineering processes are derived from extant literature, industry practices, and several national and international standards. The standardized requirements for software security are traced to their origins in the late 1960s, and the alignment of the software engineering and security engineering objectives followed from their original challenges to the current agile software development methods. The research provides direct solutions to the formation of security objectives in software development, and to the methods used to achieve them. It also identifies and addresses several issues and challenges found in the integration of these activities into the development processes, providing directly applicable and clearly stated solutions for practical security engineering problems. The research found the practices and principles promoted by agile and lean software development methods to be compatible with many security engineering activities. Automated, tool-based processes and the drive for efficiency and improved software quality were found to directly support the security engineering techniques and objectives. Several new ways to integrate software engineering into agile software development processes were identified. Ways to integrate security assurance into the development process were also found, in the form of security documentation, analyses, and reviews. Assurance artifacts can be used to improve software design and enhance quality assurance. In contrast, detached security engineering processes may create security assurance that serves only purposes external to the software processes. The results provide direct benefits to all software stakeholders, from the developers and customers to the end users. Security awareness is the key to more secure software. Awareness creates a demand for security, and the demand gives software developers the concrete objectives and the rationale for the security work. This also creates a demand for new security tools, processes and controls to improve the efficiency and effectiveness of software security engineering. At first, this demand is created by increased security regulation. The main pressure for change will emanate from the people and organizations utilizing the software: security is a mandatory requirement, and software must provide it. This dissertation addresses these new challenges. Software security continues to gain importance, prompting for new solutions and research.Ohjelmistot ovat keskeinen osa yhteiskuntamme perusinfrastruktuuria. Merkittävä osa sosiaalisesta ja taloudellisesta toiminnastamme perustuu tiedon sähköiseen käsittelyyn, varastointiin ja siirtoon. Näitä tehtäviä suorittamaan on kehitetty merkittävä joukko ohjelmistoja, jotka muodostavat mutkikkaita tiedon yhteiskäytön mahdollistavia verkostoja. Tiedon suojaamiseksi sen ympärille on kehitetty lukuisia suojamekanismeja, joiden tarkoituksena on estää tiedon väärinkäyttö, oli se sitten tahatonta tai tahallista. Suojausmekanismit koskevat paitsi ohjelmistoja, myös niiden käyttöympäristöjä ja käyttäjiä sekä itse käsiteltävää tietoa: näitä mekanismeja ovat esimerkiksi tietoluokittelut, tietoon pääsyn rajaaminen, käyttäjäidentiteettien hallinta sekä salaustekniikat. Suojaustoimista huolimatta tietoturvaloukkaukset vaarantavat sekä liiketoiminnan ja yhteiskunnan strategisia tietovarantoj että henkilökohtaisia tietojamme. Taloudellisten menetysten lisäksi hyökkäykset murentavat luottamusta tietoturvan kulmakiviin: tiedon luottamuksellisuuteen, luotettavuuteen ja sen saatavuuteen. Näiden tietoturvan perustusten suojaamiseksi on laadittu kasvava määrä tietoturvaa koskevia säädöksiä, jotka määrittävät tietoturvan perustason. Lisääntyneen tietoturvatietoisuuden ansiosta uusi säännöstö on ulotettu koskemaan myös turvatun tietojenkäsittelyn ydintä,ohjelmistokehitystä. Tietoturva koostuu useista osa-alueista. Näitä ovat organisaatiotason tietoturvakäytännöt, tietojenkäsittelyinfrastruktuurin tietoturva, sekä tämän tutkimuksen kannalta keskeisenä osana ohjelmistojen tietoturva. Tähän osaalueeseen sisältyvät ohjelmistojen kehittämisen aikana käytettävät tietoturvatekniikat ja -prosessit. Tarkoituksena on vähentää ohjelmistojen organisaatioille aiheuttamia riskejä, tai poistaa ne kokonaan. Ohjelmistokehityksen tietoturva pyrkii pienentämään ohjelmistojen elinkaarikustannuksia määrittämällä ja toteuttamalla tietoturvakontrolleja suoraan ohjelmistoon itseensä. Lisäksi kontrollien toimivuus ja tehokkuus osoitetaan erillisten verifiointija validointimenetelmien avulla. Tämä väitöskirjatutkimus keskittyy tietoturvatyöhön osana iteratiivista ja inkrementaalista ns. ketterää (agile) ohjelmistokehitystä. Tutkimuksen tavoitteena on löytää uusia tapoja tuottaa tietoturvallisia ohjelmistoja liittämällä tietoturvatyö kiinteäksi osaksi ohjelmistokehityksen prosesseja. Tietoturvatyön prosessit on johdettu alan tieteellisestä ja teknillisestä kirjallisuudesta, ohjelmistokehitystyön vallitsevista käytännöistä sekä kansallisista ja kansainvälisistä tietoturvastandardeista. Standardoitujen tietoturvavaatimusten kehitystä on seurattu aina niiden alkuajoilta 1960-luvulta lähtien, liittäen ne ohjelmistokehityksen tavoitteiden ja haasteiden kehitykseen: nykyaikaan ja ketterien menetelmien valtakauteen saakka. Tutkimuksessa esitetään konkreettisia ratkaisuja ohjelmistokehityksen tietoturvatyön tavoitteiden asettamiseen ja niiden saavuttamiseen. Tutkimuksessa myös tunnistetaan ongelmia ja haasteita tietoturvatyön ja ohjelmistokehityksen menetelmien yhdistämisessä, joiden ratkaisemiseksi tarjotaan toimintaohjeita ja -vaihtoehtoja. Tutkimuksen perusteella iteratiivisen ja inkrementaalisen ohjelmistokehityksen käytäntöjen ja periaatteiden yhteensovittaminen tietoturvatyön toimintojen kanssa parantaa ohjelmistojen laatua ja tietoturvaa, alentaen täten kustannuksia koko ohjelmiston ylläpitoelinkaaren aikana. Ohjelmistokehitystyön automatisointi, työkaluihin pohjautuvat prosessit ja pyrkimys tehokkuuteen sekä korkeaan laatuun ovat suoraan yhtenevät tietoturvatyön menetelmien ja tavoitteiden kanssa. Tutkimuksessa tunnistettiin useita uusia tapoja yhdistää ohjelmistokehitys ja tietoturvatyö. Lisäksi on löydetty tapoja käyttää dokumentointiin, analyyseihin ja katselmointeihin perustuvaa tietoturvan todentamiseen tuotettavaa materiaalia osana ohjelmistojen suunnittelua ja laadunvarmistusta. Erillisinä nämä prosessit johtavat tilanteeseen, jossa tietoturvamateriaalia hyödynnetään pelkästään ohjelmistokehityksen ulkopuolisiin tarpeisiin. Tutkimustulokset hyödyttävät kaikkia sidosryhmiä ohjelmistojen kehittäjistä niiden tilaajiin ja loppukäyttäjiin. Ohjelmistojen tietoturvatyö perustuu tietoon ja koulutukseen. Tieto puolestaan lisää kysyntää, joka luo tietoturvatyölle konkreettiset tavoitteet ja perustelut jo ohjelmistokehitysvaiheessa. Tietoturvatyön painopiste siirtyy torjunnasta ja vahinkojen korjauksesta kohti vahinkojen rakenteellista ehkäisyä. Kysyntä luo tarpeen myös uusille työkaluille, prosesseille ja tekniikoille, joilla lisätään tietoturvatyön tehokkuutta ja vaikuttavuutta. Tällä hetkellä kysyntää luovat lähinnä lisääntyneet tietoturvaa koskevat säädökset. Pääosa muutostarpeesta syntyy kuitenkin ohjelmistojen tilaajien ja käyttäjien vaatimuksista: ohjelmistojen tietoturvakyvykkyyden taloudellinen merkitys kasvaa. Tietoturvan tärkeys tulee korostumaan entisestään, lisäten tarvetta tietoturvatyölle ja tutkimukselle myös tulevaisuudessa

Evolution of a Project Based Organization, a Case study

Little research has been conducted on how project-based organizations navigate internal and external pressures to develop and improve project competences over time. Using a cases study approach, this paper examines the development and implementation of project based organization over a period of 30 years. Overall, the evolution of project management competencies in the organization broadly followed the prevailing approaches in improving organizational management practices uncovered in review of literature. The organization’s capability to adopt and implement project management frameworks improved over time as senior managers became more masterful at matching improvement actions into the organizational context. This research also presents how a systematic approach of project management maturity models for identifying and implementing project management practices and processes can increase the effectiveness and comprehensiveness of overall management practices. The study concludes with a series of recommendations in further improving project management practices and processes in project-based organizations