Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Designing a consulting services architecture model

textDuring my years of experience in the technology industry, it has become obvious that standard processes and methodologies within the engineering discipline are at a mature state. The realization though is that software engineering specifically lags behind. Most software engineering methodologies that I have studied focus on the mission of software development. It is this realization and the need for structure that led me to review existing methodologies used within my company's software services organization. The definition of what a successful software services methodology entails is rather limited. This report will provide a history of existing software engineering methodologies that I have studied, describe an initial services method that was being developed within my organization, develop a new model that addresses previous shortcomings and identify additional components required to further define a strong software services-oriented delivery methodology.Electrical and Computer Engineerin

A DISCUSSION ON ASSURING SOFTWARE QUALITY IN SMALL AND MEDIUM SOFTWARE ENTERPRISES: AN EMPIRICAL INVESTIGATION

Under the studies of general core activities including software inspection, review and testing to achieve quality objectives in small-medium size enterprises (SMEs), the paper presents a contemporary view of such companies against quality measures. The results from a local empirical investigation of quality standards in the Turkish software industry are reported.Around 150 software companies have been approached from which 17 detailed feedback inform that in order to ensure software quality, standards including internationally recognized International Standards Organization (ISO) and Capability Maturity Model Integration (CMMI) are given credit. However the substantial workload and resources required to obtain them are also reported as serious; downscaled frameworks of such large models proposed in the literature are not well known by the SMEs either. The paper also discusses "work around" that bypasses such standards to ease delivery of products while keeping certificates as labels just to acquire new jobs for the business

A framework and tool to manage Cloud Computing service quality

Cloud Computing has generated considerable interest in both companies specialized in Information and Communication Technology and business context in general. The Sourcing Capability Maturity Model for service (e-SCM) is a capability model for offshore outsourcing services between clients and providers that offers appropriate strategies to enhance Cloud Computing implementation. It intends to achieve the required quality of service and develop an effective working relationship between clients and providers. Moreover, quality evaluation framework is a framework to control the quality of any product and/or process. It offers a tool support that can generate software artifacts to manage any type of product and service efficiently and effectively. Thus, the aim of this paper was to make this framework and tool support available to manage Cloud Computing service quality between clients and providers by means of e-SCM.Ministerio de Ciencia e Innovación TIN2013-46928-C3-3-RJunta de Andalucía TIC-578

SPICE 3: Facilitating organisational process improvement through good practice sharing

This paper describes the latest iteration of the SPICE research. SPICE 3 explains the process maturity framework to address the level III of the SPICE model. Building upon the developments of level II, SPICE 3 advocates establishment of a process improvement infrastructure to facilitate good practice sharing in construction organisations. To achieve SPICE level III process maturity, organisations should posses four key processes and five process enablers. The model developed helped the case study organisations to identify their process strengths and also areas requiring improvement

Identification of key process areas in the production on an e-capability maturity model for UK construction organisations

Uptake of e-procurement by construction organisations has been slow (Martin, 2008). Positive e-business achievements in other industries, point towards the potential for the construction industry to accomplish similar results. Since the Modernising Government White paper set targets through best value indicator BV157 for implementation in the public sector, Government has supported many initiatives encouraging e-procurement. These are based on documented efficiency and cost savings (Knudsen, 2003; Minahan and Degan, 2001; McIntosh and Sloan, 2001; Martin, 2008). However, Martin (2003, 2008) demonstrates only a modest increase in the uptake of e-procurement in the UK construction industry. Alshawi et al (2004) identified the significance of possessing a model to sustain the embedment of any business process within an organisation. Saleh and Alshawi (2005) describe a number of model types used to gauge maturity in an organisation. One of these models is the capability maturity model. Paulk et al (1993) released the Software Capability Maturity Model (CMM) in 1991. Since then many CMM’s have evolved. This paper reports on how a CMM based on Drivers and Barriers to e-procurement identified in Eadie et al (2009) can be developed to gauge the maturity of an organisation in relation to e-procurement. This paper presents details of a research project which used factor analysis to produce a set of Key Process Areas (KPA) from the drivers and barriers identified in Eadie et al (2009). These KPAs were then subjected to a mapping process linking them to maturity levels to develop a CMM to analyse the e-procurement capability of construction organisations. The mapping will be reported in a later paper. This termed as e-readiness of organisations will indicate the current state of a construction organisation in terms of its readiness to carry out e-procurement. The paper describes in detail the identification of the KPA’s