1,697 research outputs found
Impact assessment of change management capability maturity level of contractors on time performance of building projects in Nigeria
Changes are generally inevitable in all stages of design and construction of building projects and are commonly associated with some consequences such as time overrun, cost overrun, conflicts and reworks. All these risks contribute to project failure if change implementation is inconsistently managed. In construction, project failure has become a common concern of all parties hence, assessing the impact of capability of con-tractors to manage project changes in order to improve project performance is critical. Therefore, this re-search assesses the relationship between the change management capability maturity level (CMCML) of con-tractors and time performance of building projects. Data collected from respondents via questionnaire survey were analyzed using spearman’s rank correlation, fuzzy synthetic evaluation and multiple regression. The re-search findings reveal that the project time overrun is negatively related to change management capability maturity level of contractor as evidenced by the co-efficient of determination R2 = - 0.385 (i. e as CMCML increases, project time overrun decreases). In addition, the result further indicates a strong negative correla-tion between CMCML and project time overrun going by the spearman’s rank correlation coefficient value of - 0.621 [7]. The established model is capable of predicting contractors’ CMCML thus making it possible to forecast contractor’s likelihood of performance in terms of time
Software process quality models: a comparative evaluation
Numerous software processes are implemented by software organisations in the production and maintenance of software products. Varying levels of success are observed in their execution, as processes vary in content and quality. A number of quality models for software processes have been published, each of which is intended to encompass the totality of quality factors and issues relevant to a specific notion of process quality. These quality models may be used to develop a new process, measure the quality of existing processes, or guide improvement of existing processes. It is therefore desirable that mechanisms exist to select the model of highest intrinsic quality and greatest relevance. In this thesis, mechanisms are proposed for the comparative evaluation of software process quality models. Case studies are performed in which existing software process quality models are applied to existing software processes. Case study results are used in empirical evaluation of models to augment theoretical evaluation results. Specific recommendations are made for selection of models against typical selection criteria. Assessment is performed of the assessment procedures against defined success criteria. Theoretical evaluation procedures are developed to measure process quality models against defined quality criteria. Measurements are performed of conformance of models to the requirements set for an ideal process quality model, and the relevance of model content to defined stakeholders in software processes. Comparison is also made of the scope and size of models. Empirical evaluation procedures are developed to assess model performance in the context of application to real software processes. These procedures assess the extent to which the results of process measurement using process quality models are observed to differ, and hence the importance of selecting one model in preference to others. Measurement is also performed of the extent of difference in the software processes evaluated in the case studies
Proceedings of the 1st international workshop on software process education, training and professionalism (SPETP 2015)
These Proceedings contain the papers accepted for publication and presentation at the first 1st International Workshop on Software Process Education, Training and Professionalism (SPETP 2015) held in conjunction with the 15th International Conference on Software Process Improvement and Capability dEtermination (SPICE 2015), Gothenburg, Sweden, during June 15-17, 2015.
During the 14th International Conference on Software Process Improvement and Capability dEtermination (SPICE 2014) held in Vilnius, Lithuania, at a post conference dinner, a group of key individuals from education and industry started to discuss the challenges faced for software process education, training and professionalism, especially with the background of the new modes of learning and teaching in higher education.
Further discussions held post conference with key players in the relevant professional and personal certification fields led to a consensus that it is time for the industry to rise to the new challenges and set out in a manifesto a common vision for educators and trainers together with a set of recommendations to address the challenges faced. It was therefore agreed co-located the 1st International Workshop on Software Process Education, Training and Professionalism with the 15th International Conference on Software Process Improvement and Capability dEtermination.
This workshop focused on the new challenges for and best practices in software process education, training and professionalism. The foundation for learning of software process should be part of a university or college education however software process is often treated as ‘add one’ module to the core curriculum. In a professional context, whilst there have been a number of initiatives focused on the certification related to the software process professional these have had little success for numerous reasons.
Cooperation in education between industry, academia and professional bodies is paramount, together with the recognition of how the education world is changing and how education is resourced, delivered (with online and open learning) and taken up. Over the next 10 years on-line learning is projected to grow fifteen fold, accounting for 30% of all education provision, according to the recent report to the European Commission on New modes of learning and teaching in higher education.
It is a great pleasure to see the varied contributions to this 1st International Workshop on Software Process Education, Training and Professionalism and we hope that our joint dedication, passion and innovation will lead to success for the profession through the publication of the manifesto as a key outcome from the workshop.
On behalf of the SPETP 2015 conference Organizing Committee, we would like to thank all participants. Firstly all the authors, whose quality work is the essence of the conference, and the members of the Program Committee, who helped us with their expertise and diligence in reviewing all of the submissions. As we all know, organizing a conference requires the effort of many individuals. We wish to thank also all the members of our Organizing Committee, whose work and commitment were invaluable
Optimizing the Automotive Security Development Process in Early Process Design Phases
Security is a relatively new topic in the automotive industry. In the former days, the only security defense methods were the engine immobilizer and the anti-theft alarm system. The rising connection of vehicles to external networks made it necessary to extend the security effort by introducing security development processes. These processes include, amongothers, risk analysis and treatment steps. In parallel, the development of ISO/SAE 21434 and UN-ECE No. R155 started. The long development cycles in the automotive industry made it necessary to align the development processes' early designs with the standards' draft releases.
This work aims to design a new consistent, complete and efficient security development process, aligned with the normative references. The resulting development process design aligns with the overall development methodology of the underlying, evaluated development process. Use cases serve as a basis for evaluating improvements and the method designs. This work concentrates on the left leg of the V-Model. Nevertheless, future work targets extensions for a holistic development
approach for safety and security.:I. Foundation
1. Introduction
2. Automotive Development
3. Methodology
II. Meta-Functional Aspects
4. Dependability as an Umbrella-Term
5. Security Taxonomy
6. Terms and Definitions
III. Security Development Process Design
7. Security Relevance Evaluation
8. Function-oriented Security Risk Analysis
9. Security Risk Analysis on System Level
10. Risk Treatment
IV. Use Cases and Evaluation
11. Evaluation Criteria
12. Use Case: Security Relevance Evaluation
13. Use Case: Function-oriented Security Risk Analysis
14. Use Case: System Security Risk Analysis
15. Use Case: Risk Treatment
V. Closing
16. Discussion
17. Conclusion
18. Future Work
Appendix A. Attacker Model Categories and Rating
Appendix B. Basic Threat Classes for System SRA
Appendix C. Categories of Defense Method Propertie
Recommended from our members
Vulnerability Identification Errors in Security Risk Assessments
At present, companies rely on information technology systems to achieve their business objectives, making them vulnerable to cybersecurity threats. Information security risk assessments help organisations to identify their risks and vulnerabilities. An accurate identification of risks and vulnerabilities is a challenge, because the input data is uncertain. So-called ’vulnerability identification errors‘ can occur if false positive vulnerabilities are identified, or if vulnerabilities remain unidentified (false negatives). ‘Accurate identification’ in this context means that all vulnerabilities identified do indeed pose a risk of a security breach for the organisation. An experiment performed with German IT security professionals in 2011 confirmed that vulnerability identification errors do occur in practice. In particular, false positive vulnerabilities were identified by participants.
In information security (IS) risk assessments, security experts analyze the organisation’s assets in order to identify vulnerabilities. Methods such as brainstorming, checklists, scenario-analysis, impact-analysis, and cause-analysis (ISO, 2009b) are used to identify vulnerabilities. These methods use uncertain input data for vulnerability identification, because the probabilities, effects and losses of vulnerabilities cannot be determined exactly (Fenz and Ekelhart, 2011). Furthermore, business security needs are not considered properly; the security checklists and standards used to identify vulnerabilities do not consider company-specific security requirements (Siponen and Willison, 2009). In addition, the intentional behaviour of an attacker when exploiting vulnerabilities for malicious purposes further increases the uncertainty, because predicting human behaviour is not just about existing vulnerabilities and their consequences (Pieters and Consoli, 2009), rather than preparing for future attacks. As a result, current approaches determine risks and vulnerabilities under a high degree of uncertainty, which can lead to errors.
This thesis proposes an approach to resolve vulnerability identification errors using security requirements and business process models. Security requirements represent the business security needs and determine whether any given vulnerability is a security risk for the business. Information assets’ security requirements are evaluated in the context of the business process model, in order to determine whether security functions are implemented and operating correctly. Systems, personnel and physical parts of business processes, as well as IT processes, are considered in the security requirement evaluation, and this approach is validated in three steps. Firstly, the systematic procedure is compared to two best-practice approaches. Secondly, the risk result accuracy is compared to a best-practice risk-assessment approach, as applied to several real-world examples within an insurance company. Thirdly, the capability to determine risk more accurately by using business processes and security requirements is tested in a quasi-experiment, using security professionals.
This thesis demonstrates that risk assessment methods can benefit from explicit evaluation of security requirements in the business context during risk identification, in order to resolve vulnerability identification errors and to provide a criterion for security
A Maturity Model for Mobile Learning
Higher education is becoming increasingly interested in adopting innovative and modern technologies as a mode of imparting education. Mobile technologies are considered to be the next frontier of educational platforms as they have the capability to provide high-quality learning experiences and to satisfy the increasing demand for mobility and flexibility. In view of the ubiquitous nature of mobile technology and the immense opportunities it offers, there are favorable indications that the technology could be introduced as the next generation of learning platforms. The present research aims to develop a comprehensive framework based on the well-known Capability Maturity Model (CMM) and to empirically evaluate the maturity of mobile learning (m-Learning) initiatives in universities. The objective is to first identify key factors that affect m-Learning adoption, then classify these factors into target groups, and eventually use this as a theoretical basis for proposing a maturity model for m-Learning. In doing so, the research focuses on three major stakeholders in post-secondary education, namely students, instructors, and university management. The proposed Mobile Learning Maturity Model (MLMM) is based on a framework that outlines an adoption rate using five maturity levels. The measuring instrument for the model contains nine critical success factors selected from three of our empirical studies that examined the perspectives of students, instructors, and academic management. The model uses assessment questionnaires, a rating methodology, and two case studies. All data has been collected from five universities in Saudi Arabia
Development and evaluation of a software-mediated process assessment approach in IT service management
To operate in a highly competitive business environment, organisations require the support of continually improving IT services. The dominant academic literature on ITService Management (ITSM) focuses on the measurement of the outcome of ITSM implementation. Consequently, there is limited research on the measurement of ITSM
processes. The ITSM industry has defined a number of processes as best practices in the IT Infrastructure Library (ITIL®) framework and the international standard forITSM, ISO/IEC 20000. However, there is a lack of a transparent and efficient process assessment method to improve ITSM processes. This research aims to address the dual problems of the lack of transparency and the need for efficiency in ITSM process
assessment.
Using the design science research methodology, an iterative design process was followed to develop a research artefact in the form of a method: the Software-Mediated Process Assessment (SMPA) approach that enables researchers and practitioners to assess the ITSM processes in a transparent and efficient way. The four phases in theSMPA approach include preparation for the assessment; online survey to collect
assessment data; measurement of process capability; and reporting of process improvement recommendations.
The international standard for process assessment
ISO/IEC 15504 and associated assessment models provided support for a transparent method. A Decision Support System (DSS) was implemented to demonstrate efficient use of the SMPA approach. Using a theoretically-grounded fit profile based on the Task-Technology Fit theory, the international standards and DSS technology were
implemented in the SMPA approach to address the research problem. The DSS platform was provided by an industry partner Assessment Portal Pty Ltd. that specialises in online assessment services.
Two case study organisations provided test sites for the evaluation of the SMPA approach. The two organisations are the Queensland Government’s primary IT service
provider, CITEC and the IT service department of an Australian local government authority, Toowoomba Regional Council. Using the quality models from the international standard for software quality evaluation ISO/IEC 25010, the usability and ii outcomes of the SMPA approach were evaluated. Evidence from the case study evaluations indicated that the SMPA approach is usable for ITSM process assessment in order to support decision-making on process improvements.
Further discussions of the research findings provided design knowledge that included the emergence of the concept of virtualisability in ITSM process assessments and a proposal of a hybrid ITSM process assessment method. Moreover, iterations ofself-assessments of ITSM processes using the SMPA approach may facilitate
continual service improvement. Based on the design knowledge obtained, the contributions of this research to theory and practice were articulated. The SMPA
approach extends prior guidelines on ITSM process assessment by providing a fine-grained method to assess ITSM processes. The SMPA approach clarifies the impact of software mediation to support transparency and efficiency in the way process assessments are conducted. This research also demonstrates how the SMPA approach is applied in practice by enabling IT organisations to self-assess the capability of their ITSM processes.
Upon reflection, the design science research method was found to be highly suitable to develop an artefact to solve a research problem and to evaluate the practical utility of the artefact. The SMPA approach is a research artefact that is implemented as a DSS; hence it is readily accessible to practitioners. The focus on practical utility provides researchers with results that are more readily endorsed, thus maximising the impact of the research findings in practice
A sequential exploratory design for the e-learning maturity model in Middle Eastern countries
E-learning involves the use of information and communication technologies (ICTs). It is transforming universities and has undergone immense change. Therefore, it has become the main
tool for improving educational and training activities. Many universities are combining e-learning components with their conventional instruction in order to enhance the delivery of
traditional courses.
However, many models of e-learning initiatives fail to achieve desired learning and teaching outcomes, because of the selection of inappropriate technology, instructor characteristics, or
failure to provide sufficient attention and support from the organization (Engelbrecht 2005; Selim 2007). Despite the potential models of e-learning as tools to enhance education and
training, their values will not be realized if instructors, learners, and organizations do not accept them as efficient and effective learning tools. Yet, it seems that universities in the Middle East
are still at a fundamental stage of adopting and implementing e-learning despite the plentiful factors that suggest e-learning as a support tool capable of enhancing the process of learning.
The reason behind selecting Middle Eastern universities is that in Arab countries mostly focuses on the insertion of new technological features without taking into account psychopedagogical concerns that are likely to improve a student's cognitive process in this new educational category. Also, fragile strategies for e-learning have existed in most of the Middle
Eastern universities. Consequently, describing strategy is serious to the successful deployment of e-learning initiatives in Middle East and Arab countries. The aim of this thesis is to explore the criteria affecting the introduction of a maturity model
in the deployment of e-learning in Middle Eastern countries. Building on the extant literature review concerning the identification of critical success factors (CSFs) of e-learning, many factors
(instructor characteristics, information technology infrastructure, and organizational and technical support) were examined and it was found that there is no complete model for e-learning.
Also, this review concluded that the factors developed need modification to account for Middle Eastern status. These modifications resulted in the development of an e-learning maturity
model affecting e-learning development in the Middle East.
The thesis was mainly a sequential exploratory study that employed in-depth interviews, supplemented by questionnaires. Qualitative data was collected from interviews and analyzed
using Grounded Theory. The results of the qualitative analysis were followed up by collecting quantitative data using online questionnaires. The quantitative data was analyzed using
exploratory and confirmatory factor analysis. A total of 600 responses were used in the quantitative analysis, while a total of 150 interviews responses were used in the qualitative
analysis.
The results of this study provide an insight into six important dimensions. First, the results describe how learners’ perceive e-learning models in higher education institutions and sheds
some light on learner attributes that may be prerequisites for benefiting from and accepting e-learning models. Second, they address the issue of higher education institutions’ strategies for e-learning initiatives. Third, the results describe how learners’ perceive e-learning features in higher education institutions. Fourth and fifth, they explain the criticality and importance of the
instructor, and student attitudes towards e-learning environments. Sixth, they assess the effect of e-learning on students
An Investigation into quality assurance of the Open Source Software Development model
A thesis submitted in partial fulfilment of the requirements of the University of Wolverhampton for the degree of Doctor of PhilosophyThe Open Source Software Development (OSSD) model has launched products in rapid succession and with high quality, without following traditional quality practices of accepted software development models (Raymond 1999). Some OSSD projects challenge established quality assurance approaches, claiming to be successful through partial contrary techniques of standard software development. However, empirical studies of quality assurance practices for Open Source Software (OSS) are rare (Glass 2001). Therefore, further research is required to evaluate the quality assurance processes and methods within the OSSD model. The aim of this research is to improve the understanding of quality assurance practices under the OSSD model. The OSSD model is characterised by a collaborative, distributed development approach with public communication, free participation, free entry to the project for newcomers and unlimited access to the source code. The research examines applied quality assurance practices from a process view rather than from a product view. The research follows ideographic and nomothetic methodologies and adopts an antipositivist epistemological approach. An empirical research of applied quality assurance practices in OSS projects is conducted through the literature research. The survey research method is used to gain empirical evidence about applied practices. The findings are used to validate the theoretical knowledge and to obtain further expertise about practical approaches. The findings contribute to the development of a quality assurance framework for standard OSSD approaches. The result is an appropriate quality model with metrics that the requirements of the OSSD support. An ideographic approach with case studies is used to extend the body of knowledge and to assess the feasibility and applicability of the quality assurance framework. In conclusion, the study provides further understanding of the applied quality assurance processes under the OSSD model and shows how a quality assurance framework can support the development processes with guidelines and measurements
Investigating the relationship between software process improvement, situational change, and business success in software SMEs
While we have learned a great deal from Software Process Improvement (SPI) research to date, no earlier study has been designed from the outset to examine the relationship between SPI and business success in software development small- to- medium- sized companies (software SMEs). Since business processes are generally acknowledged as having an important role to play in supporting business success, it follows that the software development process (a large and complex component of the overall business process) has an important contribution to make in supporting business success in software development companies. However, to date we have very little evidence regarding the role of SPI in supporting business success, especially for software SMEs.
The need for SPI is dependent on the extent of situational change in a software development setting, and therefore any examination of the relationship between SPI and business success would be deficient if it did not also examine the extent of situational change. Therefore, this thesis describes a novel approach to examining SPI, situational change and business success in software development companies. Furthermore, having discharged this new approach to 15 software SMEs, this thesis makes the important new discovery that the amount of SPI implemented in a software SME is positively associated with the extent of business success – especially when the degree of situational change is taken into account.
This thesis describes the first published study to examine the relationship between SPI, situational change and business success in software SMEs. The findings suggest that there are business benefits to implementing SPI in software SMEs, with the degree of situational change being an important factor informing SPI initiatives. Furthermore, this research has yielded valuable new insights into the nature of SPI, situational change and business success in software SMEs
- …