Requirements Prioritisation and Retrospective Analysis for Release Planning Process Improvement

The quality of a product can be defined by its ability to satisfy the needs and expectations of its customers. Achieving quality is especially difficult in market-driven situations since the product is released on an open market with numerous potential customers and users with various wishes. The quality of the software product is to a large extent determined by the quality of the requirements engineering (RE) and release planning decisions regarding which requirements that are selected for a product. The goal of this thesis is to enhance software product quality and increase the competitive edge of software organisations by improving release planning decision-making. The thesis is based on empirical research, including both qualitative and quantitative research approaches. The research contains a qualitative survey of RE challenges in market-driven organisations based on interviews with practitioners. The survey provided increased understanding of RE challenges in the software industry and gave input to the continued research. Among the challenging issues, one was selected for further investigation due to its high relevance to the practitioners: requirements prioritisation and release planning decision-making. Requirements prioritisation techniques were evaluated through experiments, suggesting that ordinal scale techniques based on grouping and ranking may be valuable to practitioners. Finally, a retrospective method called PARSEQ (Post-release Analysis of Requirements SElection Quality) is introduced and tested in three case studies. The method aims at evaluating prior releases and finding improvement proposals for release planning decision-making in future release projects. The method was found valuable by all participants and relevant improvement proposals were discovered in all cases

Physical soil quality indicators for monitoring British soils

The condition or quality of soils determines its ability to deliver a range of functions that support ecosystem services, human health and wellbeing. The increasing policy imperative to implement successful soil monitoring programmes has resulted in the demand for reliable soil quality indicators (SQIs) for physical, biological and chemical soil properties. The selection of these indicators needs to ensure that they are sensitive and responsive to pressure and change e.g. they change across space and time in relation to natural perturbations and land management practices. Using a logical sieve approach based on key policy-related soil functions, this research assessed whether physical soil properties can be used to indicate the quality of British soils in terms of its capacity to deliver ecosystem goods and services. The resultant prioritised list of physical SQIs were tested for robustness, spatial and temporal variability and expected rate of change using statistical analysis and modelling. Six SQIs were prioritised; packing density, soil water retention characteristics, aggregate stability, rate of erosion, depth of soil and soil sealing. These all have direct relevance to current and likely future soil and environmental policy and are appropriate for implementation in soil monitoring programs

A Review of Risk Matrices Used in Acute Hospitals in England.

In healthcare, patient safety has received substantial attention and, in turn, a number of approaches to managing safety have been adopted from other high-risk industries. One of these has been risk assessment, predominantly through the use of risk matrices. However, while other industries have criticized the design and use of these risk matrices, the applicability of such criticism has not been investigated formally in healthcare. This study examines risk matrices as used in acute hospitals in England and the guidance provided for their use. It investigates the applicability of criticisms of risk matrices from outside healthcare through a document analysis of the risk assessment policies, procedures, and strategies used in English hospitals. The findings reveal that there is a large variety of risk matrices used, where the design of some might increase the chance of risk misprioritization. Additionally, findings show that hospitals may provide insufficient guidance on how to use risk matrices as well as what to do in response to the existing criticisms of risk matrices. Consequently, this is likely to lead to variation in the quality of risk assessment and in the subsequent deployment of resources to manage the assessed risk. Finally, the article outlines ways in which hospitals could use risk matrices more effectively

Incident Prioritisation for Intrusion Response Systems

The landscape of security threats continues to evolve, with attacks becoming more serious and the number of vulnerabilities rising. To manage these threats, many security studies have been undertaken in recent years, mainly focusing on improving detection, prevention and response efficiency. Although there are security tools such as antivirus software and firewalls available to counter them, Intrusion Detection Systems and similar tools such as Intrusion Prevention Systems are still one of the most popular approaches. There are hundreds of published works related to intrusion detection that aim to increase the efficiency and reliability of detection, prevention and response systems. Whilst intrusion detection system technologies have advanced, there are still areas available to explore, particularly with respect to the process of selecting appropriate responses. Supporting a variety of response options, such as proactive, reactive and passive responses, enables security analysts to select the most appropriate response in different contexts. In view of that, a methodical approach that identifies important incidents as opposed to trivial ones is first needed. However, with thousands of incidents identified every day, relying upon manual processes to identify their importance and urgency is complicated, difficult, error-prone and time-consuming, and so prioritising them automatically would help security analysts to focus only on the most critical ones. The existing approaches to incident prioritisation provide various ways to prioritise incidents, but less attention has been given to adopting them into an automated response system. Although some studies have realised the advantages of prioritisation, they released no further studies showing they had continued to investigate the effectiveness of the process. This study concerns enhancing the incident prioritisation scheme to identify critical incidents based upon their criticality and urgency, in order to facilitate an autonomous mode for the response selection process in Intrusion Response Systems. To achieve this aim, this study proposed a novel framework which combines models and strategies identified from the comprehensive literature review. A model to estimate the level of risks of incidents is established, named the Risk Index Model (RIM). With different levels of risk, the Response Strategy Model (RSM) dynamically maps incidents into different types of response, with serious incidents being mapped to active responses in order to minimise their impact, while incidents with less impact have passive responses. The combination of these models provides a seamless way to map incidents automatically; however, it needs to be evaluated in terms of its effectiveness and performances. To demonstrate the results, an evaluation study with four stages was undertaken; these stages were a feasibility study of the RIM, comparison studies with industrial standards such as Common Vulnerabilities Scoring System (CVSS) and Snort, an examination of the effect of different strategies in the rating and ranking process, and a test of the effectiveness and performance of the Response Strategy Model (RSM). With promising results being gathered, a proof-of-concept study was conducted to demonstrate the framework using a live traffic network simulation with online assessment mode via the Security Incident Prioritisation Module (SIPM); this study was used to investigate its effectiveness and practicality. Through the results gathered, this study has demonstrated that the prioritisation process can feasibly be used to facilitate the response selection process in Intrusion Response Systems. The main contribution of this study is to have proposed, designed, evaluated and simulated a framework to support the incident prioritisation process for Intrusion Response Systems.Ministry of Higher Education in Malaysia and University of Malay

Developing a Multicriteria Model for Use as a Highway Assessment Technique

INTRODUCTION This paper is concerned with the development of a simple multicriteria model for use as a priority assessment technique (PAT) by Local authority transport planners faced with the problem of identifying which of a range of highway investment proposals should be implemented. The project of which it forms a part has involved three main phases: Phase I - a review and critique of PATS developed by British local authorities; Phase II - the application of a representative sample of PATS to a set of six highway schemes, together with an analysis of the different scheme rankings which emerged; Phase III - the construction, based upon the experience of phases I and II together with knowledge of recent developments in multicriteria analysis, of a computer-based PAT. An account of the outcome of the first two phases of the project is given in Simon (1987); more detailed information is available in Simon (1986a,b; 1987)

Cause for alarm?: A multi-national, multi-institutional study of student-generated software designs

This paper reports a multi-national, multi-institutional study to investigate Computer Science students' understanding of software design and software design criteria. Students were recruited at two levels: those termed 'first competency' programmers, and those completing their Bachelor degrees. The study, including participants from 21 institutions over the academic year 2003/4, aimed to examine students' ability to generate software designs, to elicit students' understanding and valuation of key design activities, and to examine whether students at different stages in their undergraduate education display different understanding of software design. Differences were found in participants' recognition of ambiguity in requirements; in their use of formal (and semi-formal) design representation and in their prioritisation of design criteria

Supporting Decisions: Understanding natural resource management assessment techniques

Report to the Land and Water Resources Research and Development Corporation. This document presents a review of NRM decision support techniques. It draws upon previous studies in the fields of management science, operations research, environmental economics and natural resource management. The objectives of the document are to: Explain the workings of the more significant (representative) methods of NRM decision support (including the latest developments); Discuss how these decision support methods may influence the outcome of NRM decisions; and Provide practicing NRM decision makers with guidance for choosing which methods to apply.Australia;natural resource management;assessment;decision support;

Transferring and extrapolating estimates of cost-effectiveness for water quality outcomes: Challenges and lessons from the Great Barrier Reef

In recent decades the declining health of the Great Barrier Reef has led to a number of government policies being implemented to reduce pollutant loads from the adjacent agricultural-based catchments. There is increasing use of cost-effectiveness measures to help prioritise between different programs and actions to reduce pollutants, given limited resources and the scale of the issues. However there are a small number of primary studies available, and the consistency of cost-effectiveness measures and their application is limited, particularly given the various uncertainties that underlie the measures. Unlike Europe and the United States of America water policy or benefit transfer approaches, there are no procedural guidance studies that must be followed in the context of the Great Barrier Reef catchments. In this study we review the use of cost effectiveness estimates for pollutant reduction into the Great Barrier Reef in the context of a benefit transfer framework, where estimates of costs from a particular case study are transferred to various scenarios within different catchments. The conclusions suggest a framework be developed for the Great Barrier Reef, which is consistent, transparent, and rigorous