Software Quality Assurance A Study Based on Pakistan’s Software Industry

This paper investigates the role of quality management practices in software industry of Pakistan. We present a comparison between the more-experienced and less-experienced firms with respect to the critical factors of quality management. The critical factors of quality management practices in the software industry are first identified from the literature survey and validated through an empirical study. The study attempts to probe the influence of “age of quality” and “use of software” over software quality management practices and programs. The results of the study shows that the ‘age of quality” and “use of software” have partial influence over the software quality management

A Technological Alignment Diagnosis Test (TDAT) for SMEs

This paper presents a test that helps practitioners and researchers to measure ICT alignment in SMEs. Practitioners and researchers have suggested SMEs use ICT in a way less than optimal, wasting important and limited resources. Although researchers have proposed several instruments to solve this problem, they show operative problems when applied to SMEs. We developed and applied a test that helps SME managers to diagnose and measure the misalignment of ICT in their firms. Additionally, we propose the usage of two indicators of misalignment of ICT in SMEs. We applied this test to 34 SMEs of different regions in Chile with positive feedback on behalf of the SME owners. SMEs are less misaligned at a strategic level than at the process level (23.9% and 42.6% respectively). Also, the findings showed statistically significant differences of alignment between firms of different regions. An open question: whether it is possible that in SMEs the process-level alignment delivers more information than strategic level alignment

Antecedents and Impacts of E-Business Aligment Amongst Small and Medium-Sized Enterprises

E-business has great potentials for firms to extend their business efficiency. Nevertheless, due to various problems and constraints, the e-business deployment within SMEs sector has been reported as not effective. To ensure effective e-business deployment, necessary measures are needed to assess how firms align diverse ebusiness capabilities in support of their business operation. This study therefore aims to investigate the extent firms align diverse e-business capabilities across business processes (e-business alignment). Using a strategic fit perspective, this study has observed two major propositions. First, firms‟ ability to align e-business to support the most crucial business processes has potentially led to better realisation of ebusiness values. Secondly, certain managerial and environmental conditions have explained the differing characteristics of e-business alignment amongst firms. This study employs quantitative research approach using survey method to collect and collate evidences from 140 owner/managers of SMEs. Preliminary analysis has indicated e-business alignment/misalignment patterns across business functions. The cluster analysis further reveals three distinct profiles with different characteristics of e-business alignment. These profiles are labelled as 'highly fit', 'moderately fit' and 'low fit' based on their e-business fit characteristics. This result confirms the first proposition where highly aligned firms will report greater and wider e-business impacts. The second proposition reveals that environmental uncertainty, IT sophistication, owner/manager knowledge on advanced IT/IS, e-business deployment status, and support network are significant predictors to different e-business alignment characteristics among firms. This study suggests that firms relatively have different priority over e-business solutions to support their business. These findings have demonstrated why some firms do not progress to a higher e-business ladder. It further justifies unequal deployment of e-business solutions to support functions across firms

"Comply or die" is dead: Long live security-aware principal agents

Information security has adapted to the modern collaborative organisational nature, and abandoned "command-and-control" approaches of the past. But when it comes to managing employee's information security behaviour, many organisations still use policies proscribing behaviour and sanctioning non-compliance. Whilst many organisations are aware that this "comply or die" approach does not work for modern enterprises where employees collaborate, share, and show initiative, they do not have an alternative approach to fostering secure behaviour. We present an interview analysis of 126 employees' reasons for not complying with organisational policies, identifying the perceived conflict of security with productive activities as the key driver for non-compliance and confirm the results using a survey of 1256 employees. We conclude that effective problem detection and security measure adaptation needs to be de-centralised - employees are the principal agents who must decide how to implement security in specific contexts. But this requires a higher level of security awareness and skills than most employees currently have. Any campaign aimed at security behaviour needs to transform employee's perception of their role in security, transforming them to security-aware principal agents

Hubung kait antara amalan perancangan strategik sistem maklumat (PSSM) dan prestasi agensi kerajaan di Malaysia: Kesan penyederhana konteks PSSM dan pendekatan PSSM

Strategic information system planning (SISP) as a management practice and process helps organizations to identify as well as selecting suitable computer- based systems for improving their organizational performance. Although, as an area of study, SISP has gained much attention among academics and practitioners, research that focuses on SISP in government agencies has not been emphasized. Given the limited number of studies on SISP in government agencies, this study initiated an attempt to investigate SISP among government agencies in Malaysia. The objectives of this study were to determine the relationship between SISP practices and performance of government agencies as well as to determine whether SISP contexts and SISP approaches moderate the relationship between SISP practices and performance of government agencies. More specifically, the study adopted the contingency framework to examine the moderating effects of SISP contexts and SISP approaches on the relationship between SISP practices and performance of government agencies in Malaysia. Questionnaires were sent to 254 government agencies that were registered with the Malaysian Administrative Modernization and Management Planning Unit (MAMPU). Descriptive analysis, Pearson correlation, and multiple and hierarchical regressions were used to analyze the data. Based on the analyses of the data obtained from the respondents, the results of the study indicated positive relationships between SISP practices and performance of the government agencies. Furthermore, the results also showed that SISP contexts and SISP approaches moderate the relationship between SISP practices and performance of the government agencies. The findings of this study appear to support the notion that SISP practices are related to the performance of government agencies. The association between SISP practices and the performance of government agencies as well as the moderating effects of SISP contexts and SISP approaches further suggests implications to practitioners, policy - makers and government agencie

Die Kyprominoische Schrift: Texte und Kontexte

Vor 199 Jahren veröffentlichte Josef von Hammer die erste moderne Entdeckung einer in die Steinwand eines Grabes im antiken Paphos (Kouklia) eingemeißelten kyprisch-syllabischen Inschrift. Die weiteren Funde mit dieser Schrift versehener Objekte häuften sich rapide und 1852 publizierte Honoré Albert de Luynes die erste wissenschaftliche Studie der kyprischen Schriften, 1869 wurde in Dhali eine Bilingue mit der lokalen Schrift und Phönizisch gefunden. Sie erwies sich als Schlüssel zur Entzifferung

Towards optical quantum information processing using Rydberg dark-state polaritons

This thesis proposes a novel method to implement universal quantum gates for photonic qubits using the strong dipole-dipole interactions present in a cold gas of Rydberg atoms and the control offered by microwave fields. By means of electromagnetically induced transparency (EIT) we store the information encoded in photonic qubits as Rydberg excitations, and then couple these to neighbouring states using microwaves. Microwaves alter the range of the dipole-dipole interactions between the excitations, and a suitable geometrical arrangement of the excitations in the cloud leads to a controlled $\pi$ phase shift in the system's wavefunction, the basis of the universal gates proposed. After processing, the excitations in the medium are later retrieved as photons. A theoretical description of the implementation of a 2-qubit universal gate is presented and a numerical analysis shows the feasibility of its implementation in a cold cloud of Rubidium atoms. A scheme is also proposed to construct more general gates with applications in quantum information processing. These schemes have been made possible by the analysis of recent experiments performed in the group. This analysis is repeated here, along with the characterization of parts of the detection system required to obtain them

Abordagem para a elicitação de requisitos de software baseada em modelo de processo de negócio

High competitivity among business organizations demands constant inovation and evolution of productive processes of companies, also pushing the same agility to development and modification of information systems. Besides that, elicitation of software requirements are still made using empiric methods without a warranty of its alignment with business problems and needs. Software Engineering needs better and precise mechaninsms to be used on a phase which is considered critical to the success of software development. This work realize the development of an approach to software requirements elicitation using BPMN - Business Process Model and Notation, defined by OMG - Object Management Group. As an approach to the problem, qualitative research will be used as it favors conceptual questions, patterns, opinions and its respective analysis, and on behalf technical procedures its based on study cases. As result of this research, an approach to elicitation of information systems development requirements was built based on BPMN notation to model business process. In order to check the feasibility of using the proposed approach, were made case studies.A alta competitividade entre as organizações empresariais exige constante inovação e evolução em seus processos produtivos, necessitando que seus sistemas de informação sejam produzidos e modificados com a mesma agilidade. A elicitação dos requisitos, no entanto, ainda é feita por meio de métodos empíricos sem efetiva garantia de seu alinhamento com os problemas e necessidades inerentes ao negocio. Deste contexto, a Engenharia de Software necessita de mecanismos mais precisos para uma etapa, do processo de desenvolvimento, que é considerada crítica para o sucesso do desenvolvimento do software. Este trabalho realiza o desenvolvimento de uma abordagem para elicitação de requisitos de software por meio da notação para modelagem de negocio BPMN - Business Process Model and Notation, definida pela OMG - Object Management Group. Do ponto de vista da abordagem do problema é utilizada a pesquisa qualitativa, pois privilegia questões conceituais, padrões, opiniões expressas e suas respectivas análises e, sob o ponto de vista dos procedimentos técnicos, é baseada em estudos de caso. Como resultado desta dissertação foi criada uma abordagem para a elicitação de requisitos para o desenvolvimento de sistemas de informação baseado na notação BPMN para a modelagem de processos de negócios. Com a finalidade de verificar a viabilidade da utilização da abordagem proposta, foram realizados estudos de caso

Developing a Multi-Objective Decision Model for Maximizing IS Security within an Organization

Numerous IS researchers have argued that IS Security can be more effectively managed if the emphasis goes beyond the technical means of protecting information resources. In an effort to adopt a broader perspective that accounts for issues that transcend technical means alone, Dhillon and Torkzadeh (2006) present an array of 9 fundamental and 16 means objectives that are essential for maximizing IS security in an organization. These objectives were derived using a value-focused thinking approach and are organized into a conceptual framework. This conceptual framework provides a rigorous theoretical base for considering IS security in a manner that accounts for both technical and organizational issues; however, no direction is provided for using these objectives so that informed decisions can be made. As a result, the goal of this dissertation is to develop a decision model using Multiple Objective Decision Analysis (MODA) techniques that seek to provide informed alternatives to decision makers who desire to maximize IS security within an organization

The Web Engineering Security (WES) methodology

The World Wide Web has had a significant impact on basic operational economical components in global information rich civilizations. This impact is forcing organizations to provide justification for security from a business case perspective and to focus on security from a web application development environment perspective. This increased focus on security was the basis of a business case discussion and led to the acquisition of empirical evidence gathered from a high level Web survey and more detailed industry surveys to analyse security in the Web application development environment. Along with this information, a collection of evidence from relevant literature was also gathered. Individual aspects of the data gathered in the previously mentioned activities contributed to the proposal of the Essential Elements (EE) and the Security Criteria for Web Application Development (SCWAD). The Essential Elements present the idea that there are essential, basic organizational elements that need to be identified, defined and addressed before examining security aspects of a Web Engineering Development process. The Security Criteria for Web Application Development identifies criteria that need to be addressed by a secure Web Engineering process. Both the EE and SCWAD are presented in detail along with relevant justification of these two elements to Web Engineering. SCWAD is utilized as a framework to evaluate the security of a representative selection of recognized software engineering processes used in Web Engineering application development. The software engineering processes appraised by SCWAD include: the Waterfall Model, the Unified Software Development Process (USD), Dynamic Systems Development Method (DSDM) and eXtreme Programming (XP). SCWAD is also used to assess existing security methodologies which are comprised of the Orion Strategy; Survivable / Viable IS approaches; Comprehensive Lightweight Application Security Process (CLASP) and Microsoft’s Trust Worthy Computing Security Development Lifecycle. The synthesis of information provided by both the EE and SCWAD were used to develop the Web Engineering Security (WES) methodology. WES is a proactive, flexible, process neutral security methodology with customizable components that is based on empirical evidence and used to explicitly integrate security throughout an organization’s chosen application development process. In order to evaluate the practical application of the EE, SCWAD and the WES methodology, two case studies were conducted during the course of this research. The first case study describes the application of both the EE and SCWAD to the Hunterian Museum and Art Gallery’s Online Photo Library (HOPL) Internet application project. The second case study presents the commercial implementation of the WES methodology within a Global Fortune 500 financial service sector organization. The assessment of the WES methodology within the organization consisted of an initial survey establishing current security practices, a follow-up survey after changes were implemented and an overall analysis of the security conditions assigned to projects throughout the life of the case study