Enterprise information security policy assessment - an extended framework for metrics development utilising the goal-question-metric approach

Effective enterprise information security policy management requires review and assessment activities to ensure information security policies are aligned with business goals and objectives. As security policy management involves the elements of policy development process and the security policy as output, the context for security policy assessment requires goal-based metrics for these two elements. However, the current security management assessment methods only provide checklist types of assessment that are predefined by industry best practices and do not allow for developing specific goal-based metrics. Utilizing theories drawn from literature, this paper proposes the Enterprise Information Security Policy Assessment approach that expands on the Goal-Question-Metric (GQM) approach. The proposed assessment approach is then applied in a case scenario example to illustrate a practical application. It is shown that the proposed framework addresses the requirement for developing assessment metrics and allows for the concurrent undertaking of process-based and product-based assessment. Recommendations for further research activities include the conduct of empirical research to validate the propositions and the practical application of the proposed assessment approach in case studies to provide opportunities to introduce further enhancements to the approach

Integrating automated support for a software management cycle into the TAME system

Software managers are interested in the quantitative management of software quality, cost and progress. An integrated software management methodology, which can be applied throughout the software life cycle for any number purposes, is required. The TAME (Tailoring A Measurement Environment) methodology is based on the improvement paradigm and the goal/question/metric (GQM) paradigm. This methodology helps generate a software engineering process and measurement environment based on the project characteristics. The SQMAR (software quality measurement and assurance technology) is a software quality metric system and methodology applied to the development processes. It is based on the feed forward control principle. Quality target setting is carried out before the plan-do-check-action activities are performed. These methodologies are integrated to realize goal oriented measurement, process control and visual management. A metric setting procedure based on the GQM paradigm, a management system called the software management cycle (SMC), and its application to a case study based on NASA/SEL data are discussed. The expected effects of SMC are quality improvement, managerial cost reduction, accumulation and reuse of experience, and a highly visual management reporting system

Modeling the object-oriented software process: OPEN and the unified process

A short introduction to software process modeling is presented, particularly object-oriented modeling. Two major industrial process models are discussed: the OPEN model and the Unified Process model. In more detail, the quality assurance in the Unified Process tool (formally called Objectory) is reviewed

Software development: A paradigm for the future

A new paradigm for software development that treats software development as an experimental activity is presented. It provides built-in mechanisms for learning how to develop software better and reusing previous experience in the forms of knowledge, processes, and products. It uses models and measures to aid in the tasks of characterization, evaluation and motivation. An organization scheme is proposed for separating the project-specific focus from the organization's learning and reuse focuses of software development. The implications of this approach for corporations, research and education are discussed and some research activities currently underway at the University of Maryland that support this approach are presented

Software Reuse in Agile Development Organizations - A Conceptual Management Tool

The reuse of knowledge is considered a major factor for increasing productivity and quality. In the software industry knowledge is embodied in software assets such as code components, functional designs and test cases. This kind of knowledge reuse is also referred to as software reuse. Although the benefits can be substantial, software reuse has never reached its full potential. Organizations are not aware of the different levels of reuse or do not know how to address reuse issues. This paper proposes a conceptual management tool for supporting software reuse. Furthermore the paper presents the findings of the application of the management tool in an agile development organization

A quality management based on the Quality Model life cycle

Managing quality is a hard and expensive task that involves the execution and control of processes and techniques. For a good quality management, it is important to know the current state and the objective to be achieved. It is essential to take into account with a Quality Model that specifies the purposes of managing quality. QuEF (Quality Evaluation Framework) is a framework to manage quality in MDWE (Model-driven Web Engineering). This paper suggests managing quality but pointing out the Quality Model life cycle. The purpose is to converge toward a quality continuous improvement by means of reducing effort and time.Ministerio de Ciencia e Innovación TIN2010-20057-C03-02Ministerio de Ciencia e Innovación TIN 2010-12312-EJunta de Andalucía TIC-578

Cost reduction using process analysis in company PEGRES obuv s.r.o.

Firma PEGRES obuv s.r.o. se již delší dobu potýká se stagnací v oblasti plánování a řízení výroby. Některé podnikové procesy jsou nyní značně zastaralé a v aktuálních podmínkách již neefektivní. Cíl práce je snížení nákladů s využitím procesní analýzy. Pro dosažení tohoto cíle bude provedena analýza současného stavu zastaralých procesů a budou popsány vybrané metody řízení výroby, které jsou svou povahou relevantní pro výrobu obuvi. Výstupem práce je sada doporučení a návrhů na změny v existujících procesech. Vybrané návrhy budou v prostředí firmy implementovány a práce zahrne zhodnocení výsledků po zavedení těchto změn.Company PEGRES obuv s.r.o. has been long time struggling with stagnation in production planning and control. Some of the internal processes are now obsolete and in current conditions no longer effective. The goal of the paper is to reduce the costs using process analysis. To achieve this goal, analysis of the current state of outdated processes will be performed, followed by description of selected methods of production management, which by their nature are relevant to the production of the shoes. Output of the work is a set of recommendations and proposals for changes to existing processes. Selected proposals will be implemented in the company and paper will include evaluation of results after the implementation of these changes.

Aligning a Service Provisioning Model of a Service-Oriented System with the ITIL v.3 Life Cycle

Bringing together the ICT and the business layer of a service-oriented system (SoS) remains a great challenge. Few papers tackle the management of SoS from the business and organizational point of view. One solution is to use the well-known ITIL v.3 framework. The latter enables to transform the organization into a service-oriented organizational which focuses on the value provided to the service customers. In this paper, we align the steps of the service provisioning model with the ITIL v.3 processes. The alignment proposed should help organizations and IT teams to integrate their ICT layer, represented by the SoS, and their business layer, represented by ITIL v.3. One main advantage of this combined use of ITIL and a SoS is the full service orientation of the company.Comment: This document is the technical work of a conference paper submitted to the International Conference on Exploring Service Science 1.5 (IESS 2015