Ten Criteria for Meaningful and Usable Measures of Performance

Outlines requirements for healthcare delivery performance measures and their rationale, including prioritizing consumer and purchaser needs, using direct feedback, creating a comprehensive dashboard of measures, and measuring performance at all levels

A Business Goal Driven Approach for Understanding and Specifying Information Security Requirements

In this paper we present an approach for specifying and prioritizing\ud information security requirements in organizations. It is important\ud to prioritize security requirements since hundred per cent security is\ud not achievable and the limited resources available should be directed to\ud satisfy the most important ones. We propose to link explicitly security\ud requirements with the organization’s business vision, i.e. to provide business\ud rationale for security requirements. The rationale is then used as a\ud basis for comparing the importance of different security requirements.\ud A conceptual framework is presented, where the relationships between\ud business vision, critical impact factors and valuable assets (together with\ud their security requirements) are shown

Understanding and Specifying Information Security Needs to Support the Delivery of High Quality Security Services

In this paper we present an approach for specifying and prioritizing information security requirements in organizations. It is important to prioritize security requirements since hundred per cent security is\ud not achievable and the limited resources available should be directed to satisfy the most important ones. We propose to explicitly link security requirements with the organization’s business vision, i.e. to provide business\ud rationale for security requirements. The rationale is then used as a basis for comparing the importance of different security requirements.\ud Furthermore we discuss how to integrate the aforementioned solution concepts into a service level management process for security services, which is an important step in IT Governance. We validate our approach by way of a focus group session

Comparing AHP and ELECTRE I for prioritizing software requirements

Requirement prioritization is a process that allows selection of the “key” candidate requirements, the ones that are the most important for the construction of quality and cost-controlled software. Requirement prioritization brings certain issues and challenges related with the different stakeholders involved in the project, as well as with the prioritization techniques used, which differ in procedures, criteria and metrics. This manuscript compares two multi-criteria decision methods (MCDM), AHP and ELECTRE I, seeking to justify which one is the most feasible in the requirement prioritization process of a real-world case study. To accomplish this aim, several criteria were used to compare the applicability and performance of both MCDMs. In order to reflect reality as close as possible, several stakeholders, including software professionals directly related to the case study, were involved. The results confirm the intuition that ELECTRE I is more easily applicable than AHP. ELECTRE I is subject to fewer mistakes in comparisons of the requirements than the AHP method, as these are carried out differently. In fact, due to its inherent complexity, AHP becomes even impractical in software projects with a large number of requirements

Risk and Business Goal Based Security Requirement and Countermeasure Prioritization

Companies are under pressure to be in control of their assets but at the same time they must operate as efficiently as possible. This means that they aim to implement “good-enough security” but need to be able to justify their security investment plans. Currently companies achieve this by means of checklist-based security assessments, but these methods are a way to achieve consensus without being able to provide justifications of countermeasures in terms of business goals. But such justifications are needed to operate securely and effectively in networked businesses. In this paper, we first compare a Risk-Based Requirements Prioritization method (RiskREP) with some requirements engineering and risk assessment methods based on their requirements elicitation and prioritization properties. RiskREP extends misuse case-based requirements engineering methods with IT architecture-based risk assessment and countermeasure definition and prioritization. Then, we present how RiskREP prioritizes countermeasures by linking business goals to countermeasure specification. Prioritizing countermeasures based on business goals is especially important to provide the stakeholders with structured arguments for choosing a set of countermeasures to implement. We illustrate RiskREP and how it prioritizes the countermeasures it elicits by an application to an action case

Developing quality heathcare software using quality function deployment: A case study based on Sultan Qaboos University Hospital

Development of software is one of the most expensive projects undertaken in practice. Traditionally, the rate of failure in software development projects is higher compared to other kinds of projects. This is partly due to the failure in determining software users’ requirements. By using Quality Function Deployment (QFD), this research focuses on identification and prioritization of users’ requirements in the context of developing quality health-care software system for Sultan Qaboos University Hospital (SQUH) in Oman. A total of 95 staff working at eight departments of SQUH were contacted and they were requested to provide their requirements in using hospital information systems. Analytic Hierarchy Process has been integrated with QFD for prioritizing those user requirements. Then, in consultation with a number of software engineers, a list consisting of 30 technical requirements was generated. These requirements are divided into seven categories and all of them are purported to satisfy the user needs. At the end of QFD exercise, continuous mirror backup from backup category, multi-level access from the security and confidentiality category, linkage to databases from application category emerge as technical requirements having higher weights. These technical requirements should receive considerable attention when designing the health-care software system for SQUH.Software quality; Quality function deployment; Healthcare software; Analytic Hierarchy Process

A framework for prioritizing customer requirements in product design: incorporation of FAHP with AHP

Prioritizing customer requirements in product design requires a tool that could help design engineers make the right decisions at the early stages of the design process. In this paper, a framework incorporating the fuzzy analytic hierarchy process (FAHP) with extent analysis with the analytic hierarchy process (AHP) has been proposed in order to overcome the problems of consistent judgement in FAHP and solve conventional AHP problems in dealing with subjective judgement, especially in prioritizing customer requirements. Based on the case study presented, by incorporating FAHP with AHP, the results are not very different from each other where the ranking of the customer requirements is similar, which implies the validity of FAHP in evaluating customer requirements. The consistency ratio obtained is as much as 8.51%, which is less than 10%. Thus, the consistency of the judgement can be evaluated, while the proposed framework is able to judge imprecise and vague information. Moreover, the incorporation of both methods is applicable and analysis of the consistency ratio from a fuzzy environment is possible

Clean Water for Less Integrated Planning Reduces the Cost of Meeting Water Quality Goals in New Hampshire

Rising populations and increased development in New Hampshire coastal communities have led to a decline in water quality in the Great Bay Estuary. Responding effectively and affordably to new federal permit requirements for treating and discharging stormwater and wastewater will require innovative solutions from communities in the area. The Water Integration for Squamscott-Exeter (WISE) project developed an integrated planning framework through which the coastal communities of Exeter, Stratham, and Newfields could significantly reduce the cost of meeting permit requirements. In this brief, authors Alison Watts, Robert Roseen, Paul Stacey, Renee Bourdeau, and Theresa Walker report that integrated planning could save these communities over $100 million (in fifty-year lifecycle costs) by prioritizing high-impact, low-cost mitigation strategies across permit type and town boundaries. The project, which has received an Environmental Merit award from Environment Protection Agency, also found that attainment of water quality standards in the Exeter–Squamscott River will not be possible without substantial cooperation and investment from upstream communities, which are not currently subject to EPA permit requirements. Collaboration among communities in planning and implementing projects to meet clean water regulations can have significant cost and effectiveness benefits