Intangible trust requirements - how to fill the requirements trust "gap"?

Previous research efforts have been expended in terms of the capture and subsequent instantiation of "soft" trust requirements that relate to HCI usability concerns or in relation to "hard" tangible security requirements that primarily relate to security a ssurance and security protocols. Little direct focus has been paid to managing intangible trust related requirements per se. This 'gap' is perhaps most evident in the public B2C (Business to Consumer) E- Systems we all use on a daily basis. Some speculative suggestions are made as to how to fill the 'gap'. Visual card sorting is suggested as a suitable evaluative tool; whilst deontic logic trust norms and UML extended notation are the suggested (methodologically invariant) means by which software development teams can perhaps more fully capture hence visualize intangible trust requirements

BPM, Agile, and Virtualization Combine to Create Effective Solutions

The rate of change in business and government is accelerating. A number of techniques for addressing that change have emerged independently to provide for automated solutions in this environment. This paper will examine three of the most popular of these technologies-business process management, the agile software development movement, and infrastructure virtualization-to expose the commonalities in these approaches and how, when used together, their combined effect results in rapidly deployed, more successful solutions

Safety-Critical Systems and Agile Development: A Mapping Study

In the last decades, agile methods had a huge impact on how software is developed. In many cases, this has led to significant benefits, such as quality and speed of software deliveries to customers. However, safety-critical systems have widely been dismissed from benefiting from agile methods. Products that include safety critical aspects are therefore faced with a situation in which the development of safety-critical parts can significantly limit the potential speed-up through agile methods, for the full product, but also in the non-safety critical parts. For such products, the ability to develop safety-critical software in an agile way will generate a competitive advantage. In order to enable future research in this important area, we present in this paper a mapping of the current state of practice based on {a mixed method approach}. Starting from a workshop with experts from six large Swedish product development companies we develop a lens for our analysis. We then present a systematic mapping study on safety-critical systems and agile development through this lens in order to map potential benefits, challenges, and solution candidates for guiding future research.Comment: Accepted at Euromicro Conf. on Software Engineering and Advanced Applications 2018, Prague, Czech Republi

SensorCloud: Towards the Interdisciplinary Development of a Trustworthy Platform for Globally Interconnected Sensors and Actuators

Although Cloud Computing promises to lower IT costs and increase users' productivity in everyday life, the unattractive aspect of this new technology is that the user no longer owns all the devices which process personal data. To lower scepticism, the project SensorCloud investigates techniques to understand and compensate these adoption barriers in a scenario consisting of cloud applications that utilize sensors and actuators placed in private places. This work provides an interdisciplinary overview of the social and technical core research challenges for the trustworthy integration of sensor and actuator devices with the Cloud Computing paradigm. Most importantly, these challenges include i) ease of development, ii) security and privacy, and iii) social dimensions of a cloud-based system which integrates into private life. When these challenges are tackled in the development of future cloud systems, the attractiveness of new use cases in a sensor-enabled world will considerably be increased for users who currently do not trust the Cloud.Comment: 14 pages, 3 figures, published as technical report of the Department of Computer Science of RWTH Aachen Universit

Rethinking Security Incident Response: The Integration of Agile Principles

In today's globally networked environment, information security incidents can inflict staggering financial losses on organizations. Industry reports indicate that fundamental problems exist with the application of current linear plan-driven security incident response approaches being applied in many organizations. Researchers argue that traditional approaches value containment and eradication over incident learning. While previous security incident response research focused on best practice development, linear plan-driven approaches and the technical aspects of security incident response, very little research investigates the integration of agile principles and practices into the security incident response process. This paper proposes that the integration of disciplined agile principles and practices into the security incident response process is a practical solution to strengthening an organization's security incident response posture.Comment: Paper presented at the 20th Americas Conference on Information Systems (AMCIS 2014), Savannah, Georgi

An Empirical Study on Decision making for Quality Requirements

[Context] Quality requirements are important for product success yet often handled poorly. The problems with scope decision lead to delayed handling and an unbalanced scope. [Objective] This study characterizes the scope decision process to understand influencing factors and properties affecting the scope decision of quality requirements. [Method] We studied one company's scope decision process over a period of five years. We analyzed the decisions artifacts and interviewed experienced engineers involved in the scope decision process. [Results] Features addressing quality aspects explicitly are a minor part (4.41%) of all features handled. The phase of the product line seems to influence the prevalence and acceptance rate of quality features. Lastly, relying on external stakeholders and upfront analysis seems to lead to long lead-times and an insufficient quality requirements scope. [Conclusions] There is a need to make quality mode explicit in the scope decision process. We propose a scope decision process at a strategic level and a tactical level. The former to address long-term planning and the latter to cater for a speedy process. Furthermore, we believe it is key to balance the stakeholder input with feedback from usage and market in a more direct way than through a long plan-driven process

A Knowledge Transfer Partnership - the development of a Bespoke Enterprise Resource Planning System in the UK

Abstract. A Knowledge Transfer Partnerships (KTP) is a UK-wide programme designed to enable businesses to improve their competitiveness, productivity and performance. A KTP achieves this through the forming of a Partnership between a business and an academic institution. The aim is to enable businesses to access skills and expertise from academics and embed this knowledge in their businesses in order to develop the business. The knowledge sought is embedded into the business through a project, or projects, undertaken by a recently qualified person (known as the Associate). Part funding is provided by the government towards the Associate’s salary and towards the release of an Academic supervisor who works a half a day a week at the company. KTPs can vary in length from 6 months to three years, depending on the needs of the business and the desired outcomes. Therefore a KTP enables new capability to be embedded into the business and has benefited and continues to benefit a wide range of businesses across many sectors in the UK, including micro sized, small and large businesses across many sectors. This paper describes a Knowledge Transfer Partnership project between the University of Hertfordshire and a small and medium sized enterprise (SME) based in Cambridgeshire, UK.Final Accepted Versio

The Design and Implementation of a bespoke Enterprise Resource Planning System (ERP) for an acoustical engineering company

This paper will describe the tasks completed so far as part of a Knowledge Transfer Partnership between the University of Hertfordshire and Acoustical Control Engineers (ACE) a ‘small and medium sized enterprise’ (SME) based in Cambridgeshire, UK. ACE’s 25 personnel design, manufacture and install noise and vibration control systems to solve a wide range of acoustic problems. The projects undertaken include acoustic enclosures for supermarket refrigeration plant and for generators used in many situations, together with other more diverse applications such as controlling noise in the workplace and even on a luxury boat. Before the current KTP project the company used some partially computerised systems consisting of spreadsheets to perform acoustic analyses, pricing and project management functions supplemented with a paper based system to ‘fill the gaps’. Enterprise Resource Planning (ERP) systems provide an integrated database for all parts of the organisation allowing decisions to be based on a complete understanding of the organisation’s information, avoiding the problems due to duplication of data and ensuring that the consequences of decisions in one part of the organisation are reflected in the planning and control systems of the rest of the organisation. ERP systems became popular from the 1990’s mainly in relatively large organisations due to the complexity and cost of these systems. This project is unusual in that rather than adapting an off-the-shelf ERP solution to ACE’s very specific and specialised requirements we are taking an ERP development approach in an SME whose legacy systems are made up of spreadsheet and paper based systems. For the software development an Agile approach has been used. Agile involves software development methods based on iterative and incremental development. The initial attempt was to start developing the ERP from an Open Source ERP Source Code; however this effort was futile as a result of the bespoke nature of ACE’s business and product lines. Mapping ACE’s data model to the database which any existing ERP system could be adapted to, proved to be a very difficult problem. Therefore, developing the ERP from first principles was inevitable. Several of the ERP modules have been developed, user training has taken place and the core modules have been signed off. The project is due to complete in September 2014 and by this time we will have further information on how the ERP system has increased the competitiveness of the company, as well as experience of introducing an ERP into an SME. However, as would be expected the work undertaken developing the system so far has had several significant effects on ACE and acted as a catalyst for change in various parts of ACE’s business.Non peer reviewe

Some Findings Concerning Requirements in Agile Methodologies

gile methods have appeared as an attractive alternative to conventional methodologies. These methods try to reduce the time to market and, indirectly, the cost of the product through flexible development and deep customer involvement. The processes related to requirements have been extensively studied in literature, in most cases in the frame of conventional methods. However, conclusions of conventional methodologies could not be necessarily valid for Agile; in some issues, conventional and Agile processes are radically different. As recent surveys report, inadequate project requirements is one of the most conflictive issues in agile approaches and better understanding about this is needed. This paper describes some findings concerning requirements activities in a project developed under an agile methodology. The project intended to evolve an existing product and, therefore, some background information was available. The major difficulties encountered were related to non-functional needs and management of requirements dependencies