Knowledge Mobilization in Agile Information Systems Projects: A Literature Analysis

This study focuses on how knowledge is mobilized in agile information systems (IS) projects. One crucial success factor of those projects is to mobilize knowledge through different knowledge management processes. It is vital to establish efficient knowledge management (KM) processes to generate a knowledge culture based on transparency and communication. Communication channels, digital tools, and platforms are essential for establishing a KM infrastructure supporting the knowledge work of the project organization. Thus, each IS implementation team should maintain a knowledge base and a knowledge potential at some level. However, this is not always the case. We conducted a literature review to survey the extant research on the role of KM in agile system development projects. The agile approach is often associated with the networking model and tacit knowledge. The findings indicate that the agile approach is supposed to promote KM. While tacit knowledge is rooted in the analogue process of continuous actions and informal communication, explicit knowledge is captured in digital records of documentation and databases. In KM, the personalization model (behavioural, networking) and the codification (technocratic, repository) model is central. The choice of system development method (agile versus plan-driven) influences how knowledge is mobilized in the project organization. An agile approach heavily relies on informal communication, tacit knowledge sharing, and light documentation. In contrast, the plan-driven methods such as the waterfall approach generate more explicit knowledge through documentation. Communities of practice are important structures for transforming from plan-driven to agile approaches. We present a framework showing specific challenges the literature identifies concerning the efficient mobilization of knowledge in the agile context. For large-scale agile projects, informal coordination mechanisms were important. This study identifies several measures for overcoming barriers and risks for knowledge sharing in the agile context.Knowledge Mobilization in Agile Information Systems Projects: A Literature AnalysispublishedVersio

A qualitative study of penetration testers and what they can tell us about information security in organisations

Purpose: This paper presents a qualitative study of penetration testing, the practice of attacking information systems to find security vulnerabilities and fixing them. The purpose of this paper is to understand whether and to what extent penetration testing can reveal various socio-organisational factors of information security in organisations. In doing so, the paper innovates theory by using Routine Activity Theory together with phenomenology of information systems concepts. Design/methodology/approach: The articulation of Routine Activity Theory and phenomenology emerged inductively from the data analysis. The data consists of 24 qualitative interviews conducted with penetration testers, analysed with thematic analysis. Findings: The starting assumption is that penetration testers are akin to offenders in a crime situation, dealing with targets and the absence of capable guardians. A key finding is that penetration testers described their targets as an installed base, highlighting how vulnerabilities, which make a target suitable, often emerge from properties of the existing built digital environments. This includes systems that are forgotten or lack ongoing maintenance. Moreover, penetration testers highlighted that although the testing is often predicated on planned methodologies, often they resort to serendipitous practices such as improvisation. Originality/value: This paper contributes to theory, showing how Routine Activity Theory and phenomenological concepts can work together in the study of socio-organisational factors of information security. This contribution stems from considering that much research on information security focuses on the internal actions of organisations. The study of penetration testing as a proxy of real attacks allows novel insights into socio-organisational factors of information security in organisations.</p

Refining the PoinTER “human firewall” pentesting framework

PurposePenetration tests have become a valuable tool in the cyber security defence strategy, in terms of detecting vulnerabilities. Although penetration testing has traditionally focused on technical aspects, the field has started to realise the importance of the human in the organisation, and the need to ensure that humans are resistant to cyber-attacks. To achieve this, some organisations “pentest” their employees, testing their resilience and ability to detect and repel human-targeted attacks. In a previous paper we reported on PoinTER (Prepare TEst Remediate), a human pentesting framework, tailored to the needs of SMEs. In this paper, we propose improvements to refine our framework. The improvements are based on a derived set of ethical principles that have been subjected to ethical scrutiny.MethodologyWe conducted a systematic literature review of academic research, a review of actual hacker techniques, industry recommendations and official body advice related to social engineering techniques. To meet our requirements to have an ethical human pentesting framework, we compiled a list of ethical principles from the research literature which we used to filter out techniques deemed unethical.FindingsDrawing on social engineering techniques from academic research, reported by the hacker community, industry recommendations and official body advice and subjecting each technique to ethical inspection, using a comprehensive list of ethical principles, we propose the refined GDPR compliant and privacy respecting PoinTER Framework. The list of ethical principles, we suggest, could also inform ethical technical pentests.OriginalityPrevious work has considered penetration testing humans, but few have produced a comprehensive framework such as PoinTER. PoinTER has been rigorously derived from multiple sources and ethically scrutinised through inspection, using a comprehensive list of ethical principles derived from the research literature

Gamifying Software Testing – A Focus on Strategy & Tools Development

This study aims to introduce new software testing strategies and tools with the aim of creating a more engaging and rewarding environment for software testers. For this purpose, gamification has been selected as a potential solution to raise the performances of testers. Empirical experiments were conducted to validate key factors and metrics influencing the design and development of a gamified software testing system

Contextual critical success factors for the implementation of business intelligence & analytics: A qualitative case study

Business intelligence & analytical (BI&A) implementation success depends on the interplay between CSFs-in-context. One persistent criticism of work in IS implementation has been the neglect of exploring implementation CSFs within a multi-layered context. Findings from a case study at a large banking organization in South Africa suggest that an adequate analysis of business intelligence and analytics implementation involves interweaving a CSF analysis with the distinctive features of its multi-layered context. This includes the bank’s intraorganizational context and the IS and BI setting (inner-context) and the broader socioeconomic and political context (outer-context) as domains of analysis. The evidence shows that the actions and interactions of organizational members involved in the BI implementation were being shaped and constrained by the dynamics within these contexts – in particular, coping with complex contextual challenges exerted increasing demands on the implementation team. The ability of the implementation team to overcome these situational demands was at best mixed and the success of the BI implementation therefore varied from unit to unit within the bank. Practitioners should sharpen their problem-solving skills by assessing CSFs within the unique situations they encounter. Future case study research should provide an explicit description and analysis of CSFs-in-context to deepen our understanding of effective BI&A implementations

Do Reflexive Software Development Teams Perform Better?

Reflexivity, the extent to which teams reflect upon and modify their functioning, is widely recognized as a key factor influencing performance of work teams. The paper proposes that outcome interdependence, defined as the extent to which team members perceive that attainment of goals by their colleagues will facilitate their own goal achievement, will moderate the effect of team reflexivity on its performance. An empirical study with 332 team members of 34 software projects reveals that as predicted team reflexivity and outcome interdependence have both synergistic and antagonistic impacts on team performance. While high outcome interdependence magnified the positive impacts of team reflexivity on its effectiveness, an increase in team reflexivity at low outcome interdependence had a deleterious impact. However, an opposite effect was observed for team efficiency. Further, agile teams demonstrated higher outcome interdependence and team reflexivity, and thereby higher effectiveness, but lower efficiency, compared to teams adopting plan-drive methods of software development. Finally, in general, agile software development projects performed better than plan driven projects for innovative software development, while projects adopting plan-driven methods performed better than agile projects for routine software development

Ambidexterity in large-scale software engineering

Software is pervading our environment with products that become smarter and smarter every day. In order to follow this trend, software companies deliver continuously new features, in order to anticipate their competitors and to gain market share. For this reason, they need to adopt processes and organization solutions that allow them to deliver continuously. A key challenge for software organizations is to balance the resources in order to deliver enough new features in the short-term but also to support the delivery of new features in the long-term. In one word, companies need to be ambidextrous. In this thesis we investigate what ambidexterity is, what are the factors that hinder large software companies to be ambidextrous, and we provide initial solutions for the mitigation of such challenges. The research process consists of an empirical investigation based on the Grounded Theory approach, in which we conducted several case studies based on continuous interaction with 7 large software organizations developing embedded software. The results in this thesis are grounded in a large number of data collected, and corroborated by a combination of exploratory and confirmatory, as well as qualitative and quantitative data collection. The contributions of this thesis include a comprehensive understanding of the factors influencing ambidexterity, the current challenges and a proposed solution, CAFFEA. In particular, we found that three main challenges where hampering the achievement of ambidexterity for large software companies. The first one is the conflict between Agile Software Development and software reuse. The second one is the complexity of balancing short-term and long-term goals among a large number of stakeholders with different views and expertize. The third challenge is the risky tendency, in practice, of developing systems that does not sustain long-term delivery of new features: this is caused by the unbalanced focus on short-term deliveries rather than on the system architecture quality. This phenomenon is referred to as Architectural Technical Debt, which is a financial theoretical framework that relates the implementation of suboptimal architectural solutions to taking a debt. Even though such sub-optimal solutions might bring benefits in the short-term, a debt might have an interest associated with it, which consists of a negative impact on the ability of the software company to deliver new features in the long-term. If the interest becomes too costly, then the software company suffers delays and development crises. It is therefore important to avoid accumulation, in the system, of Architectural Technical Debt with a high interest associated with it. The solution proposed in this thesis is a comprehensive framework, CAFFEA, which includes the management of Architectural Technical Debt as a spanning activity (i.e., a practice shared by stakeholders belonging to different groups inside the organization). We have recognized and evaluated the strategic information required to manage Architectural Technical Debt. Then, we have developed an organizational framework, including roles, teams and practices, which are needed by the involved stakeholders. This solutions have been empirically developed and evaluated, and companies report initial benefits of applying the results in practice