A Process Framework for Managing Cybersecurity Risks in Projects

This paper builds on the need for earlier and earlier consideration of cybersecurity risks in the information systems life cycle by focusing on how cybersecurity threats apply to project execution, and whether the project manager should become more cyber-aware. Recent high-profile cases and decisions by the United States Department of Defense (US DoD) support early identification and analysis of cyber security risks. While the authors found no current academic research linking cybersecurity risks and project management, they did find a link between cybersecurity and information technology supply chain management. The paper makes the case for early cybersecurity risk management, and suggests that project managers broaden their awareness of cybersecurity risks. Future directions in the examination of early cybersecurity risks in projects are explored

Using Project Management Knowledge and Practice to Address Digital Forensic Investigation Challenges

The management of digital forensics investigations represents a unique challenge. The field is relatively new, and combines the technical challenges of Information Systems with the legal challenges of forensics investigations. The challenges for the Digital Forensics Investigators and the organizations they support are many. This research effort examines the characteristics and challenges of Digital Forensics Investigations and compares them with the features and knowledge areas of project management. The goal was to determine if project management knowledge, as defined in a common body of knowledge, would be helpful in addressing digital forensics investigation challenges identified in the literature. The results indicate that there are parallels between the two areas

TOWARDS A CONSENSUS DEFINITION OF FULL-STACK DEVELOPMENT

Full-stack development is a new concept systems development. Full-stack developers have broad knowledge across all aspects of a given technology stack. They have the ability to rapidly transform a concept into a functional solution. Their big-picture visibility allows them to anticipate problems early-on and steer projects around them. Many organizations actively recruit full-stack developers. Many programmers are styling themselves as full-stack developers. However, there is some disagreement regarding the meaning of full-stack development. The disagreement primarily concerns the developer’s expected breadth and depth of stack knowledge. The purpose of this research is to develop a consensus definition of full-stack development. A content analysis of articles which discuss full-stack development is performed. The results are synthesized to form a conceptual definition which clarifies the role of full-stack developers. This definition alleviates confusion and provides clarity. The results have implications for research and practice

Three Meta-Phases of a Project

This paper proposes three high-level project meta-phases to enhance the understanding of how projects are created and their long-term impacts after completion. It extends the traditional view of the projects to include activities which occur before the initiation of the project and after the closeout phase. These meta-phases are project conception, project execution, and deliverable use. These meta-phases are described and explained in terms of their usefulness for project management research

The Influence of Group Labs on Student Adoption of Software Methodologies: An Empirical Test

The ACM\u27s CIS curriculum model calls for structured laboratories using groups to instruct students in software engineering methodologies. A social-psychological model of individual acceptance of a technological innovation is employed to empirically test the effectiveness of structured labs in fostering individual adoption of a software engineering methodology. Our findings suggest that a structured labexperience does influence a student\u27s belief system regarding the usefulness of a methodology, leading to a decision to adopt the methodology in completing individual programming assignment

Using Experts for Improving Project Cybersecurity Risk Scenarios

This study implemented an expert panel to assess the content validity of hypothetical scenarios to be used in a survey of cybersecurity risk across project meta-phases. Six out of 10 experts solicited completed the expert panel exercise. Results indicate that although experts often disagreed with each other and on the expected mapping of scenario to project meta-phase, the experts generally found risk present in the scenarios and across all three project meta-phases, as hypothesized

Four Strategies for Driving a University Pre-College Computing Outreach Program

A public university’s computing outreach program focused on four key strategies for increasing the depth and breadth of science, technology, engineering, and mathematics (STEM) education. This paper describes the development and implementation of a project management hands-on learning laboratory activity within the context of the university’s outreach strategies. The first two strategies, establishing relationships with the primary and secondary (K–12) level partner schools and implementing whole-grade participation, have led to repeat visits by students over several years. The third strategy, hands-on learning laboratory activities, has successfully engaged K–12 students, as indicated by the assessment results that provide evidence of successful student learning. The fourth strategy, producer–consumer collaborations, has facilitated the efficient matching of faculty expertise with K–12 teacher needs. The results include the evidence that outreach strategies can have a positive influence on student engagement in STEM education at multiple points in the K–12 education experience

Comparing Entry-Level Skill Depths Across Information Systems Job Types: Perceptions of IS Faculty

This paper compares and contrasts various information systems (IS) job types based on IS faculty perceptions of the skills that comprise each job type. A total of 148 IS academics took part in a skills survey as part of efforts to update of the IS\u2797 curriculum model (Davis, et al, 1997; Cougar, et al, 1995). IS academics perceive themselves are preparing students for four predominant jobs, the most prevalent one being information systems analyst. The results indicate that individual and team/interpersonal skills are perceived as needing the most depth for each of four job types studied; IS analysts and database analysts are the predominant job specializations perceived among IS faculty; and the network administrator and application developer roles have the most potential as sub-specializations. Future studies must validate these findings against industry perceptions of job types and their skill requirements

Aligning ICCP Certification With The IS2002 Model Curriculum: A New International Standard

This is a progress report on actions to align vendor neutral certification for computing and Information Systems professionals with academic standards as codified by the IS2002 Model Curriculum

A Threat Tree for Health Information Security and Privacy

This paper begins a process of organizing knowledge of health information security threats into a comprehensive catalog.We begin by describing our risk management perspective of health information security, and then use this perspective tomotivate the development of a health information threat tree. We describe examples of three threats, breaking each downinto its key risk-related data attributes: threat source and action, the health information asset and its vulnerability, andpotential controls. The construction of such a threat catalog is argued to be useful for risk assessment and to inform publichealth care policy. As no threat catalog is ever complete, guidance for extending the health information security threat tree isgiven