The Case for the Study of Software Management

Software management represents a meaningful and advantageous new direction for traditional Information Systems curricula. The prevailing circumstance for I.S. education lends credence to the ancient curse ... may you live in interesting times. Change has become a stern task master. Hosts of fashionable ideas and newfangled innovations compete to influence the tenor and composition of I.S. training. Software management, as distinguished from software engineering and traditional l.S. study, offers a practical stratagem focused on a pivotal issue in I.S. practice, cost-effective software production. A complete set of principles and methods for efficient manufacture of software has never been studied as such. It isn\u27t that current best practices don\u27t exist. It is just that they are not cardinal elements in traditional studies of computing, which quite appropriately center on the technology itself. The University of Detroit Mercy\u27s graduate curriculum establishes a consistent architecture for an academic program to prepare executive leaders expressly for the software industry. Pragmatically, the challenge was to adopt a reliable point of reference to identify and consolidate a valid course array. Buttressed by a review of the literature, we adopted the thesis that the conceptual framework currently employed to depict the rational management of software is incomplete. Instead, technology-centered approaches have been introduced piecemeal. This has begotten the silver bullet mentality. Consequently, we organized our model curriculum from a higher level of abstraction. This yielded six thematic areas that we believe encompass the entire problem. Taken together these comprise the attributes that differentiate software management from general business management and the other computer disciplines. We present a pragmatic model that details our successful graduate program

Managing Government Regulatory Requirements for Security and Privacy Using Existing Standard Models

This paper posits the use of a well-established standard approach to Federal compliance, which can be easily adapted to satisfy all legal and regulatory requirements for protection of patient personally identifiable information (PII) in health organizations. This approach is embodied in the three standards that dictate how to comply with the Federal Information Security Management Act (FISMA). These standards also provide an excellent foundation for organizing a secure operation anywhere. The discussion revolves around the application of the FIPS 199 and FIPS 200/NIST 800-53(4) standard approach to the satisfaction of the present and upcoming legal and regulatory requirements for health care PII. The outcome would provide a proven, systematically secure and cost efficient solution to those protection needs. The general approach will be explained and justified

Navigating the Information Security Landscape: Mapping the Relationship Between ISO 15408:1999 and ISO 17799:2000

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for authoritative certification. However, the standards are entirely different in focus. The former is product-oriented while the latter is strategic and organizational. That divergence is an obstacle to creating secure enterprises and it causes disagreement about the meaning and value of the certifications. Mapping the relationship between ISO 15408 and ISO 17799 demonstrates their strengths and weaknesses and encourages organizations to use these standards effectively. The results of our study indicate that while there are overlaps between these two standards, there are also significant gaps

Unifying The Body Of Knowledge: Why Global Business Requires A Single Model For Information Security

Every sector in the global economy, from energy, through transportation, finance and banking, telecommunications, public health, emergency services, water, chemical, defense, right down to the industrial, and agriculture sectors, is totally dependent on the reliable functioning of its IT assets. Thus anything that threatens these effectively poses a threat to our way of life. And accordingly, almost any effort expended to protect them is both justifiable and necessary. So the obvious question is… “What is the current state of affairs”?

The Cost Of CMM Deployment In A Conventional IT Organization: A Field Study

Over the past decade the software industry has periodically tried to upgrade its business perform-ance by deploying strategic infrastructure frameworks based on expert models. Each of these schemes is aimed at organizing software work along the lines of commonly understood best prac-tice. Their goal is to optimally align the policies and practices of the IT function so that they di-rectly support and further the purposes and goals of the overall business operation (Lewis, 2001). Although there are no authoritative statistics, arguably one of the most popular approaches is the Software Engineering Institute’s (SEI) Capability Maturity Model (CMM v1.1) moreover it is certainly the framework of choice for the U.S. software industry. It was developed out of the research of Watts Humphrey and the Mitre Corporation and was first published by SEI in 1987 (Humphrey, 87a). Operationally, it is designed to advance the software organization’s processes through five stages, or levels, of increasingly effective performance ranging from Chaos (At the initial end) to Optimized (at the high end). The organization adds best practices at each level, which both underwrites improved performance at that particular stage, as well as leverages advancement to the next stage. The problem is that the “best practices” deployed by CMM are both generic and externally (from the company’s perspective) defined. Consequently they require a complicated and expensive implementation process to specifically tailor the model for each organizational situation.  Since the costs of this are concrete and in the near term and the benefits are (to some extent) intangible and long run, the practical question posed by most CEOs is… “Exactly how much will this cost me?” The lack of a definitive answer to that question has been a barrier to adoption, as well as a source of genuine concern among most business executives. So, there have been numerous studies aimed at determining precisely what the costs and benefits of CMM implementation are. These have been conducted primarily in large, or leading edge organizations (these are best summarized in McGibbon, 1999). However, because such businesses are materially different both in their products and their processes, they tend to start from a different point and they have different requirements than the average small IT shop. So the question remains, “what are the factors and exactly how involved and costly is it to implement CMM in a conventional IT setting?”  That is what we are attempting to answer with this research