Does Pain Result in Gain? Assessing Cloud Service Certifications\u27 Effectiveness

Cloud service certifications (CSCs) gain increasing attention in practice as a measure against the prevailing uncertainties of cloud computing, but demand efforts for passing audit requirements. However, research findings on certifications\u27 effectiveness are inconclusive. This research-in-progress paper develops a research model to evaluate CSCs\u27 effects on two certification outcomes suggested by trust theory and signaling theory - trust and price premiums - while also accounting for trust in certification authority, reputation, personal relevance of using cloud services and self-provided assurance statements. Compared to extant research on certifications, which primarily focuses on privacy and security in e-commerce, CSCs address a novel product category and provide assurances beyond privacy and security, such as availability and interoperability. Furthermore, by investigating price premiums, we focus on a widely neglected certification outcome. Thus, we expect our model to contribute to a deeper understanding of the contextual conditions under which certifications are effective signals and trust-assurances

A Systematic Mapping of Factors Affecting Accuracy of Software Development Effort Estimation

Software projects often do not meet their scheduling and budgeting targets. Inaccurate estimates are often responsible for this mismatch. This study investigates extant research on factors that affect accuracy of software development effort estimation. The purpose is to synthesize existing knowledge, propose directions for future research, and improve estimation accuracy in practice. A systematic mapping study (a comprehensive review of existing research) is conducted to identify such factors and their impact on estimation accuracy. Thirty-two factors assigned to four categories (estimation process, estimator’s characteristics, project to be estimated, and external context) are identified in a variety of research studies. Although the significant impact of several factors has been shown, results are limited by the lack of insight into the extent of these impacts. Our results imply a shift in research focus and design to gather more in-depth insights. Moreover, our results emphasize the need to argue for specific design decisions to enable a better understanding of possible influences of the study design on the credibility of the results. For software developers, our results provide a useful map to check the assumptions that undergird their estimates, to build comprehensive experience databases, and to adequately staff design projects

The Nature of Adherence to Planning – Systematic Review of Factors Influencing its Suitability as Criterion for IS Project Success

Derived from engineering, adherence to planning (ATP) is the central and most often used criterion for the evaluation of information system (IS) projects. Although this evaluation is questionable, as ATP does not account for all of IS projects’ particularities, a systematic evaluation of ATP’s suitability in the context of IS projects is still missing. As a first step to close this gap, we use aggregations of the project life cycle’s processes and conduct a systematic literature review to identify research dealing with these aggregations. Our results show that ATP’s suitability depends on an IS project’s context, and is not given or at least questionable in many cases. Researchers and managers should adapt the way of evaluating IS projects to avoid misleading implications

Process-driven data and information quality management in the financial service sector

Highly regulated sectors face challenges on data and information quality management (DIQM) to conform to increasing regulations. With the financial service sector, as the most highly regulated industry, we are interested in current and future DIQM challenges. For a sustaining improvement, data quality should be managed process-driven. Process-driven data quality management (PDDQM) provides continuous improvement of data quality by redesigning processes that create or modify data. Therefore, business process management (BPM) is a basis for PDDQM. In an information systems’ context, enterprise resource planning (ERP) systems offer a platform for integrating processes and data. We examine market developments and IT trends by conducting semi-structured expert interviews with participants in IT-strategic decision making. We present current trends in the insurance sector and identify three main DIQM challenges: The IT-independent management of data, an increasing need to engage in PDDQM, and guiding existing and future measures by a data governance framework

A Good Beginning Makes a Good Ending: Incipient Sources of Knowledge in Design Science Research

Design science research (DSR) focuses on providing innovative solution knowledge to complex and hitherto unsolved problems. Identifying both relevant problems and unique solutions require in-depth understanding of the problem domain and potential solution technologies. Incipient sources of knowledge provide the means to find such important design problems, evaluate their relevance, and create innovative, tentative designs to tackle these problems. However, current DSR literature provides little guidance for identification, selection, and consumption of incipient knowledge. In this paper, we, therefore, set out to identify and analyze the incipient sources of knowledge in DSR with the help of a comprehensive literature review. Our work could thereby serve as a starting point for further exploration of the nature of design science knowledge and help to create novel guidelines and research processes that guide the selection and utilization of incipient DSR knowledge sources

The Nature of Adherence to Planning as Criterion for Information System Project Success

Derived from engineering, adherence to planning (ATP) is the central and most often used criterion for the evaluation of information system (IS) projects. Although this evaluation is questionable as ATP does not account for all of IS projects\u27 particularities, a systematic approach for the assessment of ATP\u27s suitability in the context of IS projects is still missing. We propose a theory to explain the suitability of using ATP as success criterion for IS projects. Thereby, we use the project life cycle\u27s processes and their outcomes as the theory\u27s primary constructs. We argue for the constructs\u27 interdependencies corroborated by a systematic literature review. Our results show that ATP\u27s suitability is not given or at least questionable in many cases. Researchers and managers should adapt the way of evaluating IS projects to avoid misleading implications

Architecture and Design of a Patient-Friendly eHealth Web Application: Patient Information Leaflets and Supplementary Services

Patients benefit from information on pharmaceuticals and most patients are willing to read patient information leaflets for their pharmaceuticals. However, the quality of written information on pharmaceuticals leaves room for improvement. To mend insufficiencies of patient information leaflets, an alternative approach for provision of information on pharmaceuticals is illustrated. We present the design and architecture of a web application that provides information in patient information leaflets as well as supplementary services. With a web application supplementary services that cannot as easily be realised with patient information leaflets can be offered. An open-source framework with a robust architecture for rapid application development serves as a foundation of the web application. In combination with the proposed design and architecture, this leads to an extensible, reliable, scalable, customisable and patient-friendly web application with high availability

Research Toward the Practical Application of a Risk Evaluation Framework: Security Analysis of the Clinical Area within the German Electronic Health Information System

The following study provides a risk analysis of the forthcoming nationwide healthcare information system in Germany. Based on the information security audit methodology of the Federal Office for Information Security (BSI), we evaluated the introduction of the new system in hospitals with respect to security. Conceptually, the study focuses explicitly on an organizational level; specifically the use of healthcare telematics components such as electronic health card and health professional card. A dual approach of both security process and risk analysis thereby established an adequate level of information security. For this purpose, an appropriate framework specifically designed for the clinical area is first developed and explained in detail. Based on these perceptions it is possible to precisely check the workflows “patient admission” and “prescription of medicine” for inherent organizational threats. The aim of this paper is to propose appropriate steps to mitigate potential risks before German healthcare telematics comes into use

Development of an Internet-Based Chronic Disease Self-Management System

Patient self-management programs and information systems that support them can improve the quality of healthcare. Flaws in user experience reduce the willingness of patients to adopt such systems. To explore how emerging technology such as rich Internet applications can be used to address the usability issues of personal health information systems, we developed a health self-management application that is based on an open-source framework. In this work we present the architecture of the system, discuss the issues we faced and lessons we learned while developing it. This work can help researchers and practitioners in evaluating approaches towards developing new generation of personal health solutions. Furthermore, this work serves as a basis for implementing a feature-rich system that can improve chronic disease self-management

A design theory for transparency of information privacy practices

The rising diffusion of information systems (IS) throughout society poses an increasingly serious threat to privacy as a social value. One approach to alleviating this threat is to establish transparency of i nformation privacy practices (TIPP) so that consumers can better understand how their information is processed. However, the design of transparency artifacts (eg, privacy notices) has clearly not followed this approach, given the ever-increasing volume of information processing. Hence, consumers face a situation where they cannot see the ‘forest for the trees’ when aiming to ascertain whether information processing meets their privacy expectations. A key problem is that overly comprehensive information presentation results in information overload and is thus counterproductive for establishing TIPP. We depart from the extant design logic of transparency artifacts and develop a theoretical foundation (TIPP theory) for transparency artifact designs useful for establishing TIPP from the perspective of privacy as a social value. We present TIPP theory in two parts to capture the sociotechnical interplay. The first part translates abstract knowledge on the IS artifact and privacy into a description of social subsystems of transparency artifacts, and the second part conveys prescriptive design knowledge in form of a corresponding IS design theory. TIPP theory establishes a bridge from the complexity of the privacy concept to a metadesign for transparency artifacts that is useful to establish TIPP in any IS. In essence, transparency artifacts must accomplish more than offering comprehensive information; they must also be adaptive to the current information needs of consumers