A Prototype Curriculum For The Study Of Software Management

The discipline of Software Management, which is a new and potentially meaningful direction for information technology (IT) education, is presented for the first time in this article.  Software Management is a curriculum model, which specifically addresses the productivity and quality issues that have arisen in IT.  It is distinguished from the traditional disciplines of Computer Science, Software Engineering and Information Science by its body of knowledge, which focuses explicitly on building strategic governance infrastructures rather than technical artifacts.  This article presents curricular recommendations for each traditional discipline and uses these to illustrate Software Management’s unique role and value.  It also presents a conceptual framework and justification, which will assist educators in curriculum development and design issues

Navigating The Leading Edge: A Prototype Curriculum for Software Systems Management

This article presents a meaningful and advantageous new direction for information technology education, embodying principles for systematically optimizing the functioning of the business. Our curriculum was built on the thesis that every aspect of software systems management can be understood and described as a component of four universal, highly correlated behaviors: abstraction, product creation, product verification and validation, and process optimization. Given this, our model curriculum was structured to provide the maximum exposure to current best practice in six thematic areas, which taken together as an integrated set, makes-up the attributes that differentiate us from the other computer disciplines: Abstraction: understanding and description of the problem space Design: models for framing artifact to meet criteria 3, 4, 5, and 6 Process Engineering: application of large models such as IEEE 12207 Organizational Control Systems: SQA and configuration management Evaluation with Measurement: with an emphasis on testing and metrics Construction: professional programming languages with emphasis on reusability Our teaching strategy approaches this as a hierarchy of similar activities. In every course we require the student to define and implement all three interfaces and be able to clearly communicate this as a logically consistent model before working out the details of the solution. The focus of all understanding is top-down from the information interface. Our curriculum centers on the application of software engineering standards (such as those promulgated by IEEE) and the software process improvement, or quality standards (such as those promulgated by SEI and ISO) under the assumption that this embodies the common body of knowledge and state of best practice in software production and management. The practical realization of this is an integration of the large subject areas of: software engineering (methods, models and criteria), process and product quality management (software quality assurance and metrics), software project management (work decomposition, planning, sizing and estimating), and software configuration management. Reconciliation of project and configuration management is accomplished by cross-referencing the problems, tools, notations and solutions (through explicit identification, authorization and validation procedures). As a side agenda, we have also stressed the need for re-engineering the vast number of software products currently on the shelves. This model plus germane simulated real-world experience introduces all of the relevant principles to the student within the (currently understood) framework. It allows them to develop and internalize their own comprehensive understanding and formulate a personal model of the disciplinary body of knowledge

Embedding Security Functionality In Formal Specifications Of Requirements

The methodology in this paper will let designers specify the security properties defined through the functional families of the ISO/IEC 15408 Standard, graphic representations.  This blueprint will allow both business and technical participants, to discuss and refine a common solution.  It also serves as a roadmap, to guide the implementation process. We feel this can become a useful supporting methodology for the construction of effective security responses, because it ensures both the widest possible participation in the design process as well as the greatest degree of understanding.  The fact that the advice of the world’s experts is readily available and easy to use as a result of this process might also serve to make the mission to protect America’s information assets a little more effective

Threat Modeling the Enterprise

Current threat modeling methodologies and tools are biased toward systems under development. While, organizations whose IT portfolio is made up of a large number of legacy systems, that run on fundamentally different and incongruous platforms and with little or no documentation, are left with few options. Rational, objective analysis of threats to assets and exploitable vulnerabilities requires, the portfolio to be represented in a consistent and understandable way based on a systematic, prescriptive, collaborative process that is usable but not burdensome. This paper describes a way to represent an IT portfolio from a security perspective using UML deployment diagrams and, subsequently, a process for threat modeling within that portfolio. To accomplish this, the UML deployment diagram was extended, a template created, and a process defined

Evaluating Return On Investment For Software Process Improvement Projects

This article presents a simple approach that will allow decision-makers to evaluate the return on investment of software process improvement prior to launching such an effort. Obviously, it will be easy to tell ten years up the road whether the right decision was made. But a CEO, or CIO contemplating laying out six, or seven figures for the additional personnel and resources to conduct SPI is not in a position to make that call and the wise ones will not be led into it by blind faith. The problem is assessing the risks and returns of such a project in terms and perspective that a non-technical decision-maker can understand. We believe our instrument serves that purpose

Data Mining and the Five Pillars of Information Assurance: Where Does Society Draw the Line?

The intent of this paper is to examine the basics of the legal, social and ethical issues implicit in commercial data mining ventures. With the advances in middleware and the enhancements to Business Intelligence tools, mining of the virtual data warehouses is expanding faster than the processes that control them. The question is, “How can organizations apply the 5 pillars of Information Assurance to this mining operation, while not alienating the individuals from whom the information is collected? What are the legalities of confidentiality, and how do we prevent the invasion of privacy. Who is truly the owner of the data being captured, stored, and interrogated?” The ethical questions with regard to the ability to collect versus the correctness of collecting available data, as well as insider snooping of the collected data will be explored. Lastly, the recent findings on the social impact of the data’s integrity and authentication will be reviewed in the light of the Choice Point exploit