The Case for the Study of Software Management

Software management represents a meaningful and advantageous new direction for traditional Information Systems curricula. The prevailing circumstance for I.S. education lends credence to the ancient curse ... may you live in interesting times. Change has become a stern task master. Hosts of fashionable ideas and newfangled innovations compete to influence the tenor and composition of I.S. training. Software management, as distinguished from software engineering and traditional l.S. study, offers a practical stratagem focused on a pivotal issue in I.S. practice, cost-effective software production. A complete set of principles and methods for efficient manufacture of software has never been studied as such. It isn\u27t that current best practices don\u27t exist. It is just that they are not cardinal elements in traditional studies of computing, which quite appropriately center on the technology itself. The University of Detroit Mercy\u27s graduate curriculum establishes a consistent architecture for an academic program to prepare executive leaders expressly for the software industry. Pragmatically, the challenge was to adopt a reliable point of reference to identify and consolidate a valid course array. Buttressed by a review of the literature, we adopted the thesis that the conceptual framework currently employed to depict the rational management of software is incomplete. Instead, technology-centered approaches have been introduced piecemeal. This has begotten the silver bullet mentality. Consequently, we organized our model curriculum from a higher level of abstraction. This yielded six thematic areas that we believe encompass the entire problem. Taken together these comprise the attributes that differentiate software management from general business management and the other computer disciplines. We present a pragmatic model that details our successful graduate program

Managing Government Regulatory Requirements for Security and Privacy Using Existing Standard Models

This paper posits the use of a well-established standard approach to Federal compliance, which can be easily adapted to satisfy all legal and regulatory requirements for protection of patient personally identifiable information (PII) in health organizations. This approach is embodied in the three standards that dictate how to comply with the Federal Information Security Management Act (FISMA). These standards also provide an excellent foundation for organizing a secure operation anywhere. The discussion revolves around the application of the FIPS 199 and FIPS 200/NIST 800-53(4) standard approach to the satisfaction of the present and upcoming legal and regulatory requirements for health care PII. The outcome would provide a proven, systematically secure and cost efficient solution to those protection needs. The general approach will be explained and justified

Navigating the Information Security Landscape: Mapping the Relationship Between ISO 15408:1999 and ISO 17799:2000

It is crucial for corporations operating in a multinational economy to have a seamless understanding of the security process. For information assurance, ISO 15408:1999 (i.e. Common Criteria) and ISO 17799:2000 are the key standards, both of which are needed for implementing a global approach to security. They provide a definition of the necessary elements of the process as well as the basis for authoritative certification. However, the standards are entirely different in focus. The former is product-oriented while the latter is strategic and organizational. That divergence is an obstacle to creating secure enterprises and it causes disagreement about the meaning and value of the certifications. Mapping the relationship between ISO 15408 and ISO 17799 demonstrates their strengths and weaknesses and encourages organizations to use these standards effectively. The results of our study indicate that while there are overlaps between these two standards, there are also significant gaps

A Prototype Curriculum For The Study Of Software Management

The discipline of Software Management, which is a new and potentially meaningful direction for information technology (IT) education, is presented for the first time in this article.  Software Management is a curriculum model, which specifically addresses the productivity and quality issues that have arisen in IT.  It is distinguished from the traditional disciplines of Computer Science, Software Engineering and Information Science by its body of knowledge, which focuses explicitly on building strategic governance infrastructures rather than technical artifacts.  This article presents curricular recommendations for each traditional discipline and uses these to illustrate Software Management’s unique role and value.  It also presents a conceptual framework and justification, which will assist educators in curriculum development and design issues

Navigating The Leading Edge: A Prototype Curriculum for Software Systems Management

This article presents a meaningful and advantageous new direction for information technology education, embodying principles for systematically optimizing the functioning of the business. Our curriculum was built on the thesis that every aspect of software systems management can be understood and described as a component of four universal, highly correlated behaviors: abstraction, product creation, product verification and validation, and process optimization. Given this, our model curriculum was structured to provide the maximum exposure to current best practice in six thematic areas, which taken together as an integrated set, makes-up the attributes that differentiate us from the other computer disciplines: Abstraction: understanding and description of the problem space Design: models for framing artifact to meet criteria 3, 4, 5, and 6 Process Engineering: application of large models such as IEEE 12207 Organizational Control Systems: SQA and configuration management Evaluation with Measurement: with an emphasis on testing and metrics Construction: professional programming languages with emphasis on reusability Our teaching strategy approaches this as a hierarchy of similar activities. In every course we require the student to define and implement all three interfaces and be able to clearly communicate this as a logically consistent model before working out the details of the solution. The focus of all understanding is top-down from the information interface. Our curriculum centers on the application of software engineering standards (such as those promulgated by IEEE) and the software process improvement, or quality standards (such as those promulgated by SEI and ISO) under the assumption that this embodies the common body of knowledge and state of best practice in software production and management. The practical realization of this is an integration of the large subject areas of: software engineering (methods, models and criteria), process and product quality management (software quality assurance and metrics), software project management (work decomposition, planning, sizing and estimating), and software configuration management. Reconciliation of project and configuration management is accomplished by cross-referencing the problems, tools, notations and solutions (through explicit identification, authorization and validation procedures). As a side agenda, we have also stressed the need for re-engineering the vast number of software products currently on the shelves. This model plus germane simulated real-world experience introduces all of the relevant principles to the student within the (currently understood) framework. It allows them to develop and internalize their own comprehensive understanding and formulate a personal model of the disciplinary body of knowledge

Threat Modeling the Cloud Computing, Mobile Device Toting, Consumerized Enterprise – an overview of considerations

A megatrend triad comprised of cloud computing, converged mobile devices, and consumerization presents complexchallenges to organizations trying to identify, assess, and mitigate risk. Cloud computing offers elastic just-in-time serviceswithout infrastructure overhead. However, visibility and control are compromised. Converged mobile devices offer integratedcomputing power and connectivity. However, end point control and security are compromised. Consumerization offersproductivity gains and reduction in support costs. However, end point control and the organization’s perimeter arecompromised. This paper presents an overview of considerations for organizations impacted by the megatrend triad and,subsequently, shows how threat modeling techniques can be used to identify, assess, and mitigate the attendant risks

Unifying The Body Of Knowledge: Why Global Business Requires A Single Model For Information Security

Every sector in the global economy, from energy, through transportation, finance and banking, telecommunications, public health, emergency services, water, chemical, defense, right down to the industrial, and agriculture sectors, is totally dependent on the reliable functioning of its IT assets. Thus anything that threatens these effectively poses a threat to our way of life. And accordingly, almost any effort expended to protect them is both justifiable and necessary. So the obvious question is… “What is the current state of affairs”?

The Cost Of CMM Deployment In A Conventional IT Organization: A Field Study

Over the past decade the software industry has periodically tried to upgrade its business perform-ance by deploying strategic infrastructure frameworks based on expert models. Each of these schemes is aimed at organizing software work along the lines of commonly understood best prac-tice. Their goal is to optimally align the policies and practices of the IT function so that they di-rectly support and further the purposes and goals of the overall business operation (Lewis, 2001). Although there are no authoritative statistics, arguably one of the most popular approaches is the Software Engineering Institute’s (SEI) Capability Maturity Model (CMM v1.1) moreover it is certainly the framework of choice for the U.S. software industry. It was developed out of the research of Watts Humphrey and the Mitre Corporation and was first published by SEI in 1987 (Humphrey, 87a). Operationally, it is designed to advance the software organization’s processes through five stages, or levels, of increasingly effective performance ranging from Chaos (At the initial end) to Optimized (at the high end). The organization adds best practices at each level, which both underwrites improved performance at that particular stage, as well as leverages advancement to the next stage. The problem is that the “best practices” deployed by CMM are both generic and externally (from the company’s perspective) defined. Consequently they require a complicated and expensive implementation process to specifically tailor the model for each organizational situation.  Since the costs of this are concrete and in the near term and the benefits are (to some extent) intangible and long run, the practical question posed by most CEOs is… “Exactly how much will this cost me?” The lack of a definitive answer to that question has been a barrier to adoption, as well as a source of genuine concern among most business executives. So, there have been numerous studies aimed at determining precisely what the costs and benefits of CMM implementation are. These have been conducted primarily in large, or leading edge organizations (these are best summarized in McGibbon, 1999). However, because such businesses are materially different both in their products and their processes, they tend to start from a different point and they have different requirements than the average small IT shop. So the question remains, “what are the factors and exactly how involved and costly is it to implement CMM in a conventional IT setting?”  That is what we are attempting to answer with this research