Leverage your lessons [project management]

In today's fast-moving market, software project teams don't have time to make several attempts to meet a customer's requirements. Teams need to be smart about what they do learning from the experiences of colleagues within their own organization and in the industry. In short, teams need to take the time to do things as “right” as they can because they don't have time to do things over. Why do we often have to do things over? Why do we repeat the mistakes of the past? It's related to this: Insanity is doing things the same way we did them before, but expecting different results. It's hard for a team to get better at what it's doing if it doesn't think about its work and how to improve it. Some project teams do, in fact, think about how and why their projects worked. They gather and document lessons learned. Some teams share that information with others in their organization, and a few teams attempt to review what others have learned as they start a new project or new phase of a project. But many teams do none of this. They're the ones that encounter the same problems over and over again, attributing them to bad luck when, in fact, poor project learning and poor organizational learning are the underlying causes     

The Learning Organization as Facilitator of Complex NPD Projects

With rapid technological and market changes, new product development (NPD) complexity is a significant issue that organizations continually face in their development projects. The inability to recognize and/or manage complexity can cause the best‐intentioned projects to fail. By creating a learning organization attuned to complexity and its management, however, companies are more likely to have the knowledge and skills essential to respond competently to the complexity frequently encountered in NPD projects. In this paper, we first define complexity in NPD and then examine organizational learning as it can assist in dealing with development complexity. Next, we report findings from an exploratory research study on organizational learning and its relationship to product development complexity. The study is based on 32 field interviews with NPD participants regarding their learning experiences in dealing with complexity; the transfer of project learning to other projects; and the factors that minimize/block the transfer of learning among projects. Based on our research, we advance several suggestions for implementing a learning organization designed specifically to capitalize on the experiences of development firms' efforts in dealing with complexity and its consequences.     

Smart task support through proactive access to organizational memory

We describe an approach towards integrating the semantics of semi-structured documents with task-support for (weakly structured) business processes and proactive inferencing capabilities of a desk support agent. The mechanism of our Proactive Inferencing Agent is motivated by the requirements posed in (weakly structured) business processes performed by a typical knowledge worker and by experiences we have made from a first trial with a Reactive Agent Support scheme.Our reactive scheme is an innovative approach for smart task support that links knowledge from an organizational memory to business tasks. The scheme is extended to include proactive inferencing capabilities in order to improve user-friendliness and to facilitate modeling of actual agent support. In particular, the improved scheme copes with varying precision of knowledge found in the organizational memory and it reasons proactively about what might be interesting to you and what might be due in your next step.     

Evaluating Information Technology investments: research findings and reappraisal

Abstract. Investments in Information Technology are large and rising, but frequently the subject of disappointed expectations. Some explanations can be found in how they are evaluated and controlled. The paper reports findings from case study work and a 50 organization research project carried out in 1990-91. It first highlights 10 common problem areas that can be addressed. It then focuses on evaluation at the critical feasibility stage of projects and identifies from the research a number of ways in which evaluation practice can be improved. It finds a fall-off in evaluation at subsequent project stages, little attempt to link evaluation across the lifetime of systems, and a fragmented approach to learning from the evaluation experience for future investments. A number of modern alternatives to traditional financially based investment appraisal techniques that dominate the sample are then critically assessed. Tailored to specific organizational circumstances and projects these offer ways forward. Broader thinking, in terms of Information Systems (IS) investments, and a deeper understanding of IS as human activity systems lead on to multiple effectiveness criteria and related measures. However, major improvements may lie in allying more appropriate techniques and measures to developing evaluation as an organizational and social process, with the deeper organizational learning about IT this would entail.     

Application of machine learning techniques to the flexible assessment and improvement of requirements quality

It is already common to compute quantitative metrics of requirements to assess their quality. However, the risk is to build assessment methods and tools that are both arbitrary and rigid in the parameterization and combination of metrics. Specifically, we show that a linear combination of metrics is insufficient to adequately compute a global measure of quality. In this work, we propose to develop a flexible method to assess and improve the quality of requirements that can be adapted to different contexts, projects, organizations, and quality standards, with a high degree of automation. The domain experts contribute with an initial set of requirements that they have classified according to their quality, and we extract their quality metrics. We then use machine learning techniques to emulate the implicit expert’s quality function. We provide also a procedure to suggest improvements in bad requirements. We compare the obtained rule-based classifiers with different machine learning algorithms, obtaining measurements of effectiveness around 85%. We show as well the appearance of the generated rules and how to interpret them. The method is tailorable to different contexts, different styles to write requirements, and different demands in quality. The whole process of inferring and applying the quality rules adapted to each organization is highly automated.

     

Tool support for disseminating and improving development practices

Knowledge management in software engineering and software process improvement activities pose challenges as initiatives are deployed. Most existing approaches are either too expensive to deploy or do not take an organization’s specific needs into consideration. There is thus a need for scalable improvement approaches that leverage knowledge already residing in the organizations. This paper presents tool support for an Experience Factory approach for disseminating and improving practices used in an organization. Experiences from using practices in development projects are captured in postmortems and provide iteratively improved decision support for identifying what practices work well and what needs improvement. An initial evaluation of using the tool for organizational improvement has been performed utilizing both academia and industry. The results from the evaluation indicate that organizational characteristics influence how practices and experiences can be used. Experiences collected in postmortems are estimated to have little effect on improvements to practices used throughout the organization. However, in organizations where different practices are used in different parts of the organization, making practices available together with experiences from use, as well as having context information, can influence decisions on what practices to use in projects.     

Integrating software specifications into intrusion detection

There exist a number of Intrusion Detection Systems (IDSs) that detect computer attacks based on some defined attack scenarios. The attack scenarios or security requirements in some of these IDSs are specified in attack specification languages that are different from software specification languages. The use of two different languages for software specification and attack specification may generate redundant and conflicting requirements. The advantage of using the same language for both functional specifications and attacks specifications is that software designers can address the two different issues without learning two types of languages. We present a method of integrating Abstract State Machine Language (AsmL) and Unified Modeling Language (UML) state charts that are extended finite state machine based software specification languages, with an open source IDS Snort. This work provides AsmL and UML users an IDS that they can use without knowing how to write Snort rules. We automatically translate attack scenarios written in AsmL and UML state charts into Snort rules with context information. The original Snort is modified so that it can use the rules automatically generated by the translator. Adding context information to Snort rules improves the detection capability of Snort. To show the efficacy of the presented approach, we have built a prototype and evaluated it using a number of well-known attack scenarios.     

Information security management standards: Problems and solutions

International information security management guidelines play a key role in managing and certifying organizational IS. We analyzed BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP, and the SSE-CMM to determine and compare how these guidelines are validated, and how widely they can be applied. First, we found that BS7799, BS ISO/IEC17799: 2000, GASPP/GAISP and the SSE-CMM were generic or universal in scope; consequently they do not pay enough attention to the differences between organizations and the fact that their security requirements are different. Second, we noted that these guidelines were validated by appeal to common practice and authority and that this was not a sound basis for important international information security guidelines. To address these shortcomings, we believe that information security management guidelines should be seen as a library of material on information security management for practitioners.     

Visualization and debugging in a heterogeneous environment

The authors' experiences with visualization and debugging of parallel virtual machine (PVM) applications and two of the tools they have devised to facilitate these tasks are described. One of the tools is a graphical monitoring package called Xab that can visually display PVM activities inside an application running across a network. The other is a graphical programming environment called Hence, which helps the user write, compile, execute, and trace heterogeneous distributed programs. The authors discuss their early work, the present research, and the future directions of these experimental projects     

A practical guide to object-oriented metrics

While there are many ways you can capture your development experiences, metrics can help quantify previous work in a way that can directly guide future efforts. For example, projects of different sizes can require vastly different levels of effort, organizational structure, and management discipline. If you let experience be your guide and understand how a newly proposed system compares to projects you've already completed, you have a much better chance of finishing on time and under budget. A wide range of metrics can aid you in managing projects, but here the author focuses on a particular set of product metrics that highlight and quantify a system's object-oriented (OO) properties. He draws many of the results mentioned here from an analysis of 18 production-level applications built in PowerBuilder-a common GUI tool used for developing client-server database applications on a variety of platforms. (The PowerBuilder metrics analyzer is available free from American Management Systems-http:// www.amsinc.com.) Although these results are derived mainly from PowerBuilder applications, they should still provide practical guidance for development in most OO languages     

The Use of an ERP System to Facilitate Regulatory Compliance

This article reports the findings of a case study conducted in a multinational organization that aims to investigate how an enterprise resource planning system (ERP) can facilitate control over reporting processes and thus ensure compliance with regulatory requirements. The findings demonstrate how the use of an ERP to comply with financial regulation can impact organizational roles. In particular, IT managers must ensure that the ERP addresses regulatory requirements for internal control over financial reporting.     

Scientific Software Development at a Research Facility

The Synchrotron Radiation Computing Group at Daresbury Laboratory develops experiment control and data acquisition software to support scientific research. Here, the authors review their experiences and learning over the past 20 years, examining the organizational structure they use on a project to develop a generic data acquisition (GDA) system. They discuss what worked well, how they adapted methodologies and tools to meet their particular needs, and improvements for the future.     

Modeling the behavior of users who are confronted with security mechanisms

In this paper, we describe a new approach to analyze the trade-off between usability and security frequently found in security-related user interfaces. The approach involves the simulation of potential user interaction behavior by a mixed probabilistic and rule-driven state machine. On the basis of the simulations, user behavior in security-relevant situations can be predicted and user interfaces optimizing intended behavior can be designed. The approach is evaluated in an artificial microworld setting which provides good control over the experimental factors guiding the behavior. A comparison of empirical and simulated behavior in this microworld shows that the approach is already able to accurately predict important aspects of user behavior toward security interfaces, but also identifies future work necessary to better cover all relevant aspects guiding this behavior in a real-world setting.     

The use of ‘exploratory learning’ for supporting immersive learning in virtual environments

User interfaces are becoming more intuitive following the requirements of the individual learner and reinforcing the drive towards more personalised learning and greater learner autonomy. There are clearly a new set of challenges emerging for teaching practitioners that will have implications upon not just what is learned but importantly upon lesson planning. This paper explores these changes to teaching through a consideration of an exploratory learning model which allows practitioners to rethink how they teach in 3D and immersive spaces where learning sequences and experiences are choreographed to support peer interactions and exchanges. The ELM extends from Kolb’s experiential learning model to adapt the use of 3D applications, and provides examples from research and development projects to exemplify how the model works in practice. Teaching in these contexts provides less emphasis upon curriculum and more emphasis upon sequencing learning experiences, meta-reflection, peer assessment and group work.     

Modeling security-relevant data semantics

The use of an extended data model which represents both integrity and secrecy aspects of data is demonstrated. This Semantic Data Model for Security (SDMS) provides a technique that assists domain experts, security officers, and database designers in first understanding their security requirements, and then translating them into a good database design. Identifying security requirements at this semantic level provides the basis for analyzing the security requirements and the database design for inference and signaling vulnerabilities. Another contribution is a comprehensive taxonomy of security-relevant data semantics that must be captured and understood to implement a multilevel secure automated information system     

Tying Knots: Participatory Infrastructuring at Work

Today, most design projects are infrastructuring projects, because they build on technologies, competencies and practices that already exist. While infrastructuring was originally seen as being full of conflicts and contradictions with what is already present, we find that many contemporary reports seem to mainly address participatory infrastructuring as horizontal co-design and local, mutual learning processes in which people attempt to make the most out of available technology. In this paper we expand our view of design activities in three dimensions: First, how participatory processes play out vertically in different political and practical arenas; second, on the back stage of design, the messy activities that occur before, between and after the participatory workshops. And third, on their reach; how they tie into existing networks across organizations, and how agency and initiatives become dispersed within these networks. To illustrate and discuss the process of participatory infrastructuring we use a case study from an educational context. This particular project contains a diverse set of design activities at many organizational levels revolving around technology, decision-making, competence-building, commitment and policy-making. The project highlights these complexities, and our discussions lead to a vocabulary for participatory infrastructuring that focuses on knotworking, rather than structure, and on both horizontal and vertical reach and sustainability. This vocabulary is grounded in the meeting of the literature on infrastructuring, participatory design, and activity theory, and leads to a revised understanding of, for example, learning and conflicts in participatory infrastructuring.     

WISEngineering: Supporting precollege engineering design and mathematical understanding

Introducing engineering into precollege classroom settings has the potential to facilitate learning of science, technology, engineering, and mathematics (STEM) concepts and to increase interest in STEM careers. Successful engineering design projects in secondary schools require extensive support for both teachers and students. Computer-based learning environments can support both teachers and students to implement and learn from engineering design projects. However, there is a dearth of empirical research on how engineering approaches can augment learning in authentic K-12 settings. This paper presents research on the development and pilot testing of WISEngineering, a new web-based engineering design learning environment. Three middle school units were developed using a knowledge integration learning perspective and a scaffolded, informed engineering approach with the goal of improving understanding of standards-based mathematical concepts and engineering ideas. Seventh grade math students from two teachers in a socioeconomically diverse and low-performing district participated in three WISEngineering units over the course of a semester. Students significantly improved their mathematical scores from pretest to posttest for all three projects and on state standardized tests. Student, teacher, and administrator interviews reveal that WISEngineering projects promoted collaboration, tolerance, and development of pro-social skills among at-risk youth. Results demonstrate that informed engineering design projects facilitated through the WISEngineering computer-based environment can help students learn Common Core mathematical concepts and principles. Additionally, results suggest that WISEngineering projects can be particularly beneficial for at-risk and diverse student populations.