Focus on Scope Management

IT project performance benchmarking is one of the most important new topic among the FiSMA members. Customers, i.e. the product owners, want to be sure that they don’t pay too much for their IT systems and software. Vendor organizations, the developer teams, need to show their productivity and efficiency compared to the market average. 

From the performance benchmarking viewpoint the three most important knowledge areas of project management are project cost management, project time management, and project scope management. The two most important derived performance metrics are speed of delivery and unit price. Cost and time management and measurement are reasonably well understood in IT project organizations, but project scope has often appeared to be too difficult to measure and manage. Neither the customers nor the developers can measure the amount of IT project outcomes, i.e. the amount of IT system functionality. It’s a pity, because without that information it is not possible to derive either delivery speed or unit price.

FiSMA has launched the northernSCOPE™ concept for IT project scope management already in early 2000. Several success stories about applying the concept have been documented since, including several IT acquisition programs by Ministries of Justice and Social Affairs and Healthcare. Also private sector companies and vendor developer teams have benefitted from the methods and practices of northernSCOPE™. The concept includes the processes, measurement methods and tools for professional IT scope management, many of them developed and instructed by FiSMA working groups during the latest two decades. The European Certification and Qualification Association, ECQA, administers the Certified Scope Manager job role maintenance and certification exams. There are already 150 certified CSM professionals today, in five countries, and they will be the driving force for IT project performance benchmarking and following process improvement within the best product owner and developer organizations. More than 50 activists are also members of FiSMA Scope Manager Forum in 2015.

The Missing Measurement of Usability, Privacy, Security and Accountability Interplay

Usability and Security concepts combined

The human pilot locked the door after the commander left the cockpit for an urgent need. The door cannot be opened by any human from outside the cockpit. Unfortunately, we all know how this story ends. What went wrong? The engineering and management of the security system did not take into account the human experiences and factors, in this story the pilot, the commander and the cabin crew. Similarly Jade from Montreal, traveling to Istanbul via Paris airport, had gone to the ATM to withdraw money. She inserted her credit card and punched her code several times. Then she waited for the cash but to her surprise, there was neither the money nor the receipt nor the card, only a frustrating message “you can request your card from your bank”, meaning in Quebec, not at the Charles de Gaulle Airport.
 

These stories highlighted the importance of the interplay and the required trade-off between security and human factors. Control access security systems, like the cockpit door or the ATM, have to implement the security policies. They have to be usable, accessible and they should not have any impact on the privacy and safety of humans. Certainly, the commander needs a more usable security, or the credit card problems should not occur. But who are the humans and organizations responsible for such disasters when they happened? Privacy and accountability are also human quality factors awaiting for further considerations.

ISO Standards such 25000 and 27000 both list usability and security as two quality attributes for software-intensive systems. The neglected concern is the intimate relationship between usability/quality in use and security. Maintaining an acceptable compromise between usability and security needs first to avoid the current security and software engineering practices suggesting that usability and security can be treated by two different teams. The first team is the Human Computer Interaction (HCI). Their role is to ensure that an acceptable level of usability and a variety of user experiences are supported. The second team is the software and the security engineering developers. Their role is to ensure that the system is secure while available and confidential with the system-held information.

The goal of our research at Lappeenranta University of Technology is to develop a new generation of methods and tools to designing, engineering and testing software-intensive product, service and systems that are usable yet secure, safe and economically valuable. The practical outcomes include standardization recommendations for identifying and modeling the intimate relationships between usability and security characteristics, and their integration into the development of a large variety of security systems and services. Fundamental research agenda includes the development and validation of concepts, metrics, patterns, methods and tools all embedded into an integrative human-centric framework. The framework should also supports the experiences security policy makers and usability experts, as they are humans too and responsible for engineering the right security and ensuring that the usability is right.

Did you find this research proposal interesting? Please contact Prof. Ahmed Seffah, ahmed.seffah@lut.fi

AgiES project concluded

The AgiES project concluded at the end of March 2015. The project worked on the adaption and adoption of agile and lean product development methods into embedded system development and measurement of their effects on well-being at work. The project was carried out in collaboration of the research partners University of Turku and Finnish Institute of Occupational Health and the industry partners Ericsson, BA Group, Lindorff Finland, Nextfour Group, Nordic ID, Neoxen Systems and FiSMA.

The core of the project included several industrial pilot projects directed by University of Turku and well-being at work measurements executed by Finnish Institute of Occupational Health. The pilot projects started with review of initial state in the companies, continuing with introduction and development of agile and lean practices, utilization and observation of these practices in real R&D projects and finally reviewing the end state. The effects on well-being at work were analyzed through interviews, questionnaires as well as through strain and recovery measurements. The collected results where cultivated into the main result of the project, Sulautettujen järjestelmien ketterä käsikirja (Agile handbook of embedded systems), and into several academic articles published during and after the project. The handbook, which has received positive reception, can be downloaded from

http://embedded.utu.fi/kasikirja 

XP2015 Conference in Helsinki 25.5–29.5, at Marina Congress Center

The 16th International Conference on Agile Software Development (XP2015) gathers together an international audience of industrial experts and academics on agile and lean software development. The mission of the conference is to further the state of agile and lean software development by providing a forum at which experts and novices from both industry and academia can meet and learn from each other.

The theme of the conference, "Delivering Value" refers to the fact that many companies using agile and lean software development approches are moving from cyclic delivery of features towards continuous delivery, i.e. compressing the release cycle from months or weeks to days or hours.

The conference program includes keynote speeches by Linda Rising, Harri Oikarinen, and Brian Fitzgerald. There are several pre- and post-conference workshops, tutorials, and tranings available. The different tracks of the conference cover a wide area of interests, for example large-scale agile and lean, and measurement and metrics for agile projects and processes. The conference calls for reports on experiences in addition to original research results. The local organizers are from Aalto University.

More information and registration:

http://www.xp2015.org/

TTY Porin laitoksen ohjelmistotekniikan projekteja 2014

SHOK

• Data to Intelligence (D2I)
  1.2.2012 - 31.1.2016, esitys
• Need for Speed (N4S)
  2014 - 2017

Tekes

• Kiinteistöautomaatiojärjestelmien Data älykäs analysointi (KiiauData)
  1.1.2013 - 31.12.2014, esitys, esimerkkejä

EAKR (ELY-keskus)

• Green ICT Satakunnassa (GICT)
  1.1.2013 - 30.9.2014, esitys
• Avoimista tietovarannoista liiketoimintaa Satakuntaan (AvaraS)
  1.8.2013 - 31.12.2014, sivusto

Ehdokkaita

• Energiahävikkien monitorointi ja ennakoiva kontrollointi (EMEK) 
• Arviointia ja avoimuutta pk-yritysten tarpeisiin (AjATar)

Ohjelmistotekniikan projektitoiminnan yhteyshenkilö: Jari Soini