Mariki M. Eloff

Accommodating Soft Skills in Software Project Management

Introduction Information Technology (IT) project management (software project management) is a sector that has arguably witnessed the highest rate of project failure in the world. Dorsey (2000) pointed out that large information systems projects have been reported to be subject to failure rates between 50-80% and Bupa (2005) stated that according to a recent report by the Standish Group, only one in three IT projects were delivered on time, within budget and according to specification. This is also confirmed by the CHAOS report (The Standish Group, 2001), which is published annually. This is generally not the case with project management concerned with other disciplines due to better management of inherent strengths and weaknesses. IT projects, particularly those of a software nature, have different strengths and weaknesses as compared to traditional engineering projects (Sukhoo, Barnard, Eloff & Van der Poll, 2004a). For instance, some strengths associated with software projects include flexibility, ease of creating backups, scalability, replication and reusability of components while some weaknesses include invisibility, complexity, difficulty to add people to delayed projects and the need for regular upgrades. However, hard skills remain the traditional main focus of most IT project management methodologies. Hard skills, often described as a science (Belzer, 2004), comprise processes, tools and techniques applied to projects. In managing software projects, tools and techniques related to hard skills are given much attention in an attempt to drive projects towards success. Unfortunately, we find that many software projects do not live up to expectations. Soft skills, often described as an art (Belzer, 2004), have been identified as critical for project success. They are often concerned with managing and working with people (Kirsch, 2004). These skills are typically acquired through experience (Belzer, 2004). Companies, like Mastek, Polaris and Sun Microsystems, being conscious of the importance of soft skills, have incorporated such skills into their training agenda (Arora, 2003). This paper presents the soft skills that can possibly lead to an improvement of the success rate of software projects. These software projects, if not managed properly can lead to an escalation of budget and time schedules beyond expectations. Deterioration of quality may be inevitable while deploying efforts to deal with cost overruns and schedule extensions. Motivation for this Research Every year, the CHAOS chronicle (see for example The Standish Group, 2001) reports on the failure rate of IT projects in the USA. Although there was an observed decline in the percentage of failed projects in the USA since 1994 as summarized by Sonnekus and Labuschagne (2004), the same trend may not have been observed in other countries, especially those with a developing economy. Developed countries like the UK and USA are facing an advantageous situation with the use of welladapted methodologies, tools and techniques through rigorous research and development initiatives both from academia as well as from professional bodies like the Project Management Institute (PMI) and Office of Government Commerce (OGC). According to a survey carried out by Sonnekus and Labuschagne (2004), the failure rate of IT projects in South Africa was found to be 22%, which can be observed to be comparable to that of the CHAOS chronicle released in 2000 (see Table 1). Following a survey carried out in 2003 in Mauritius (Sukhoo, Barnard, Eloff & Van der Poll, 2004b), at least 50% of software projects that suffered due to deadline problem, budget overruns and quality problems were found to be 50%, 30% and 10% respectively. In contrast, traditional engineering projects generally achieve much higher success rates. This is due to exploitation of inherent strengths and prudent management of weaknesses associated with engineering projects that are different from those of software projects (Sukhoo, Barnard, Eloff & Van der Poll, 2004a). …

Integrated digital forensic process model

Digital forensics is an established research and application field. Various process models exist describing the steps and processes to follow during digital forensic investigations. During such investigations, it is not only the digital evidence itself that needs to prevail in a court of law; the process followed and terminology used should also be rigorous and generally accepted within the digital forensic community. Different investigators have been refining their own investigative methods, resulting in a variety of digital forensic process models. This paper proposes a standardized Digital Forensic Process Model to aid investigators in following a uniform approach in digital forensic investigations.

Psychosocial risks: Can their effects on the security of information systems really be ignored?

Purpose – The purpose of this paper is to highlight the relation of psychosocial risks to information security (IS). Although psychosocial risks at the workplace have been extensively researched from a managerial point of view, their effect on IS has not been formally studied to the extent required by the gravity of the topic. Design/methodology/approach – Based on existing research on psychosocial risks, their potential effects on IS are examined. Findings – It is shown that as psychosocial risks affect people at the workplace, they diminish their ability to defend IS. Research limitations/implications – Psychosocial risks are identified as a factor in IS breakdown. Future research should be directed towards assessing the significance of the effects of various psychosocial risks on IS, creating an assessment methodology for the resulting IS posture of the organisation and devising mitigation methodologies. Practical implications – The proposed approach will provide a significant part of the answer to the question of why IS fails when all prescribed measures and controls are in place and active. More effective controls for psychosocial risks at the workplace can be created as the incentive of upholding IS will be added to the equation of their mitigation. Social implications – The organisational environment in which human beings are called upon to function in a secure manner will be redefined, along with what constitutes a “reasonable request” from human operators in the context of IS. Originality/value – Bringing together psychosocial risks and IS in research will provide a better understanding of the shortcomings of human nature with respect to IS. Organisations and employees will benefit from the resulting psychosocial risk mitigation.

The Dark Side of Web 2.0

Social networking sites have increased in popularity and are utilized for many purposes which include connecting with other people, sharing information and creating content. Many people on social networking sites use these platforms to express opinions relating to current affairs within society. People do not realize the value of their data divulged on these platforms and the tactics implemented by social engineers to harvest the seemingly worthless data. An attack vector is created when a user can be profiled using responses from one of these platforms and the data combined with leaked information from another platform. This paper discusses methods for how this data, with no significant value to the users, can become a commodity to social engineers. This paper addresses what information can be deducted from responses on social news sites, as well as investigating how this information can be useful to social engineers.

Information Security Management System: Processes and Products

The executive and operational management of organisations today realise that the successful protection of information assets depend on a holistic approach towards the implementation of safeguards. A holistic approach requires that the focus of management should rather be on minimising overall risk exposure as opposed to “tick-off” security safeguards on a checklist. The holistic management of information security requires a well-established Information Security Management System (ISMS). An ISMS addresses all aspects in an organisation that deals with creating and maintaining a secure information environment. Aspects such as policies, standards, guidelines, codes-ofpractice, technology, human, legal and ethics issues all from part of an ISMS. Organisations can opt for different approaches to establishing an ISMS. One way is to implement the controls as contained in a standard or code-of-practice, such as ISO17799. In this case information security is driven from a management process point of view and referred to as “process security”. Another approach that also complement or add to process security, is to use certified products in the IT infrastructure environment when possible. The approach here focuses on technical issues and is referred to as “product security”. The ‘process’ ISMS and the ‘product’ ISMS approaches are only two ways to address information security, each from a different perspective. The question that arises is whether the ‘process’ ISMS and the ‘product’ ISMS can be combined into a more holistic ISMS and what the impact of the one will be on the other. The aim of this paper is.to propose an ISMS that combines “process security” and “product security”.

Ethical and Legal Issues Involved in the Pro-active Collection of Personal Information with the Aim of Reducing Online Disclosure

Pro-actively finding leaked information online can potentially reduce detection times to limit the exposure time of personal information on publicly accessible networks. Often the breaches are discovered by an external third party and not the data owner. The time that data is exposed on the Internet has severe negative implications since a significant amount of information disclosed in a data breach has been proven to be used for cybercrime activities. It could be argued that any reduction of data breach exposure time should directly reduce the opportunity for associated cyber-crime. While pro-active breach detection has been proven as potentially viable in previous work, several aspects of such a system still need to be investigated. This paper aims to highlight some of the major ethical and legal issues when pro-actively collecting personal information, through a South African case study, to assist in reducing the amounts of personal information being disclosed online.

Secure Digital Data Collection in household surveys

Digital Data Collection in South Africa is continuously evolving as technology and infrastructural networks gain momentum with respect to its development. In-field data collection is critical for any national government department who is mandated to supply the country and the international community with official data. The paper aims to illustrate the methods used by Statistics South Africa (StatsSA) in collecting household data using a digital collection process. The Quarterly Labour Force Survey (QLFS) and Dwelling Frame Projects are the primary focus areas of implementation. The paper further focuses on the background to the technology, its usage, problems encountered, lessons learnt, software/ questionnaire development, and more importantly the security issues around the collection of the data.