Noor Habibah Arshad

Chaos issues on communication in Agile Global Software Development

Currently, the distance related to time and location between distributed software development teams is considered contributing to the chaotic environment of Global Software Development (GSD). Furthermore, when it involves using Agile method where communication is crucial between developers and customers. This paper aim to discussed the issues that have occurred related to the communication in Agile Global Software Development (AGSD). Literature survey has been carried out to gather information from the previous works as well as from forum feedback by practioners globally. The chaos issues are then illustrated using conceptual model, tabulated based on authors and then discussed. Identification of chaos issue is important in order to highlight the real problems that had happened in AGSD. Based on the identified chaos issues related to communication, it will somehow help the researchers and practitioners to acknowledge the real problems that had occurred in AGSD.

Information security risk factors: Critical threats vulnerabilities in ICT outsourcing

Information Communication Technology (ICT) Outsourcing provides an effective ways to cut cost, launch new business venture and improve efficiency. Sometimes, ICT outsourcing can lead to an information security risk incident that might be difficult to manage and mitigate. Hence, the objectives of the research are to determine the information security risk factors, consisting of threats and vulnerabilities; and to discuss their criticalness in Malaysian ICT outsourcing projects. Questionnaires were distributed to various private companies and government agencies for the study. The findings of the research show that the most critical threats are system error and ICT failures; and the most critical vulnerability is insufficient attention to human factors in system design and implementation. This paper also highlights other critical information security risk factors in ICT outsourcing projects. Through the findings, private companies and government agencies would be able to identify critical information security risk factors and address them appropriately and effective.

IT governance practices model in IT project approval and implementation in Malaysian public sector

In this global era, IT investment is rapidly increasing. IT governance practices must be emphasized in order to retrieve competitive advantage from IT investment. The aim of this research is to develop IT governance practices model for Malaysian public sector. Interview sessions with IT personnel at management level at Putrajaya were conducted. Based on the interviews, a theoretical model of IT governance which consists of senior management involvement in IT, corporate performance measurement systems, corporate communications systems, risk management, strategic alignment, value delivery, ethics/culture of compliance and resource management was constructed. Thus the structure, process and mechanism involved in each of the entities in the model could assist Malaysian public sector to inculcate IT governance practices in their operations in order to sustain competitive advantage.

Information Technology governance practices in Malaysian public sector

Organizations need to establish effective IT governance practices in order to stay competitive. The aim of this research is to determine the extent of IT governance practices in Malaysian public sector and to determine factors contributes towards IT governance practices. Questionnaire was constructed and distributed to IT management level personnel in public agencies in Klang Valley and Putrajaya. From the findings, it can be noted that 65.7 percent (65.7%) of the respondents has practiced IT governance in their organizations. There were several factors being identified as contributors towards IT governance practices such as senior management involvement in IT, corporate performance measurement systems, corporate communications systems, risk management, strategic alignment, value delivery, ethics/culture of compliance and resource management. Thus, the findings and discussion in this paper could assist Malaysian public sector to incorporate effective IT governance practices in their daily operation.

Development of Rasch-based descriptive scale in profiling information professionals’ competency

The development of Rasch measurement model has rapidly expanded from social science, educational fields to other technology and engineering field as well. This study is an attempt to apply Rasch Measurement in the field of technology to assess Information Professionals’ (IP) competency. Bloom’s Taxonomy is used as the framework for assessment whilst utilising Rasch model in constructing the measurement in evaluating the competencies. Assessment only generates raw score and need to be transformed into meaningful measurement values. Rasch model measurement enable tabulation the IP; person and, a given task; the items, on a distribution map (PIDM) on a common scale termed logit. It gives a more accurate estimate of the IP’s achievement on a linear scale of measurement. Comparative analysis against the traditional histogram tabulation and simple mean shows that Rasch measurement was found to give a better exploratory depth in understanding the ability of each IP. Despite the small sample size, the IP were clearly categorized according to the respective workgroup cluster, knowledge and skills. This leads to a new paradigm in assessing competency of IP individuals using Rasch model. A new descriptive scale is developed to classify IP’s by class intervals as measured by Rasch Model.

Risk management practices in IT outsourcing projects

Risk management in IT outsourcing projects is a process of identifying, analyzing, controlling and reducing risks in IT outsourcing projects life cycle. Risk management is important as the practices of risk management will reduce the risks thus lead to success in IT outsourcing projects. Risk management should be conducted in IT outsourcing as it will foresee risks that might disturb the smooth flowing of IT outsourcing and prevent or reduce the impact of risks if they occur. Therefore, the primary objective of this paper is to analyze how organizations conducted risk management in IT outsourcing practices. The findings revealed that organizations highly considered the last phase of risk management in IT outsourcing which is on-going monitoring. The organizations least considered the first phase; analysis of decision to outsource whereas this phase is very important as a preparation to enter IT outsourcing activities. Therefore, even though other phases were highly considered, lack of initial preparation will reduce the probability of success in IT outsourcing. For future works, the weaknesses and vulnerability of current practices will then be enhanced and framework of risk management in IT outsourcing will then be developed.

E-cost estimation using expert judgment and COCOMO II

The accuracy and efficiency of cost estimation methodology for web-based application is very important for software development as it would be able to assist the management team to estimate the cost. Furthermore, it will ensure that the development of cost is within the planned budget and provides a fundamental motivation towards the development of web-based application project. The literature review reveals that COCOMO II provides accurate result because more variables are considered including reuse parameter. The parameter is one of the essential variables in estimating the cost in web-based application development. This research investigates the feasibility to combine and implement COCOMO II and expert judgment technique in a tool called WebCost. In estimating a cost, the tool considers all variables in COCOMO II and requires expert judgment to key-in the input of the variables such as project size, project type, cost adjustment factor and cost driven factor. Developed in JAVA, WebCost is proven able to estimate cost and generate its estimation result. The usability evaluation conducted had shown that WebCost is usable when compared with other tools, it has its own advantages. WebCost is evidence suitable for everyone especially the project managers, software practitioners or software engineering student in handling the cost estimation tasks.

Information Security Risk Management: An Empirical Study on the Difficulties and Practices in ICT Outsourcing

Information Communication Technology (ICT) services become more importance in today business environment. Most of the organizations which were not have enough resources and expertise outsource their ICT project to vendors. Conversely, the strategy could also contribute to some risks especially information security risks that could expose organizational information assets directly involved with ICT services at risks. An appropriate information security risk management (ISRM) in ICT outsourcing should be in place to facilitate efficiency of practices how to manage information security risks in ICT outsourcing. The objective of this research is to conduct an empirical study on the relationship between difficulties and practices of ISRM in ICT Outsourcing. Questionnaires were distributed to 300 private companies from various industry and government agencies in Malaysia for the study. Findings of the study show that difficulty of ISRM process influences its practices in ICT outsourcing. Through the findings, influence strength between difficulties and practices of information security risk management approach in ICT outsourcing project has been discovered. Risk treatment planning task was considered as the most difficult and risk control task was considered the least difficult in ISRM cycle. However most of the organization plans their risk treatment task since an appropriate plan could ensure more effective information security risk management implementation. In conclusion, difficulties of organization current (ISRM) practices for ICT Outsourcing shows that their current practices required for review and improvement appropriately for ICT outsourcing implementation. Hence, it’s would encourage development of more comprehensible and effective approach managing information security risk for ICT outsourcing project.

IT outsourcing and knowledge transfer in Malaysia

Information technology outsourcing (ITO) has grown to become a multi-billion dollar business especially with the growth of the e-business paradigm. In education, IT and knowledge outsourcing have been widely used in the last decade. However, there are also risks involved in ITO. An important risk that must to be considered is the knowledge transfer during the ITO activities. The biggest value of knowledge can be achieved in an organization or university when it is shared, as it can help to increase job performance and facilitate new knowledge creation. The aims of this paper are to 1) provide an overview of ITO in institution of higher education, 2) identify factors influencing knowledge transfer in ITO and 3) present a knowledge transfer model for ITO in Malaysia. The findings of the research presented herewith showed that the quality content and accuracy of knowledge to be transferred, distribution capacity of knowledge provider (KP), knowledge receivers (KR) perceived benefit and knowledge infrastructures or enablers, ICT infrastructure, staff posting, trust and job satisfaction were perceived as important in determining the success of knowledge transfer during an ITO. Through the findings, a model of knowledge transfer in ITO was developed.

Information security risk management: An empirical study on the importance and practices in ICT outsourcing

There are many organizations opt for outsourcing in order to cut cost and improve efficiency for their ICT services. On the other hand, ICT outsourcing could also contribute to some risks especially information risks that could jeopardize information asset in the company. An appropriate information security risk management (ISRM) in ICT outsourcing should be in place in order to minimize the potential risks and their impact to business operation as well as ICT services. The objective of this research is to conduct an empirical study on the relationship between importance and practices of ISRM in ICT Outsourcing. Questionnaires were distributed to various private companies and government agencies in Malaysia for the study. Findings of the study show that importance of ISRM process influences its practices in ICT outsourcing. Through the findings, information security risk professional would be able to identify the importance of ISRM and improve their practices in managing information security risk for ICT outsourcing projects. Finally, companies and government agencies need to improve their practices managing information risks in ICT Outsourcing.