Taizan Chan

Identification and Analysis of Business and Software Services—A Consolidated Approach

Although the benefits of service orientation are prevalent in literature, a review, analysis, and evaluation of the 30 existing service analysis approaches presented in this paper have shown that a comprehensive approach to the identification and analysis of both business and supporting software services is missing. Based on this evaluation of existing approaches and additional sources, we close this gap by proposing an integrated, consolidated approach to business and software service analysis that combines and extends the strengths of the examined methodologies.

An ERP maintenance model

Enterprise resource planning (ERP) maintenance and upgrade activities are receiving much attention in ERP-using organizations. Annual maintenance costs approximate 25% of initial ERP implementation costs, and upgrade costs as much as 25-33% of the initial ERP implementation. Still, the area of ERP maintenance and upgrade is relatively new and understudied as compared to ERP implementation issues. Many organizations lack experience and expertise in managing ERP maintenance and upgrade effectively. This situation is not helped by the lack of a standard ERP maintenance model that could provide practitioners with guidelines on planning, implementing and upgrading an ERP. Although software maintenance model standards exist, they have been found in a recent study to be insufficient for ERP maintenance and upgrade processes. In order to bridge this gap in literature and practice, this study proposes a preliminary ERP maintenance model, reflecting fundamental ERP maintenance and upgrade activities. A detailed case study was conducted to gather empirical data for developing such an ERP maintenance model. Data analysis identified (potential) benefits of the maintenance model to ERP-using organizations generally, and to the case firm in particular.

Large packaged application software maintenance: a research framework

This paper seeks to stimulate research on large application package software maintenance by presenting a tentative framework for future research in the area, partially instantiating that framework with examples from the papers in this special issue of the Journal of Software Maintenance and Evolution, highlighting other specific areas of research need and neglect, and posing a long list of related research questions. The user-organization-centric research framework captures relevant and interacting factors that can impact maintenance strategy, including software-source, support-source, and organizational and environmental contexts. These are viewed from the perspectives of four key stakeholders in the new distributed maintenance arrangement. In addition to the user-organization, stakeholders include the software vendor, third-party service providers, and society. Key messages from the paper include: maintenance generates benefits as well as costs; all stakeholders must have a lifecycle-wide view of maintenance costs and benefits; there is value in understanding all stakeholder perspectives; various software and related support sourcing alternatives have substantial maintenance incidence implications (incidence of costs, benefits, and responsibilities); and maintenance knowledge sourcing decisions should be made in the light of lifecycle-wide maintenance knowledge requirements.

A client-benefits oriented taxonomy of ERP maintenance

The worldwide installed base of Enterprise Resource Planning (ERP) systems has increased rapidly in size over the past 10 years now comprising tens of thousands of installations in large- and medium-sized organizations and millions of licensed users. Similar to traditional Information Systems (IS), ERP systems must be maintained and upgraded. It is therefore not surprising that EPP maintenance activities have become the largest budget provision in the IS departments of ERP-adopting organizations. Yet, there has been very limited study conducted on ERP maintenance activities. Are they simply instances of traditional software maintenance activities to which traditional software maintenance research findings can be generalized? Or are they fundamentally different activities, such that new research, specific to ERP maintenance, is required to help alleviate the ERP maintenance burden? This paper reports a case study of a large organization that implemented ERP (an SAP system) two years ago. From the case study and data collected, we observe that (1) an ERP-employing organization does not only maintain user change request but also implement maintenance introduced by the vendor; (2) request for user-support. concerning the ERP system usage, and training constitutes a main part of ERP maintenance activities; and (3) configuration is a major ERP maintenance component. We find that ERP maintenance activities are indeed different from traditional in-house software maintenance in a way that these maintenance activities cannot be sufficiently described by existing taxonomies used to classify traditional software maintenance activities. We propose a benefits-oriented taxonomy that better represents ERP enhancement maintenance activities.

Using the Internet to Administer More Realistic Vignette Experiments

This article illustrates an innovative method of administering stated choice studies (or vignette experiments) using computers and the Internet. The use of video clips to deliver information to research participants makes vignettes more realistic, helps to engage interest of research participants, and can reduce framing effects. The method also provides research participants with interactive options before making judgments. A study to determine the views of older people regarding residential options is used to illustrate the method. Even older people with limited experience in using computers participated successfully. The study findings showed that research participants responded both to the audiovisual characteristics of vignette persons and to the variables in the vignette structure.

Barriers to Formal IT Governance Practice -- Insights from a Qualitative Study

IT Governance (ITG) continues to be a top priority for organizations, public and non-public. While the level of awareness towards ITG is evident, it is hardly manifested in practice. The purpose of this study is to elicit factors that act as barriers to the adoption of formal ITG practice. This qualitative study consists of 9 semi-structured interviews with the key person in charge of ITG adoption and practice within their respective organizations. The interviews were analyzed using thematic content analysis, guided by themes previously obtained from the literature and from an earlier pilot study. Findings obtained supported previous findings and also reveal new factors noticeably absent from the ITG literature. The findings will provide useful input towards the development of a causal model on barriers to formal ITG practice.

What Is the Influence of Users’ Characteristics on Their Ability to Detect Phishing Emails?

Phishing emails cause significant losses for organisations and victims. To fight back against phishing emails, victims’ detection behaviours must be identified and improved. Then, the impact of victims’ characteristics on their detection behaviours must be measured. Three methods, namely experiments, surveys and semi-structured interviews, were applied in our research to gain a richer understanding of victims’ behaviours concerning phishing emails. Several user characteristics were measured using the deception detection model. The results suggest that users’ characteristics either increase or decrease their suspicions. Characteristics such as user extraversion, trust and submissiveness represent variables that prevent victims from suspecting phishing emails. In contrast, email experience increases victims’ suspicion of phishing emails. Furthermore, victims’ personality characteristics and a variable called the susceptibility variable play important roles in increasing the tendency of victims to execute the actions requested in phishing emails.

Beyond productivity in software maintenance: factors affecting lead time in servicing users' requests

Research on the economics of software maintenance has concentrated on software maintenance productivity. More often than not, maintenance productivity is measured by the number of hours spent in servicing a maintenance request. While this measure captures the cost of an information systems (IS) department, it ignores a potential opportunity cost to the users that is better captured by the lead time taken to fulfil a request. Using detailed data of more than 1000 maintenance projects collected at a field site over a 6-year period, we examine how the lead time of a request is affected by factors such as the characteristics of the system, the request, and the maintainer responsible for the request. We found that the complexity of a request significantly postpones its lead time. The lead time is also increased by the internal lead time target set by the IS department based on staff availability. We also divided the lead time into the queuing time and the service time components and study how they are influenced by the same factors.

Impact of programming and application-specific knowledge on maintenance effort:A hazard rate model

We empirically test the relative impact of general programming knowledge and application-specific knowledge on maintenance productivity. One hundred undergraduates participated in a quasi-experiment that required them to perform two maintenance tasks in sequence on an inventory control application. Each maintenance task involved a modification to the original application and the hours needed to complete each maintenance task are used to measure productivity. Since subjects may submit modifications that do not meet all the user requirements, the person-hours spent can be less than the actual hours required if modified applications were to meet the user requirements completely. That is, the observed time effort censored the actual required time effort. To overcome the challenge of this censored time problem, we use a proportional hazard model to model the effect of human capital on productivity. The method of maximum likelihood estimation was used to estimate the model parameters. Our study enables us to draw several implications for formulating hiring policies relating to software maintenance.

An empirical study on the susceptibility to social engineering in social networking sites: the case of Facebook

Research suggests that social engineering attacks pose a significant security risk, with social networking sites (SNSs) being the most common source of these attacks. Recent studies showed that social engineers could succeed even among those organizations that identify themselves as being aware of social engineering techniques. Although organizations recognize the serious risks of social engineering, there is little understanding and control of such threats. This may be partly due to the complexity of human behaviors in failing to recognize attackers in SNSs. Due to the vital role that impersonation plays in influencing users to fall victim to social engineering deception, this paper aims to investigate the impact of source characteristics on users’ susceptibility to social engineering victimization on Facebook. In doing so, we identify source credibility dimensions in terms of social engineering on Facebook, Facebook-based source characteristics that influence users to judge an attacker as per these dimensions, and mediation effects that these dimensions play between Facebook-based source characteristics and susceptibility to social engineering victimization.