In this paper, we aim to propose a guideline for further research towards development of an adaptive strategic IT governance (ITG) model for small and medium-sized enterprises (SMEs). The use of IT ...has the potential to be the major driver for success, as well it provides an opportunity to achieve competitive advantage and support digital transformation. In order to achieve IT benefits, enterprises need an effective and successful ITG model, which follows and adapts to business needs. Available ITG models are too generic and do not differentiate for enterprises of different industry, size, maturity etc.
In order to review existing ITG mechanisms, their definitions and identify contingency factors, we performed an extensive literature review (LR). For the initial set of databases, we used the list of journals, which are indexed in the Journal Citation Reports. We also used Web of Science to identify articles with the highest number of citations.
This paper provides the most important definitions of ITG and proposes its comprehensive definition. Next to this, we introduce ITG mechanisms, which are crucial for the effective implementation and use of ITG. Lastly, we identify contingency factors that influence ITG implementation and its use.
Despite extensive research in ITG area, considerable work is still needed to improve understanding of ITG, its definition and mechanisms. Multiple efforts to develop methods for governing IT failed to achieve any significant adoption rate of ITG mechanisms. To enable ITG to become an integral part of Corporate Governance, further research needs to focus on the development of an adaptive strategic ITG model. In this paper, we propose a next step for more practical method for ITG implementation and its use.
Software development enterprises are under consistent pressure to improve their management techniques and development processes. These are comprised of several software development methodology (SDM) ...disciplines such as requirements acquisition, design, coding, testing, etc. that must be continuously improved and individually tailored to suit specific software development projects. The paper proposes a methodology that enables the identification of SDM discipline quality categories and the evaluation of SDM disciplines’ net benefits. It advances the evaluation of software process quality from single quality category evaluation to multiple quality categories evaluation as proposed by the Kano model. An exploratory study was conducted to test the proposed methodology. The exploratory study results show that different types of Kano quality are present in individual SDM disciplines and that applications of individual SDM disciplines vary considerably in their relation to net benefits of IT projects. Consequently, software process quality evaluation models should start evaluating multiple categories of quality instead of just one and should not assume that the application of every individual SDM discipline has the same effect on the enterprise’s net benefits.
A nationwide study was conducted to explore the short term association between daily individual meteorological parameters and the incidence of acute coronary syndrome (ACS) treated with coronary ...emergency catheter interventions in the Republic of Slovenia, a south-central European country.
We linked meteorological data with daily ACS incidence for the entire population of Slovenia, for the population over 65 years of age and for the population under 65 years of age. Data were collected daily for a period of 4 years from 1 January 2008 to 31 December 2011. In line with existing studies, we used a main effect generalized linear model with a log-link-function and a Poisson distribution of ACS.
Three of the studied meteorological factors (daily average temperature, atmospheric pressure and relative humidity) all have relevant and significant influences on ACS incidences for the entire population. However, the ACS incidence for the population over 65 is only affected by daily average temperature, while the ACS incidence for the population under 65 is affected by daily average pressure and humidity. In terms of ambient temperature, the overall findings of our study are in line with the findings of the majority of contemporary European studies, which also note a negative correlation. The results regarding atmospheric pressure and humidity are less in line, due to considerable variations in results. Additionally, the number of available European studies on atmospheric pressure and humidity is relatively low. The fourth studied variable-season-does not influence ACS incidence in a statistically significant way.
► Planning poker is compared to the mean of individual estimates. ► Estimates provided by ten student teams and a group of experts are analyzed. ► Planning poker increases the over-optimism of ...inexperienced developers. ► The optimism bias diminishes or disappears by increasing the expertise. ► Planning poker can improve estimates of motivated experienced professionals.
While most studies in psychology and forecasting stress the possible hazards of group processes when predicting effort and schedule, agile software development methods recommend the use of a group estimation technique called planning poker for estimating the size of user stories and developing release and iteration plans. It is assumed that the group discussion through planning poker helps in identifying activities that individual estimators could overlook, thus providing more accurate estimates and reducing the over-optimism that is typical for expert judgment-based methods. In spite of the widespread use of agile methods, there is little empirical evidence regarding the accuracy of planning poker estimates. In order to fill this gap a study was conducted requiring 13 student teams to develop a Web-based student records information system. All teams were given the same set of user stories which had to be implemented in three Sprints. Each team estimated the stories using planning poker and the estimates provided by each team member during the first round were averaged to obtain the statistical combination for further comparison. In the same way the stories were estimated by a group of experts. The study revealed that students’ estimates were over-optimistic and that planning poker additionally increased the over-optimism. On the other hand, the experts’ estimates obtained through planning poker were much closer to actual effort spent and tended to be more accurate than the statistical combination of their individual estimates. The results indicate that the optimism bias caused by group discussion diminishes or even disappears as the expertise of the people involved in the group estimation process increases.
Information technology (IT) can have a direct and indirect impact on business performance. New technologies change the risks at the strategic and governing levels of an enterprise. In the age of ...digitalization, we need to develop new understandings and approaches to governance and management. The most established IT governance (ITG) models, such as COBIT, ITIL and CMMI, are universal, one-size-fits-all models that are not in line with contingency theory and are predominantly designed for large multinational enterprises. They are too cumbersome and cost-intensive for small and medium enterprises (SMEs) to use effectively. Therefore, there is a need to develop more efficient models that are contingency-based and easier to implement than existing models and thus adaptable to the actual needs of the business. This paper presents an empirical evaluation of key ITG mechanisms from the literature that clearly shows that several are not universally but situationally necessary, thus demonstrating the need for new contingency-based ITG models.
Although agile methods gained popularity and became globally widespread, developing secure software with agile methods remains a challenge. Method elements (i.e., roles, activities, and artifacts) ...that aim to increase software security on one hand can reduce the characteristic agility of agile methods on the other. The overall aim of this paper is to provide small- and medium-sized enterprises (SMEs) with the means to improve the sustainability of their software development process in terms of software security despite their limitations, such as low capacity and/or financial resources. Although software engineering literature offers various security elements, there is one key research gap that hinders the ability to provide such means. It remains unclear not only how much individual security elements contribute to software security but also how they impact the agility and costs of software development. To address the gap, we identified security elements found in the literature and evaluated them for their impact on software security, agility, and costs in an international study among practitioners. Finally, we developed a novel lightweight approach for evaluating agile methods from a security perspective. The developed approach can help SMEs to adapt their software development to their needs.
Different activities, artifacts, and roles can be found in the literature on the agile engineering of secure software (AESS). The purpose of this paper is to consolidate them and thus identify key ...activities, artifacts, and roles that can be employed in AESS. To gain initial sets of activities, artifacts, and roles, the literature was first extensively reviewed. Activities, artifacts, and roles were then cross-evaluated with similarity matrices. Finally, similarity matrices were converted into distance matrices, enabling the use of Ward’s hierarchical clustering method for consolidating activities, artifacts, and roles into clusters. Clusters of activities, artifacts, and roles were then named as key activities, artifacts, and roles. We identified seven key activities (i.e., security auditing, security analysis and testing, security training, security prioritization and monitoring, risk management, security planning and threat modeling; and security requirements engineering), five key artifacts (i.e., security requirement artifacts, security repositories, security reports, security tags, and security policies), and four key roles (i.e., security guru, security developer, penetration tester, and security team) in AESS. The identified key activities, artifacts, and roles can be used by software development teams to improve their software engineering processes in terms of software security.
Abstract Effort estimation is an important activity in agile software development. The goal of the presented study was to determine the influence of individual competence on software development ...effort estimation. In particular, we measured both the accuracy of effort estimation and the duration of the estimation process itself, both for three different estimation methods. The subjects of our study were teams of students of a graduate‐level software engineering course at the University of Ljubljana, Faculty of Computer and Information Science. Based on the grades that individual students attained in their undergraduate study, we classified each team as “high‐competence” or “low‐competence” and additionally as “heterogeneous” or “homogeneous” (the criterion here being the variance of the members' average grades). We found out that there was no significant difference in effort estimation accuracy neither between high‐competence and low‐competence teams nor between heterogeneous and homogeneous teams, regardless of which estimation method was used. However, high‐competence teams spent significantly less time on effort estimation than low‐competence ones. Likewise, for two of the employed estimation methods, heterogeneous teams completed effort estimation in a significantly shorter time than homogeneous teams. These results might benefit both academic and professional community.
Objective
To identify specific quantitative contrast‐enhanced ultrasound (CEUS) parameters that could distinguish kidney transplants with significant histopathological injury.
Methods
Sixty‐four ...patients were enrolled in this prospective observational study. Biopsies were performed following CEUS and blood examination.
Results
28 biopsy specimens had minimal changes (MC group), while 36 had significant injury (SI group). Of these, 12 had rejection (RI group) and 24 non‐rejection injury (NRI group). In RI and NRI groups, temporal difference in time to peak (TTP) between medulla and cortex (ΔTTPm‐c) was significantly shorter compared to the MC group (5.77, 5.92, and 7.94 s, P = 0.048 and 0.026, respectively). Additionally, RI group had significantly shorter medullary TTP compared to the MC group (27.75 vs. 32.26 s; P = 0.03). In a subset of 41 patients with protocol biopsy at 1‐year post‐transplant, ΔTTPm‐c was significantly shorter in the SI compared to the MC group (5.67 vs. 7.67 s; P = 0.024). Area under receiver operating characteristic curves (AUROCs) for ΔTTPm‐c was 0.69 in all patients and 0.71 in patients with protocol biopsy.
Conclusions
RI and NRI groups had shorter ΔTTPm‐c compared to the MC group. AUROCs for both patient groups were good, making ΔTTPm‐c a promising CEUS parameter for distinguishing patients with significant histopathological injury.
The influence of several meteorological parameters on acute myocardial infarction (AMI) incidences with immediately and/or delayed effects has been widely reported. It remains unknown whether the ...individual AMI subtypes reveal similar patterns. To date, generally seasonal variation in ST elevation MI (STEMI) has been investigated. However, these approaches couldn't detect the effects of changes in multiple meteorological variables on STEMI incidence within a specific season. Therefore, the aim of our study is to explore immediate, delayed and cumulative effects of average daily temperature, atmospheric pressure and humidity on nation-wide STEMI hospital admissions. We linked daily hospitals' STEMI admission data with meteorological stations' data according to the patient's permanent residence. Subsequently, a multivariate analysis based on a main effect generalised linear model, assuming a log-link function with a Poisson distribution, was conducted. With the help of lags, we were able to analyse delayed effects, while the cumulative effects of specific meteorological variables were analysed utilising time windows. As a result, we confirmed immediate and delayed negative effect of low temperature and low relative humidity for all observed lags as well as cumulative average effects of low temperature and low relative humidity for all observed time windows. However, no delayed, single-day effect for atmospheric pressure was detected. Nevertheless, the cumulative average effect was confirmed in all time windows suggesting that prolonged low pressure influences the incidence of STEMI. A novelty of our approach is the comparative examination of immediate, delayed and cumulative effect of specific meteorological variables on the incidence of STEMI. This approach enables us to gain a new insight into the phenomenon studied.