A process based approach software certification model for agile and secure environment

A process based approach software certification model for agile and secure environment

In today’s business environment, Agile and secure software processes are essential since they bring high quality and secured software to market faster and more cost effectively. Unfortunately, some software practitioners are not following the proper practices of both processes when developing softw...

全面介紹

Saved in:
書目詳細資料
主要作者: Mohamed, Shafinah Farvin Packeer
格式: Thesis
語言:eng
eng
出版: 2015
主題:
QA75 Electronic computers
Computer science
在線閱讀:https://etd.uum.edu.my/5805/1/s93047_01.pdf
https://etd.uum.edu.my/5805/2/s93047_02.pdf
標簽: 添加標簽
沒有標簽, 成為第一個標記此記錄!
id my-uum-etd.5805
record_format uketd_dc
institution Universiti Utara Malaysia
collection UUM ETD
language eng
eng
advisor Baharom, Fauziah
Deraman, Aziz
topic QA75 Electronic computers
Computer science
spellingShingle QA75 Electronic computers
Computer science
Mohamed, Shafinah Farvin Packeer
A process based approach software certification model for agile and secure environment
description In today’s business environment, Agile and secure software processes are essential since they bring high quality and secured software to market faster and more cost effectively. Unfortunately, some software practitioners are not following the proper practices of both processes when developing software. There exist various studies which assess the quality of software process; nevertheless, their focus is on the conventional software process. Furthermore, they do not consider weight values in the assessment although each evaluation criterion might have different importance. Consequently, software certification is needed to give conformance on the quality of Agile and secure software processes. Therefore, the objective of this thesis is to propose Extended Software Process Assessment and Certification Model (ESPAC) which addresses both software processes and considers the weight values during the assessment. The study is conducted in four phases: 1) theoretical study to examine the factors and practices that influence the quality of Agile and secure software processes and weight value allocation techniques, 2) an exploratory study which was participated by 114 software practitioners to investigate their current practices, 3) development of an enhanced software process certification model which considers process, people, technology, project constraint and environment, provides certification guideline and utilizes the Analytic Hierarchy Process (AHP) for weight values allocation and 4) verification of Agile and secure software processes and AHP through expert reviews followed by validation on satisfaction and practicality of the proposed model through focus group discussion. The validation result shows that ESPAC Model gained software practitioners’ satisfaction and practical to be executed in the real environment. The contributions of this study straddle research perspectives of Software Process Assessment and Certification and Multiple Criteria Decision Making, and practical perspectives by providing software practitioners and assessors a mechanism to reveal the quality of software process and helps investors and customers in making investment decisions.
format Thesis
qualification_name Ph.D.
qualification_level Doctorate
author Mohamed, Shafinah Farvin Packeer
author_facet Mohamed, Shafinah Farvin Packeer
author_sort Mohamed, Shafinah Farvin Packeer
title A process based approach software certification model for agile and secure environment
title_short A process based approach software certification model for agile and secure environment
title_full A process based approach software certification model for agile and secure environment
title_fullStr A process based approach software certification model for agile and secure environment
title_full_unstemmed A process based approach software certification model for agile and secure environment
title_sort process based approach software certification model for agile and secure environment
granting_institution Universiti Utara Malaysia
granting_department Awang Had Salleh Graduate School of Arts & Sciences
publishDate 2015
url https://etd.uum.edu.my/5805/1/s93047_01.pdf
https://etd.uum.edu.my/5805/2/s93047_02.pdf
_version_ 1747827985546739712
spelling my-uum-etd.58052021-04-04T07:42:42Z A process based approach software certification model for agile and secure environment 2015 Mohamed, Shafinah Farvin Packeer Baharom, Fauziah Deraman, Aziz Awang Had Salleh Graduate School of Arts & Sciences Awang Had Salleh Graduate School of Arts and Sciences QA75 Electronic computers. Computer science In today’s business environment, Agile and secure software processes are essential since they bring high quality and secured software to market faster and more cost effectively. Unfortunately, some software practitioners are not following the proper practices of both processes when developing software. There exist various studies which assess the quality of software process; nevertheless, their focus is on the conventional software process. Furthermore, they do not consider weight values in the assessment although each evaluation criterion might have different importance. Consequently, software certification is needed to give conformance on the quality of Agile and secure software processes. Therefore, the objective of this thesis is to propose Extended Software Process Assessment and Certification Model (ESPAC) which addresses both software processes and considers the weight values during the assessment. The study is conducted in four phases: 1) theoretical study to examine the factors and practices that influence the quality of Agile and secure software processes and weight value allocation techniques, 2) an exploratory study which was participated by 114 software practitioners to investigate their current practices, 3) development of an enhanced software process certification model which considers process, people, technology, project constraint and environment, provides certification guideline and utilizes the Analytic Hierarchy Process (AHP) for weight values allocation and 4) verification of Agile and secure software processes and AHP through expert reviews followed by validation on satisfaction and practicality of the proposed model through focus group discussion. The validation result shows that ESPAC Model gained software practitioners’ satisfaction and practical to be executed in the real environment. The contributions of this study straddle research perspectives of Software Process Assessment and Certification and Multiple Criteria Decision Making, and practical perspectives by providing software practitioners and assessors a mechanism to reveal the quality of software process and helps investors and customers in making investment decisions. 2015 Thesis https://etd.uum.edu.my/5805/ https://etd.uum.edu.my/5805/1/s93047_01.pdf text eng public https://etd.uum.edu.my/5805/2/s93047_02.pdf text eng public Ph.D. doctoral Universiti Utara Malaysia Abbas, N., Gravell, A. M., & Wills, G. B. (2010). The impact of organization, project and governance variables on software quality and project success. Agile Conference, 77-86. doi: 10.1109/AGILE.2010.16 Abdul Rahman Ahlan, Yusri Arshad, Mohd Adam Suhaimi, & Husnayati Hussin. (2010). The Malaysia IT outsourcing industry skill-sets requirements of future IT graduates. WSEAS Transactions on Computers, 9(7), 738-747. Retrieved from http://www.wseas.us/e-library/transactions/ computers/2010/89-744.pdf Abrahamsson, P., Oza, N., & Siponen, M. T. (2010). Agile software development methods: A comparative review, Information and Software Technology, 50(9-10), 833-859. doi: 10.1007/978-3-642-12575-1_3 Abrantes, J. F., & Travassos, G. H. (2011). Common Agile practices in software processes. International Symposium on Empirical Software Engineering and Measurement, 355-358. doi: 10.1109/ESEM.2011.47 Acuna, S. T., Antonio, A. D., Ferre, X., Lopez, M., & Mate, L. (2000). The software process: modeling, evaluation and improvement. In Chang, S. K. Handbook of Software Engineering and Knowledge Engineering (pp. 193-237). River Edge: World Scientific Publishing Co. Pte. Ltd. Addison, T., & Vallabh, S. (2002). Controlling software project risks - an empirical study of methods used by experienced project managers. Proceedings of the 2002 Annual Research Conference of the South African Institute of Computer Scientists and Information Technologists on Enablement through Technology, 128-140. Afshari, A., Mojahed, M., & Yusuff, R. M. (2010). Simple additive weighting approach to personnel selection problem. International Journal of Innovation, Management and Technology, 1(5), 511-515. Retrieved from http://www.ijimt.org/papers/89-M474.pdf Agile Alliance. (2013). Continuous Deployment. Retrieved from http://guide.Agilealliance.org/guide/cd.html Agile Manifesto. (2001). Retrieved from www.Agilemanifesto.org Ahmed, F., Capretz, L. F., Bouktif, S., & Campbell, P. (2012). Soft skills requirements in software development jobs: a cross-cultural empirical study. Journal of Systems and Information Technology, 14(1), 58-81. doi: http://dx.doi.org/10.1108/13287261211221137 Ai, C. Y., Md Mahbubur Rahim, & Leon, M. (2007). Understanding factors affecting success of information security risk assessment: the case of an Australian higher educational institution. Proceedings of PACIS. Paper 74. Retrieved from http://aisel.aisnet.org/pacis2007/74 Akarte, M. M., Surendra, N. V., Ravi, B., & Rangaraj, N. (2001). Web based casting supplier evaluation using analytical hierarchy process. Journal of the Operational Research Society, 52, 511-522. Retrieved from http://www.jstor.org/stable/253987 Alinezad, A., Seif, A., & Esfandiari, N. (2013). Supplier evaluation and selection with QFD and FAHP in a pharmaceutical company. The International Journal of Advanced Manufacturing Technology, 68(1-4), 355-364. doi:10.1007/s00170-013-4733-3 Alshayeb, M. (2009). Empirical investigation of refactoring effect on software quality. Information and Software Technology, 51(9), 1319-1326. doi:10.1016/j.infsof.2009.04.002 Al-Tarawneh, F. H. (2014). A framework for COTS software evaluation and selection for COTS mismatches handling and non-functional requirements. (Unpublished doctoral dissertation). Universiti Utara Malaysia, Kedah, Malaysia. Alvaro, A., Almeida, E. S., & Meira, S. L. (2007). A software component maturity model (SCMM). 33rd EUROMICRO Conference on Software Engineering and Advanced Applications, 83-92. doi: 10.1109/EUROMICRO.2007.11 Ambler, S. (2014). Agile project planning tips. Retrieved from http://www.ambysoft.com/essays/ AgileProjectPlanning.html Ambler, S. W. (2006). Survey says: Agile works in practice. Dr. Dobb's Journal, 31(9), 62-64. Retrieved from http://www.drdobbs.com/architectureand-design/ survey-says-Agile-works-in-practice/191800169?pgno=1 Ani Liza Asnawi, Gravell, A. M., & Wills, G. B. (2012a). Emergence of Agile methods: perceptions from software practitioners in Malaysia. AGILE India, 30-39. doi: 10.1109/AgileIndia.2012.14 Ani Liza Asnawi, Gravell, A. M., & Wills, G. B., (2012b). Factor analysis: investigating important aspects for Agile adoption in Malaysia. AGILE India,60-63. doi: 10.1109/AgileIndia.2012.13 Ani Liza Asnawi. (2012). Investigating adoption of and success factors for Agile software development in Malaysia. (Doctoral dissertation). Retrieved from http://eprints.soton.ac.uk/340352/1.hasCover sheetVersion/PhD_Thesis_Ani_Liza_Asnawi.pdf Ani Liza Asnawi, Gravell, A. M., & Wills, G. B. (2011). Empirical investigation on Agile methods usage: issues identified from early adopters in Malaysia. In Sillitti, A., Hazzan, O., Bache, E., & Albaladejo, X. Agile Processes in Software Engineering and Extreme Programming (pp. 192-207). Berlin Heidelberg: SpringerLink Verlag. Ares, J., Garcia, R., Juristo, N., Lopez, M., & Moreno, A. M. (2000). A more rigorous and comprehensive approach to software process assessment. Software Process: Improvement and Practice, 3-30. John Wiley & Sons Ltd. doi:10.1002/(SICI)1099-1670(200003)5:1<3::AID-SPIP113>3.0.CO;2-T. Ashbaugh, D. A. (2009). Security software development assessing and managing security risks. Boca Raton: CRC Press. Aziz Deraman, Jamaiah Yahya, Fauziah Baharom, Amalina Farhi Ahmad Fadzlah, & Abdul Razak Hamdan. (2007). Continuous quality improvement in software certification environment. Proceedings of the International Conference on Electrical Engineering and Informatics, 11-17. Azrina, S., Safura, A. D., Zuriati, I., & Nafisah, A. (2012). Skills needed by IT graduates as perceived by Malaysian IT professionals. Proceedings of International Conference on Management, Economics and Finance, 224-230. Retrieved from http://globalresearch.com.my/ proceeding/icmef2012_proceeding/018_078_ICMEF2012_ Proceeding_PG0224_0230.pdf Bailey, K. (2008). Methods of social research (4th Edition). New York: Free Press. Bassellier, G., & Benbasat, I. (2004). Business competence of information technology professionals: conceptual development and influence on ITbusiness partnerships. MIS quarterly, 28(4), 673-694. doi: http://www.jstor.org/stable/25148659 Beck, K. (1999). Embracing change with extreme programming, IEEE Computer, 70-77. doi: 10.1109/2.796139 Begel, A., & Nagappan, N. (2008). Pair programming: what's in it for me? Proceedings of the Second ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, 120-128. doi:10.1145/1414004.1414026 Behkamal, B., Kahani, M., & Akbari, M. K. (2009). Customizing ISO 9126 quality model for evaluation of B2B applications. Information and Software Technology, 51(3), 599-609. doi: 10.1016/j.infsof.2008.08.001 Behzadian, M., Kazemzadeh, R. B., Albadvi, A., & Aghdasi, M. (2010). PROMETHEE: A comprehensive literature review on methodologies and applications. European Journal of Operational Research, 200(1), 198-215. doi:10.1016/j.ejor.2009.01.021 Benamati, J. S., & Mahaney, R. C. (2007). Current and future entry-level IT workforce needs in organizations. Proceedings of the 2007 ACM SIGMIS CPR Conference on Computer Personnel Research: The Global Information Technology Workforce, 101-104. doi: 10.1145/1235000.1235024 Benitez, J. M., Martin, J. C., & Roman, C. (2007). Using fuzzy number for measuring quality of service in the hotel industry. Tourism Management, 28(2), 544-555. doi: 10.1016/j.tourman.2006.04.018 Bernama (2013, May 6). Malaysia sixth most vulnerable to cyber crime. The Star. Retrieved from http://www.thestar.com.my/News/ Nation/2013/05/16/Malaysia-sixth-mostvulnerable- to-cyber-crime/ Blankenship, J., Bussa, M., & Millett, S. (2011). Managing Agile projects with Scrum. In Blankenship, J., Bussa, M., & Millett, S. Pro Agile .NET Development with Scrum (pp 13-27). Apress. Boehm, B. (2008). Making a difference in the software century. Computer, 41(3), 32-38. doi: 10.1109/MC.2008.91 Boehm, B., & Turner, R. (2005). Management challenges to implement Agile processess in traditional development organizations, Software, 30-39. doi: 10.1109/MS.2005.129 Boehm, B., & Turner, R. (2003). Observations on balancing discipline and agility. Proceedings of the Agile Development Conference, 32-39. doi: 10.1109/ADC.2003.1231450 Bollinger, D., & Pictet, J. (2008). Multiple criteria decision analysis of treatment and land-filling technologies for waste incineration residues. Omega, 36(3), 418-428. doi: 10.1016/j.omega.2006.07.008 Bouchereau, V., & Rowlands, H. (2000). Methods and techniques to help quality function deployment (QFD). Benchmarking: An International Journal, 7(1), 8-20. doi: http://www.emeraldinsight.com/ doi/pdfplus/10.1108/14635770010314891 Brugha, C. (2004). Structure of Multi-Criteria Decision-Making. Journal of the Operational Research Society, 55(11), 1156-1168. doi:10.1057/palgrave.jors.2601777 Bulgurcu, B., Cavusoglu, H., & Benbasat, I. (2010). Information security policy compliance: an empirical study of rationality-based beliefs and information security awareness. MIS Quarterly, 34(3), 523-548. Byrnes, P., & Phillips, M. (1996). Software capability evaluation, version 3.0, method description (Technical Report No. CMU/SEI-96-TR-002). Retrieved from http://oai.dtic.mil/oai/oai?verb=getRecord&metadataPrefix=html&identifier= ADA309160 Canfora, G., Cimitile, A., Garcia, F., Piattini, M., & Visaggio, C. A. (2007). Evaluating performances of pair designing in industry. Journal of Systems and Software, 80(8), 1317-1327. doi: http://dx.doi.org/10.1016/j.jss.2006.11.004 Carnegie Melon University. (2003). System Security Engineering Capability Maturity Model SSE-CMM Version 3.0. Cater-Steel (2004). An evaluation of software development practice and assessmentbased process improvement in small software development firms. (Doctoral Disertation). Retrieved from https://eprints.usq.edu.au/1256/3/Cater-Steel_PhD_ %28non_USQ%29_Main_document.pdf Cay, T., & Uyan, M. (2013). Evaluation of reallocation criteria in land consolidation studies using the Analytic Hierarchy Process (AHP). Land Use Policy, 30(1), 541-548. doi: 10.1016/j.landusepol.2012.04.023 Cerpa, N., & Verner, J. M. (2009). Why did your software fail?. Communication of ACM, 52(12), 130-134. doi: 10.1145/1610252.161028 Chan, L. K., & Wu, M. L. (2005). A systematic approach to Quality Function Deployment with a full illustrative example. Omega, 33(2), 119-139. doi: 10.1016/j.omega.2004.03.010 Charrate, R. N. (2001). Fair fight? Agile versus heavy methodologies, Agile Methodologies: the great debate. Arlington: Cutter Consortium, 2(13). Chemuturi, M. (2011). Mastering software quality assurance. Florida: J.Ross Publishing. Chen, C. C., Lin, M. L., Lee, Y. T., Chen, T. T., & Huang, C. L. (2012). Selection best starting pitcher of the Chinese professional baseball league in 2010 using AHP and TOPSIS methods. In Sambath, S. & Zhu, E. Frontiers in Computer Education (pp. 643-649). Berlin Heidelberg: SpringerLink Verlag. Chen, J. K., Pham, V. K., & Yuan, B. J. (2013). Adopting AHP approach on evaluation and selection of outsourcing destination in East and Southeast Asia. Technology Management in the IT-Driven Services (PICMET), 528-537. Retrieved from http://ieeexplore.ieee.org/stamp/stamp.jsp?tp=& arnumber=6641715 Chen, J., & Chen, J. C. (2001). QFD-based technical textbook evaluation–procedure and a case study. Journal of Industrial Technology, 18(1), 1-8. Chin, W. W., Johnson, N., & Schwarz, A. (2008). A fast form approach to measuring technology acceptance and other constructs. MIS Quarterly, 32(4), 687-703. Retrieved from http://www.jstor.org/stable/25148867 Chou, S. Y., Chang, Y. H., & Shen, C. Y. (2008). A fuzzy Simple Additive Weighting system under group decision-making for facility location selection with objective/subjective attributes. European Journal of Operational Research, 189(1), 132-145. doi: 10.1016/j.ejor.2007.05.006 Chou, W. C., & Cheng, Y. P. (2012). A hybrid fuzzy MCDM approach for evaluating website quality of professional accounting firms. Expert Systems with Applications, 39(3), 2783-2793. doi: 10.1016/j.eswa.2011.08.138 Christian, T. (2010). Security requirements reusability and the SQUARE methodology. (Technical Note No. CMU/SEI-2010-TN-027). Retrieved from https://resources.sei.cmu.edu/asset_files/TechnicalNote/2010_004_001_15197.pdf CMMI Product Team. (2010). CMMI for Development V1.3. (Technical Report No. CMU/SEI-2010-TR-033). Retrieved from http://www.sei.cmu.edu/reports/10tr033.pdf Cockburn, A., & Highsmith, J. (2001). Agile software development: the people factor. IEEE Computer, 131-133. doi: 10.1109/2.963450 Cohen, L. (1995). Quality Function Deployment: how to make QFD work for you. Reading, MA: Addison-Wesley. Cohn, M., & Ford, D. (2003). Introducing an Agile process to an organization. IEEE Computer, 36(6), 74-78. doi: 10.1109/MC.2003.1204378 Colley, J. (2009). Why secure coding is not enough: professionals' perspective. In Pohlmann, N., Reimer, H. & Schneider, W. ISSE 2009 Securing Electronic Business Processes (pp. 302-311). Wiesbaden: Vieweg+Teubner Verlag. Cooper, D. R., & Schindler, P. S. (2011). Business research methods. New York: McGraw-Hill/Irwin. Coram, M., & Bohner, S. (2005). The impact of Agile methods on software project management. 12th IEEE International Conference and Workshops on the Engineering of Computer-Based Systems, 363-370. doi: 10.1109/ECBS.2005.68 Corbucci, H., Goldman, A., Katayama, E., Kon, F., Melo, C., & Santos, V. (2011). Genesis and evolution of the Agile movement in Brazil- perspective from academia and industry. 25th Brazilian Symposium on Software Engineering, 98-107. doi: 10.1109/SBES.2011.26 Coyle, G. (2004). The Analytic Hierarchy Process (AHP). Practical strategy: Structured tools and techniques. Retrieved from http://www.booksites.net/download/coyle/student_ files/AHP_Technique.pdf Crawford, G., & Williams, C. (1985). A note on the analysis of subjective judgment matrices. Journal of Mathematical Psychology, 29(4), 387-405. doi:10.1016/0022-2496(85)90002-1 Crostack, H. A., Hackenbroich, I., Refflinghaus, R., & Winter, D. (2007). Investigations into more exact weightings of customer demands in QFD. Asian Journal on Quality, 8(3), 71-80. doi: http://dx.doi.org/10.1108/15982688200700026 Curtis, B., Hefley, B., & Miller, S. (2009). People capability maturity model. (Technical Report No. CMU/SEI-2009-TR-003). Retrieved from http://www.sei.cmu.edu/reports/09tr003.pdf Dagdeviren, M. (2008). Decision making in equipment selection: an integrated approach with AHP and PROMETHEE. Journal of Intelligent Manufacturing, 19(4), 397-406. doi: 10.1007/s10845-008-0091-7 Dai, J., & Blackhurst, J. (2012). A four-phase AHP-QFD approach for supplier assessment: a sustainability perspective. International Journal of Production Research, 50(19), 5474-5490. doi: 10.1080/00207543.2011.639396 Daneva, M., & Ahituv, N. (2011). What practitioners think of inter-organizational ERP requirements engineering practices: focus group results. International Journal of Information System Modeling and Design, 2(3), 49-74. doi: 10.4018/jismd.2011070103 Davis, N. (2013). Secure software development lifecycle process. Retrieved from https://buildsecurityin.us-cert.gov/articles/ knowledge/sdlc-process/securesoftware-development- life-cycle-processes Davis, N. (2005). Secure software development lifecycle processes: a technology scouting report. Retrieved from http://www.dtic.mil/dtic/tr/fulltext/u2/a447047.pdf De Felice, F., & Petrillo, A. (2011). A multiple choice decision analysis: an integrated QFD-AHP model for the assessment of customer needs. International Journal of Engineering, Science and Technology, 2(9). Retrieved from http://www.ajol.info/index.php/ijest/article/view/ 63849/51665 Deming, W. (1982). Out of the crisis. Cambridge, MA: MIT Center for Advanced Engineering Study. Desai, C., Janzen, D. S., & Clements, J. (2009). Implications of integrating testdriven development into CS1/CS2 curricula. SIGCSE Bull., 41(1), 148-152. doi: 10.1145/1539024.1508921 De Win, B., Scandariato, R., Buyens, K., Gregoire, J., & Joosen, W. (2009). On the secure software development process: CLASP, SDL and Touchpoints compared. Information and Software Technology, 51(7), 1152-1171. doi: 10.1016/j.infsof.2008.01.010 Diaz, J., Garbajosa, J., & Calvo-Manzano, J. A. (2009). Mapping CMMI level 2 to Scrum practices: an experience report. Software Process Improvement, 93-104. doi: 10.1007/978-3-642-04133-4_8 Doernhoefer. (2006). Surfing the Net for Software Engineering notes. SIGSOFT Software Engineering Notes, 31(1), 5–13. doi: 10.1145/1874391.1874395 Doherty, M. J. (2012). Examining project manager insights of Agile and traditional success factors for Information Technology projects: A Q-Methodology study. (Report from Doctoral Dissertation). Retrieved from http://www.asapm.org/articles//MJDoherty.pdf Dunkerley, K. D., & Tejay, G. (2011). A confirmatory analysis of information systems security success factors. Hawaii International Conference on System Sciences, 1530-1605. doi: 10.1109/HICSS.2011.5 Dutta, A., & McCrohan, K. (2002). Management’s role in information security in a cyber economy. California Management Review, 45 (1). Retrieved from http://irps.ucsd.edu/assets/001/501280.pdf Dyba, T., & Dingsoyr, T. (2008). Empirical studies of Agile software development: a systematic review. Informatics Software Technology, 50(9-10), 833-859. doi: 10.1016/j.infsof.2008.01.006 Dyba, T., Dingsoyr, T., & Moe, N. B. (2014). Agile project management. In Ruhe, G. & Wohlin, C. Software Project Management in a Changing World (pp. 277-300). Springer Berlin Heidelberg. Dyer, R. F., & Forman, E. H. (1992). Group decision support with the Analytic Hierarchy Process. Decision Support Systems, 8(2), 99-124. doi: 10.1016/0167-9236(92)90003-8 Eckman, M. H. (1989). A counterpoint to the Analytic Hierarchy Process. Medical Decision Making, 9(1), 57–58. doi: 10.1177/0272989X8900900110 Elahi, G., Yu, E., Tong, L., & Lin, L. (2011). Security requirements engineering in the wild: a survey of common practices. IEEE Annual Computer Software and Applications Conference, 314-319. doi: 10.1109/COMPSAC.2011.48 El Emam, K., & Birk, A. (2000). Validating the ISO/IEC 15504 measures of software development process capability. Journal of Systems and Software, 51(2), 119-149. doi: 10.1016/S0164-1212(99)00117-X Erdogan, G., Meland, P.H., & Mathieson, D. (2010). Security testing in Agile web application development-a case study using the east methodology. In Sillitti, A., Martin, A., Xiao., F. W., & Whitworth, E. Agile Processes in Software Engineering and Extreme Programming (pp. 14-27). Berlin Heidelberg: SpringerLink Verlag. Erickson, J., Lyytinen, K., & Siau, K. (2005). Agile Modeling, Agile software development, and Extreme Programming: the state of research. Journal of Database Management, 16(4), 88-100. doi: 10.4018/jdm.2005100105 Ertugrul, I., & Karakasoglu, N. (2009). Performance evaluation of Turkish cement firms with Fuzzy Analytic Hierarchy Process and TOPSIS methods. Expert Systems with Applications, 36(1), 702-715. doi: 10.1016/j.eswa.2007.10.014 Essafi, M., Labed, L., & Ghezala, H. B. (2006). S2D-ProM: A strategy oriented process model for secure software development. International Conference on Software Engineering Advances. doi: 10.1109/ICSEA.2007.59. Evans, R., Tsohou, A., Tryfonas, T., & Morgan, T. (2010). Engineering secure systems with ISO 26702 and 27001. 5th International Conference on System of Systems Engineering (SoSE), 1-6. doi: 10.1109/SYSOSE.2010.5544065 Fabbrini, F., Fusani, M., & Lami, G. (2006). Basic concepts of software certification. First International Workshop on Software Certification. Retrieved from http://www.cas.mcmaster.ca/sqrl/papers/SQRLreport37.pdf#page=10 Fauziah Baharom, Jamaiah Yahya, Aziz Deraman, & Abdul Razak Hamdan. (2011). SPQF: Software Process Quality Factor for software process assessment and certification. International Conference on Electrical Engineering and Informatics, 1-7. doi: 10.1109/ICEEI.2011.6021526 Fauziah Baharom. (2008). A software certification model based on development process quality assessment. (Unpublished doctoral dissertation). Universiti Kebangsaan Malaysia, Selangor, Malaysia. Fauziah Baharom, Aziz Deraman, & Abdul Razak Hamdan. (2007). Introducing Software Process Assessment and Certification (SPAC) Model. The 3rd Malaysian Software Engineering Conference, 59-63. 249 Fauziah Baharom, Aziz Deraman, & Abdul Razak Hamdan. (2005). A survey on the current practices of software development process in Malaysia. Journal of ICT, 57-76. Fernandes, J. M., & Almeida, M. (2010). Classification and comparison of Agile methods. Seventh International Conference on the Quality of Information and Communications Technology, 391-396. doi: 10.1109/QUATIC.2010.71 Figueira, J., Greco, S., & Ehrgott, M. (2005). Multiple Criteria Decision Analysis state of the art of surveys. New York: Springer. Fisher, C. M. (2007). Researching and writing a dissertation: a guidebook for business students. England: Prentice Hall. Fitzgerald, B., Hartnett, G., & Conboy, K. (2006). Customising Agile methods to software practices at Intel Shannon. European Journal of Information System, 15, 200-213. doi: 10.1057/palgrave.ejis.3000605. Forman, E., & Peniwati, K. (1998). Aggregating individual judgments and priorities with the Analytic Hierarchy Process. European Journal of Operational Research, 108, 165–169. doi: 10.1016/S0377-2217(97)00244-0 Fowler M. (1999) Refactoring improving the design of existing code. Westford: Addison-Wesley. Franca, A. C. C., Silva, F. Q. B., & Sousa Mariz, L. M. R. (2010). An empirical study on the relationship between the use of Agile practices and the success of Scrum projects. Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement, 1-4. doi: 10.1145/1852786.1852835 Friborg, O., Martinussen, M., & Rosenvinge, J. H. (2006). Likert-based vs. semantic differential-based scorings of positive psychological constructs: A psychometric comparison of two versions of a scale measuring resilience. Personality and Individual Differences, 40(5), 873-884. doi: 10.1016/j.paid.2005.08.015 Fulford, H., & Doherty, N. F. (2003). The application of information security policies in large UK-based organizations: an exploratory investigation. Information Management & Computer Security, 11(3), 106-114. doi: http://dx.doi.org/10.1108/09685220310480381 Futcher, L., & Von Solms, R. (2007). SecSDM: A Model for Integrating Security into the Software Development Life Cycle. Fifth World Conference on Information Security Education, 41-48. doi: 10.1007/978-0-387-73269-5_6 Gallagher, K. P., Goles, T., Hawk, S., Simon, J. C., Kaiser, K. M., Beath, C. M., & Martz, W. B. (2011). A typology of requisite skills for Information Technology professionals. 44th Hawaii International Conference on System Sciences, 1-10. doi: 10.1109/HICSS.2011.39 Galin, D. (2004). Software Quality Assurance. England: Pearson Education Limited. 250 Gallivan, M. J., Truex, D. P., & Kvasny, L. (2004). Changing patterns in IT skill sets 1988-2003: a content analysis of classified advertising. ACM SIGMIS Database, 35(3), 64-87. doi: 10.1145/1017114.1017121 Gandomani, T. J., & Hazura Zulzalil. (2013). Compatibility of Agile software development methods and CMMI. Indian Journal of Science and Technology, 6(8), 5089-5094. doi: 10.17485/ijst/2013/v6i8/36349 Garibay, C., Gutierrez, H., & Figueroa, A. (2010). Evaluation of a digital library by means of quality function deployment (QFD) and the Kano model. The Journal of Academic Librarianship, 36(2), 125-132. doi: 10.1016/j.acalib.2010.01.002 Gay, L. R., Mills, G. E., & Airasian, P. (2006). Educational research: Competencies for Analysis and Application (8th Edition). Upper Saddle River, NJ: Pearson Merrill Prentice Hall. Geer, D. (2010). Are companies actually using secure development life cycles? Computer, 43(6), 12-16. doi: http://doi.ieeecomputersociety.org/10.1109/MC.2010.159 George, B., & Williams, L. (2004). A structured experiment of Test-Driven Development. Information and Software Technology, 46(5), 337-342. doi: 10.1016/j.infsof.2003.09.011 Goerigk, W., & Hoffmann, U. (1999). Rigorous compiler implementation correctness: how to prove the real thing correct. In Hutter, D., Stephan, W., Traverso, P. & Ullmann, M. Applied Formal Methods-FM-Trends 98 (pp. 122- 136). Berlin Heidelberg: SpringerLink Verlag. Goertze, K. M. (2009). Introduction to software security. Retrieved from https://buildsecurityin.us-cert.gov/introduction-software-security Gonzalez, L. S., Rubio, F. G., Gonzalez, F. R., & Velthuis, M. P. (2010). Measurement in business processes: a systematic review. Business Process Management Journal, 16(1), 114-134. doi: http://dx.doi.org/10.1108/14637151011017976 Guceglioglu, A., & Demirors, O. (2005). Using software quality characteristics to measure business process quality. Business Process Management, 374-379. doi: 10.1007/11538394_26 Gumus, A. T. (2009). Evaluation of hazardous waste transportation firms by using a two step fuzzy-AHP and TOPSIS methodology. Expert Systems with Applications, 36(2), 4067-4074. doi: 10.1016/j.eswa.2008.03.013 Gumus, A. T., Yayla, A. Y., & Gurbuz, K. (2011). Performance evaluation of ERP implementation by using fuzzy MCDM. International Symposium on Innovations in Intelligent Systems and Applications. doi: 10.1109/INISTA.2011.5946114 Gupta, A., & Jalote, P. (2007). An experimental evaluation of the effectiveness and efficiency of the Test Driven Development. First International Symposium on 251 Empirical Software Engineering and Measurement, 285 – 294. doi: 10.1109/ESEM.2007.41 Guzzo, R. A., & Dickson M. W. (1996) Teams in organizations: recent research on performance and effectiveness. Annual Review of Psychology, 47, 307-338. doi: 10.1146/annurev.psych.47.1.307 Hajkowicz, S. A., McDonald, G. T., & Smith, P. N. (2000). An evaluation of multiple objective decision support weighting techniques in natural resource management. Journal of Environmental Planning and Management, 43(4), 505-518. doi: 10.1080/713676575 Hall, J. H., Sarkani, S., & Mazzuchi, T. A. (2011). Impacts of organizational capabilities in information security. Information Management & Computer Security, 19(3), 155-176. doi: http://dx.doi.org/10.1108/09685221111153546 Hallowell, M. R., & Gambatese, J. A. (2010). Qualitative research: application of the Delphi method to CEM research. Journal of construction engineering and management, 136(1), 99-107. doi: 10.1061/_ASCE_CO.1943-7862.0000137 Hazzan, O., & Dubinsky, Y. (2009). Workshop on human aspects of Software Engineering. Proceeding Of The 24th ACM SIGPLAN Conference Companion on Object Oriented Programming Systems Languages and Applications, 725- 726. doi: 10.1145/1639950.1639984 Heck, P., Klabbers, M., & Eekelen, M. (2010). A software product certification model. Software Quality Journal, 18(1)37-55. doi: 10.1007/s11219-009-9080-0 Hierholzer, A., Herzwurm, G., & Schlang, H. (2003). Applying QFD for software process improvement at SAP AG, Walldorf, Germany. Proceedings of the Third Workshop on Software Quality, 85-95. Retrieved from www.researchgate.net/publication/2817508_Applying_QFD_For_Software_Pr ocess_Improvement_At_SAP_AG_Walldorf_Germany/file/9fcfd50cb1d481fcd 7.pdf Ho, W. (2008). Integrated Analytic Hierarchy Process and its applications–a literature review. European Journal of Operational Research, 186(1), 211-228. doi: 10.1016/j.ejor.2007.01.004 Hoda, R., Noble, J., & Marshall, S. (2011). The impact of inadequate customer collaboration on self-organizing Agile teams. Information and Software Technology, 53(5), 521-534. doi: 10.1016/j.infsof.2010.10.009 Hoggerl, M., & Sehorz, B. (2006). An introduction to CMMI and its assessment procedure. Seminar for Computer Science, University of Salzburg, 1-17. Retrieved from http://softwareresearch.sbg.ac.at/fileadmin/src/docs/teaching/WS05/SaI/Paper_ Hoeggerl_Sehorz.pdf Howard, M., & Lipner, S. (2006). The Security Development Lifecycle SDL: a process for developing demonstrably more secure software. Retrieved from 252 download.microsoft.com/download/f/c/7/fc7d048b-b7a5-4add-be2cbaaee38091e3/ 9780735622142_SecurityDevLifecycle_ch01.pdf Hsiao, S. W. (2002). Concurrent design method for developing a new product. International Journal of Industrial Ergonomics, 29(1), 41-55. doi: 10.1016/S0169-8141(01)00048-8 Huang, L., & Holcombe, M. (2009). Empirical investigation towards the effectiveness of test first programming. Information and Software Technology, 51(1), 182-194. doi: http://dx.doi.org/10.1016/j.infsof.2008.03.007, Hui, H., Dongyan, L., Min, Z., Weizhe., & Dongmin, G. (2014). A coverage and slicing dependencies analysis for seeking software security defects. The Scientific World Journal. doi: http://dx.doi.org/10.1155/2014/463912 Humphrey, W. (1989). Managing the software process. Mass: Addison-Wesley. Humphreys, E. (2008). Information security management standards: compliance, governance and risk management. Information Security Technical Report, 13(4), 247-255. doi: 10.1016/j.istr.2008.10.010 Hwang, C., & Yoon, K. (1981). Multiple Attribute Decision Making: methods and application. New York: Springer Isawi, A. B. M. (2011). Software development process improvement for small Palestinian software development companies. (Master’s thesis). Retrieved from http://scholar.najah.edu/sites/default/files/allthesis/ software_development_process_improvement_for_small_palestinian_sof tware_development_companies.pdf ISECT (2015). Information security standards. Retrieved from http://www.iso27001security.com Ishizaka, A., & Labib, A. (2011). Review of the main developments in the Analytic Hierarchy Process. Expert Systems with Applications, 38(11), 14336-14345. doi: 10.1016/j.eswa.2011.04.143 Ismail, W., Abedlazeez, N., & Hussin, Z. (2011). Epistemological beliefs of students at high schools: a survey study in Malaysia. OIDA International Journal of Sustainable Development, 2(08), 39-46. Retrieved from http://ssrn.com/abstract=1974094 ISO (2015). ISO Standards. Retrieved from https://www.iso.org Jadhav, A. S., & Sonar, R. M. (2008) A hybrid system for selection of the software packages. International Conference on Emerging Trends in Engineering and Technology, 337-342. doi: 10.1109/ICETET.2008.7 Jain, V., & Raj, T. (2013). Evaluation of flexibility in FMS using SAW and WPM. Decision Science Letters, 2(4), 223-230. doi: 10.5267/j.dsl.2013.06.003 Jamaiah Haji Yahya, Fauziah Baharom, Aziz Deraman, & Abdul Razak. (2005). A conceptual framework for software certification. KUTPM Journal of Technology and Management, 3(2), 99-111. 253 Jamaiah Haji Yahya, Aziz Deraman, & Abdul Razak Hamdan. (2006). A conceptual model for software product certification process, Proceedings of Conference on Information Science, Technology and Management. Jamaiah Yahya. (2007). The development of software certification model based on product quality approach. (Unpublished doctoral dissertation). Universiti Kebangsaan Malaysia, Selangor, Malaysia. Jiang, J. J., & Klein, G. (1995). Requisite technical skills for technical support analysts: A survey. Computer Personnel, 16(2), 12-20. doi: 10.1145/202896.202899 . Jones, C., & Bonsignour, O. (2012). The economics of software quality. Boston: Pearson Education. Joshi, R., Banwet, D., & Shankar, R. (2011). A Delphi-AHP-TOPSIS based benchmarking framework for performance improvement of a cold chain. Expert Systems with Applications, 38(8), 10170-10182. doi: 10.1016/j.eswa.2011.02.072 Julia, H. A., Barnum, S., Ellison, R. J., McGraw, G., & Mead, N. R. (2008). Software security engineering. Boston: Addison-Wesley. Jung, H. W. (2001). Rating the process attribute utilizing AHP in SPICE‐based process assessments. Software Process: Improvement and Practice, 6(2), 111- 122. doi: 10.1002/spip.139 Jyothi, V. E., & Rao, K. N. (2011). Effective implementation of Agile practices. International Journal of Advanced Computer Science and Applications, 2(3), 41-48. Retrieved from http://www.Agilemethod.csie.ncu.edu.tw/Agilemethod/download/2011papers/2 011%20Effective%20Implementation%20of%20Agile%20Practices%20- %20Ingenious%20and%20Organized%20Theoretical%20Framework/1005220 15%20%E8%94%A1%E6%9D%B1%E7%A9%8E.pdf Kankanhalli, A., Teo, H. H., Tan, B. C. Y., & Wei, K. K. (2003). An integrative study of information systems security effectiveness. International Journal of Information Management, 23(2), 139-154. doi: http://dx.doi.org/10.1016/S0268-4012(02)00105-6 Karpati, P., Sindre, G., & Opdahl, A. L. (2011). Characterising and analysing security requirements modelling initiatives. Sixth International Conference on Availability, Reliability and Security, 710-715. doi: 10.1109/ARES.2011.113 Kazemi, M., Khajouei, H., & Nasrabadi, H. (2012). Evaluation of information security management system success factors: case study of municipal organization. African Journal of Business Management, 6(14), 4982-4989. doi: 10.5897/AJBM11.2323 Khalane, T., & Tanner, M. (2013). Software quality assurance in Scrum: The need for concrete guidance on SQA strategies in meeting user expectations. 254 International Conference on Adaptive Science and Technology, 1-6. doi: 10.1109/ICASTech.2013.6707499 Khan, M., & Kukalis, S. (1990). MIS professionals: education and performance. Information & Management, 19(4), 249-255. doi: 10.1016/0378- 7206(90)90034-F Knapp, K. J., Marshall, T. E., Rainer, R. K., & Ford, F. N. (2006). Information security: management's effect on culture and policy. Information Management & Computer Security, 14(1), 24-36. doi: http://dx.doi.org/10.1108/09685220610648355 Koi, K. L. (2012, January 11). 15200 cases of cyber crimes last year. New Straits Times. Retrieved from http://www.nst.com.my/opinion/columnist/15-200- cases-of-cyber-crimes-last-year-1.30592 Komuro, M., & Komoda, N. (2008). An explanation model for quality improvement effect of peer reviews. International Conference on Computational Intelligence for Modelling Control & Automation. 1159-1164. doi: 10.1109/CIMCA.2008.187 Kontio, J., Bragge, J., & Lehtola, L. (2008). The focus group method as an empirical tool in software engineering. In Shull, F., Singer, J., & Sjoberg, D. D. K. Guide to advanced empirical software engineering (pp. 93-116). London: SpringerLink Verlag. Kontio, J., Lehtola, L., & Bragge, J. (2004). Using the focus group method in software engineering: obtaining practitioner and user experiences. International Symposium on Empirical Software Engineering, 271-280. doi: 10.1109/ISESE.2004.1334914 Kontos, T. D., Komilis, D. P., & Halvadakis, C. P. (2005). Siting MSW landfills with a spatial multiple criteria analysis methodology. Waste management, 25(8), 818-832. doi: 10.1016/j.wasman.2005.04.002 Koskela, J. (2003). Software configuration management in Agile methods. (Research Report No. 514). Retrieved from http://www2.vtt.fi/inf/pdf/publications/2003/P514.pdf Koskosas, I. V., & Paul, R. J. (2004). The interrelationship and effect of culture and risk communication in setting internet banking security goals. Proceedings of the 6th International Conference on Electronic Commerce, 341-350. doi: 10.1145/1052220.1052264 Kotulic, A. G., & Clark, J. G. (2004). Why there aren’t more information security research studies. Information & Management, 41(5), 597-607. doi: 10.1016/j.im.2003.08.001 Kraemer, S., Carayon, P., & Clem, J. (2009). Human and organizational factors in computer and information security: pathways to vulnerabilities. Computers & Security, 28(7), 509-520. doi: 10.1016/j.cose.2009.04.006 255 Kraemer, S., & Carayon, P. (2007). Human errors and violations in computer and information security: The viewpoint of network administrators and security specialists. Applied Ergonomics, 38(2), 143-154. doi: 10.1016/j.apergo.2006.03.010 Kraemer, S., & Carayon, P. (2005). Computer and information security culture: findings from two studies. Proceedings of the Human Factors and Ergonomics Society Annual Meeting, 1483-1488. doi: 10.1177/154193120504901605 Kroeger, T. A. (2011). Understanding the characteristics of quality for software engineering processes. (Doctoral dissertation). Retrieved from http://ura.unisa.edu.au/view/action/singleViewer.do?dvs=1412756066477~544 &locale=en_US&VIEWER_URL=/view/action/singleViewer.do?&DELIVER Y_RULE_ID=10&adjacency=N&application=DIGITOOL- 3&frameId=1&usePid1=true&usePid2=true Krueger, R. A. (1994). Focus group a practical guide for applied research. Thousand Oaks: SAGE Publications. Krueger, R. A., & Casey M. A. (2008). Focus groups a practical guide for applied research. Thousand Oaks: Sage Publications. Kumar, M., Cheng, N., Nadirah Rodzi, & Natasya Joibi. (2014, September 30). Gang steals RM3m from ATMs. The Star Online. Retrieved from http://www.thestar.com.my/News/Nation/2014/09/30/Gang-steals-RM3mfrom- ATMs-Thieves-use-malware-to-bypass-authentication-process/ Kunda, D. (2003). STACE: Social technical approach to COTS software evaluation. In Cechich, A., Piayyini, M., & Vallecillo, A. Component-Based Software Quality (pp. 64-84). Berlin Heidelberg: Springer-Verlag. Lai, V. S., Wong, B. K., & Cheung, W. (2002). Group decision making in a multiple criteria environment: a case using AHP in software selection. European Journal of Operational Research, 137, 134-144. doi: 10.1016/S0377- 2217(01)00084-4 Lai-Kow, C., & Ming-Lu, W. (2002). Quality Function Deployment: a literature review. European Journal of Operational Research, 143(3), 463-497. doi: 10.1016/S0377-2217(02)00178-9 Lami, G., & Falcini, F. (2009). Is ISO/IEC 15504 Applicable to Agile methods? In Abrahamsson, P., Marchesi, M., & Maurer, F. Agile Processes in Software Engineering and Extreme Programming (pp. 130-135). Berlin Heidelberg: SpringerLink Verlag. Lan, C., & Ramesh, B. (2008). Agile requirements engineering practices: an empirical study. IEEE Software, 60-67. doi: 10.1109/MS.2008.1 Lane, T. (2007). Information security management in Australian universities-an exploratory analysis. (Master’s thesis). Retrieved from http://eprints.qut.edu.au/16486/1/Tim_Lane_Thesis.pdf 256 LaReau, B. S. (2006). An engineer’s primer on information security [White Paper]. Retrieved from Brent Scott LeReau: http://w.designsbylareau.com/pdf/AnEngineersPrimerOnInformationSecurity_. pdf Lascelles, D., & Peacock, R. (1996). Self-assessment for business excellence. Berkshire: McGraw-Hill. Lee, H. B. (2011, July 26). RM 63 juta rugi angkara jenayah siber. Utusan Malaysia. Retrieved from http://www.utusan.com.my/utusan/info.asp?y=2011&dt=0726&pub=Utusan_ Malaysia&sec=Jenayah&pg=je_01.htm Lee, G., & Xia, W. (2010). Toward Agile: An integrated analysis of quantitative and qualitative field data on software development agility. MIS Quarterly, 34(1), 87-114. Leitheiser, R. L. (1992). MIS skills for the 1990s: a survey of MIS managers' perceptions. Journal of Management Information Systems, 9(1), 69-91. Retrieved from http://www.jstor.org/discover/10.2307/40398019?uid=3738672&uid=2&uid=4 &sid=21104154371041 Li, J., Moe, N. B., & Dyba, T. (2010). Transition from a plan-driven process to Scrum: a longitudinal case study on software quality. Proceedings of the 2010 ACM-IEEE International Symposium on Empirical Software Engineering and Measurement. doi: 10.1145/1852786.1852804 Liamputtong, P. (2011). Focus group methodology principles and practices. London: SAGE Publication. Liberatore, M. J., & Nydick, R. L. (1997). Group decision making in higher education using the Analytic Hierarchy Process. In Liberatore, M. & Nydick, R. L. Research in Higher Education (pp. 593-614). Netherlands: Springer. Limaye, M. (2011). Software Quality Assurance. New Delhi: Tata McGraw-Hill. Lin, H., Y., Hsu, P. Y., & Sheen, G. J. (2007). A fuzzy-based decision-making procedure for data warehouse system selection. Expert systems with applications, 32(3), 939-953. doi: 10.1016/j.eswa.2006.01.031 Linberg, K. R. (1999). Software developer perceptions about software project failure: a case study. The Journal of Systems and Software (49): 177-192. doi: 10.1016/S0164-1212(99)00094-1 Lindstrom, L., & Jeffries, R. (2004). Extreme programming and Agile software development methodologies. Information Systems Management, 21(3), 41-52. doi: 10.1201/1078/44432.21.3.20040601/82476.7 Lindvall, M., Basili, V., Boehm, B., Costa, P., Dangle, K., Shull, F., . . . Zelkowitz, M. (2002). Empirical findings in Agile methods. In Wells, D. & Williams, L. Proceedings of Extreme Programming and Agile Methods, Extreme 257 Programming and Agile Methods — XP/Agile Universe 2002 (pp. 197-207). Berlin Heidelberg: Springer. Linkov, I., & Moberg, E. (2012). Multi-criteria decision analysis environmental applications and case studies. New York: Taylor & Francis Group. Lipner, S. (2006). The trustworthy computing security development lifecycle. 20th Annual Computer Security Applications Conference, 2-13. doi: 10.1109/CSAC.2004.41 Liu, J., Wang, Q., & Gao, L. (2010). Application of Agile requirement engineering in modest-sized information systems development. Second WRI World Congress on Software Engineering, 207-210. doi: 10.1109/WCSE.2010.105 Litecky, C., Igou, A. J., & Aken, A. (2012). Skills in the management oriented IS and enterprise system job markets. Proceedings of the 50th annual conference on Computers and People Research, 35-44. doi: 10.1145/2214091.2214104 Livermore, J. A. (2007). Factors that impact implementing an Agile software development methodology. Proceedings of SoutheastCon, 82-86. doi: 10.1109/SECON.2007.342860 Lohan, G., Conboy, K., & Lang, M. (2010). Beyond budgeting and Agile software development: A conceptual framework for the performance management of Agile software development teams. International Journal of Information Systems, 1-13. Retrieved from http://aisel.aisnet.org/cgi/viewcontent.cgi?article=1158&context=icis2010_sub missions Ludewig, J. (2000). 10 Years Back, 10 Years Ahead. In Wilhelm, R. Software Engineering in the Years 2000 Minus and Plus Ten (pp. 102-111). Berlin Heidelberg: Springer Berlin Heidelberg. Mach, P., & Guaqueta, J. (2001). Utilization of the seven Ishikawa tools (old tools) in the Six Sigma strategy. 24th International Spring Seminar on Electronics Technology: Concurrent Engineering in Electronic Packaging, 51-55. doi: 10.1109/ISSE.2001.931009 Macharis, C., Springael, J., De Brucker, K., & Verbeke, A. (2004). PROMETHEE and AHP: The design of operational synergies in multicriteria analysis: strengthening PROMETHEE with ideas of AHP. European Journal of Operational Research, 153(2), 307-317. doi: 10.1016/S0377-2217(03)00153-X Mahnic, V., & Hovelja, T. (2012). On using planning poker for estimating user stories. Journal of Systems and Software, 85(9), 2086-2095. doi: 10.1016/j.jss.2012.04.005 Malczewski, J. (1999). GIS and multicriteria decision analysis. New York: John Wiley & Sons. Marcal, A. S. C., de Freitas, B. C. C., Soares, F. S. F., Furtado, M. E. S., Maciel, T. M., & Belchior, A. D. (2008). Blending Scrum practices and CMMI project management process areas. In Marcal, A. S. C., de Freitas, B. C., Soares, F. S. 258 F., Furtado, M. E. S., Maciel, T. M., & Belchior, A. D. Innovations in Systems and Software Engineering (pp. 17-29). Springer-Verlag Marjani, M. E., Soh, K. G., Majid, M., Mohd Sofian, O. F., Nur Surayyah, M. A., & Mohd Rizam, A. B. (2012). Usage of group decision making approach in karate agility test selection. Proceedings of the International Symposium on the Analytic Hierarchy Process, 1-11. Retrieved from http://www.isahp.org/uploads/59.pdf Marra, R. J. (2009, August 17). Three men indicted for hacking into five corporate entities, including heartland, 7-Eleven, and Hannaford, with over 130 million credit and debit card numbers stolen. United States Department of Justice Online News. Retrieved from http://www.usdoj.gov/usao/nj/press/ Martakis, A., & Daneva, M. (2013). Handling requirements dependencies in Agile projects: A focus group with Agile software development practitioners. Seventh International Conference on Research Challenges in Information Science, 1- 11. doi: 10.1109/RCIS.2013.6577679 Maruping, L. M., Venkatesh, V., & Agarwal, R. (2009). A control theory perspective on Agile methodology use and changing user requirements. Information Systems Research, 20(3), 377-399. doi: 10.1287/isre.1090.0238 Mas, A., Fluxa, B., & Amengual, E. (2012). Lessons learned from an ISO/IEC 15504 SPI programme in a company. Journal of Software: Evolution and Process, 24(5), 493-500. doi: 10.1002/smr.501 Maurer, F., & Martel, S. (2002). Extreme programming. rapid development for Webbased applications. Internet Computing, 6(1), 86-90. doi: 10.1109/4236.989006 Maxville, V., Armarego, J., & Lam, C. P. (2004). Intelligent component selection. Proceedings of Computer Software and Applications Conference, 244-249. doi: 10.1109/CMPSAC.2004.1342839 Mazni Omar, Sharifah-Lailee Abdullah, & Azman Yassin. (2011). The impact of Agile approach on software engineering teams. American Journal of Economics and Business Administration, 3(1), 12-17. doi: 10.3844/ajebasp.2011.12.17 Mazza, R., & Berre, A. (2007). Focus group methodology for evaluating information visualization techniques and tools. 11th International Conference Information Visualization, 74-80. doi: 10.1109/IV.2007.51 McConnell, S. (2000). Closing the gap. Software, IEEE. 1(19). doi: http://doi.ieeecomputersociety.org/10.1109/MS.2002.976933 McGraw, G. (2011). Technology transfer: A software security marketplace case study. Software, IEEE, 28(5), 9-11. doi: 10.1109/MS.2011.110 McGraw, G. (2006). Building security in. Boston: Pearson Education. 259 McGraw, G. (2004). Software security. Security & Privacy, IEEE, 2(2), 80-83. doi: 10.1109/MSECP.2004.1281254 Mead, N. R. (2010). Security requirement engineering. Retrieved from https://buildsecurityin.us-cert.gov/articles/best-practices/requirementsengineering/ security-requirements-engineering Mehta, M., & Adlakha, N. (2012). Manifestation of Agile methods for prompt software development: a review. International Journal of Research in IT & Management, 2(2), 249-255. Retrieved from http://www.euroasiapub.org/IJRIM/Feb2012/paper3.pdf Mellado, D., Blanco, C., Sanchez, L. E., & Fernandez-Medina, E. (2010). A systematic review of security requirements engineering. Computer Standards & Interfaces, 32(4), 153-165. doi: 10.1016/j.csi.2010.01.006 Merkow, S. M. & Raghavan, L. (2010). Secure and resilient software development. Boca Raton: Auerbach Publications. Microsoft. (2012). Microsoft Security Development Lifecycle SDL Process Guidance Version 5.2. Retrieved from http://www.microsoft.com/enmy/ download/confirmation.aspx?id=29884 Misra, S., Kumar, V., & Kumar, U. (2009). Identifying some important success factors in adopting Agile software. The Journal of Systems and Software, 82, 1869–1890. doi:10.1016/j.jss.2009.05.052 Mollaghasemi, M. (1997). Technical briefing: making multiple-objective decisions. California: IEEE Computer Society Press. Moe, N. B., Dingsoyr, T., & Dyba, T. (2008). Understanding self-organizing teams in Agile software development. 19th Australian Conference on Software Engineering, 76-85. doi: 10.1109/ASWEC.2008.4483195 Mohd Hassan Selamat, Md. Mahbubur Rahim, & Noor Maizura Mohamad Noor. (1996). Perceptions of selected Malaysian information systems practitioners towards software prototyping: An exploratory study. Malaysian Journal of Computer Science, 9 (2), 14-28. Retrieved from http://icmsm2009.um.edu.my/filebank/published_article/1688/12.pdf Mohd. Noah A. Rahman, Md. Mahbubur Rahim, Afzaal H. Seyal, & Awg Yussof Awg Mohamed. (1999). Interpersonal skill requirements for fresh computer programmers: expectation of Brunei-based organizations. Malaysian Journal of Computer Science, 12(2), 10-18. Retrieved from www.researchgate.net/publication/241032508_INTERPERSONAL_SKIL_RE QUIREMENTS_FOR_FRESH_COMPUTER_PROGRAMMERS_EXPECTA TION_OF_BRUNEI-BASED_ORGANISATIONS/file/72e7e52c0192835.pdf Moody, D. L. (1998). Metrics for evaluating the quality of Entity Relationship Models. In Tok-Wang, L., Ram, S., & Mong, L.L. Conceptual Modeling– ER’98 (pp. 211-225). Berlin Heidelberg: Springer Berlin Heidelberg. Morgan, D. L. (1998). Planning focus groups. Thousand Oaks: SAGE Publications. 260 Moser, R., Abrahamsson, P., Pedrycz, W., Sillitti, A., & Succi, G. (2008). A case study on the impact of refactoring on quality and productivity in an Agile team. In Meyer, B., Nawrocki, J. R., & Walter, B. Balancing Agility and Formalism in Software Engineering, (pp. 252-266). Berlin:Springer Berlin Heidelberg. Muniraman, C., & Damodaran, M. (2007). A practical approach to include security in software development. Issues in Information Systems, 8(2), 193-199. Retrieved from http://iacis.org/iis/2007/Muniraman_Damodaran.pdf Nagappan, N., Maximilien, E. M., Bhat, T., & Williams, L. (2008). Realizing quality improvement through Test Driven Development: results and experiences of four industrial teams. Empirical Software Engineering, 13(3), 289-302. doi: 10.1007/s10664-008-9062-z Nardi, P. M. (2003). Doing survey research–a guide to quantitative methods. Boston: Pearson Education. Nasution, M. F., & Weistroffer, H. R. (2009). Documentation in systems development: a significant criterion for project success. Proceedings of the 42nd Hawaii International Conference on System Sciences, 1-9. doi: 10.1109/HICSS.2009.167 National Cyber Security Alliance. (2012). National small business study. Retrieved from https://www.staysafeonline.org Nerur, S., Mahapatra, R., & Mangalaraj, G. (2005). Challenges of migrating to Agile methodologies. Communications of ACM, 48(5), 72-78. doi: 10.1145/1060710.1060712 Nielsen, J., & Molich, R. (1990). Heuristic evaluation of user interfaces. Proceedings of the SIGCHI Conference on Human Factors in Computing Systems: Empowering People, 249-256. doi: 10.1145/97243.97281 Nugraha, F. (2013). Decision support system for evaluation procurement of goods with Simple Additive Weighting Method (SAW). International Conference on Information Systems for Business Competitiveness, 211-215. Retrieved from http://eprints.undip.ac.id/41795/1/38-_Fajar_Nugraha.pdf Nunes, F. J. B., Belchior, A. D., & Albuquerque, A. B. (2010). Security engineering approach to support software security. 6th World Congress on Services. 48-55. doi:10.1109/SERVICES.2010.37 Offut, M. (2002). Quality attributes of web software applications. IEEE Software, 19(2), 25-32. doi:10.1109/52.991329 Oppenheim, A. N. (1992). Questionnaire design, interviewing and attitude measurement. London: Pinter Publishers. O’Regan, G. (2014). Software Process Improvement. In O’Regan, G. Introduction to software quality (pp.199-209). Switzerland: Springer International Publishing. O’Sheedy, D., & Sankaran, S. (2013). Agile Project Management for IT Projects in SMEs: a framework and success factors. The International Technology 261 Management Review, 3(3), 187-195. Retrieved from www.atlantispress. com/php/download_paper.php?id=9613 OWASP. (2006). CLASP best practices. Retrieved from https://www.owasp.org/index.php/Category:CLASP_Best_Practice Padumadasa, E. U., Colombo, S., & Rehan, S. (2009). Investigation in to Decision Support Systems and Multiple Criteria Decision Making to develop a Webbased tender management system. Proceedings of the International Symposium on the Analytic Hierarchy Process, 1-17. Retrieved from http://www.isahp.org/2009Proceedings/Final_Papers/66_Padumadasa_Evaluati ngTenderOffers_REV_FIN.pdf Paetsch, F., Eberlein, A., & Maurer, F. (2003). Requirements Engineering and Agile software development. Proceedings of the IEEE International Workshops on Enabling Technologies: Infrastructure for Collaborative Enterprises, 308-313. doi: 10.1109/ENABL.2003.1231428 Pahnila, S., Siponen, M., & Mahmood, A. (2007). Employees’ behavior towards IS security policy compliance. Proceedings of the 40th Hawaii International Conference on System Sciences, 156-166. doi: 10.1109/HICSS.2007.206 Park, T., & Kim, K. J. (1998). Determination of an optimal set of design requirements using House of Quality. Journal of Operations Management, 16(5), 569-581. doi: 10.1016/S0272-6963(97)00029-6 Parsons, D., Ryu, H., & Lal, R. (2007). The impact of methods and techniques on outcomes from Agile software development projects. In McMaster, T., Wastell, D., Ferneley, E., & DeGross, J. I. Organizational Dynamics of Technology- Based Innovation: Diversifying the Research Agenda (pp. 235-249). US: Springer. Patel, C., & Ramachandran, M. (2009). Agile Maturity Model (AMM): a Software Process Improvement framework for Agile software development practices. International Journal of Software Engineering, 2(1), 3-28. Retrieved from http://www.ijse.org.eg/content/vol2/no1/vol2_no1_1.pdf Patil, S. K., & Kant, R. (2014). A fuzzy AHP-TOPSIS framework for ranking the solutions of Knowledge Management adoption in supply chain to overcome its barriers. Expert Systems with Applications, 41(2), 679-693. doi: 10.1016/j.eswa.2013.07.093 Phillips, M., & Shrum, S. (2010). Process improvement for all: what to expect from CMMI Version 1.3. Crosstalk--The Journal of Defense Software Engineering. Retrieved from http://www.cs.cmu.edu/~bam/uicourse/2011hasd/Phillips%202010%20- %20What%20to%20Expect%20from%20CMMI%20Version%201.3%20(Cros stalk).pdf Pierce, R. E. (2012). Key factors in the success of an organization's information security culture: A quantitative study and analysis. (Doctoral dissertation). Retrieved from http://search.proquest.com/docview/1143268791 262 Pikkarainen, M. (2009). Towards a better understanding of CMMI and Agile integration-multiple case study of four companies. In Bomarius, F., Oivo, M., Jaring, P., & Abrahamsson, P. Product-Focused Software Process Improvement (pp. 401-415). Berlin Heidelberg: Springer. Pikkarainen, M., & Mantyniemi, A. (2006). An approach for using CMMI in Agile software development assessments: experiences from three case studies. The SPICE 2006 Conference. Retrieved from http://Agile.vtt.fi/docs/publications/2006/2006_Agile_cmmi_camera_ready.pdf Powell, R. A., & Single, H. M. (1996). Focus groups. International Journal for Quality in Health Care, 8(5), 499-504. doi: 10.1093/intqhc/8.5.499 Pressman, R. S. (2010). Software Engineering a practitioner's approach 7th Ed. New York: McGraw-Hill Higher Education. Procaccino, J. D., Verner, J. M., Shelfer, K. M., & Gefen, D. (2005). What do software practitioners really think about project success: an exploratory study. The Journal of Systems and Software (78): 194-203. doi: 10.1016/j.jss.2004.12.011 Rae, A., Robert, P., & Hausen, H. L. (1995). Software evaluation for certification principles, practice and legal liability. England: McGraw-Hill. Rafikul, I., & Shuib, M. R. (2006). Employee performance evaluation by the AHP: A case study. Asia Pacific Management Review, 11(3), 163-176. Retrieved from http://apmr.management.ncku.edu.tw/comm/updown/DW0711300438.pdf Ramesh, B., Lan, C., & Baskerville, R. (2010). Agile Requirements Engineering practices and challenges: an empirical study. Information Systems Journal, 20(5), 449-480. doi: 10.1111/j.1365-2575.2007.00259.x Rao, K. N., Naidu, G. K., & Chakka, P. (2011). A Study of the Agile software development methods, applicability and implications in industry. International Journal of Software Engineering & Its Applications, 5(2), 35-45. Reterived from http://www.sersc.org/journals/IJSEIA/vol5_no2_2011/4.pdf Rao, R., & Davim, J. (2008). A decision-making framework model for material selection using a combined Multiple Attribute Decision-Making method. The International Journal of Advanced Manufacturing Technology, 35(7-8), 751- 760. doi: 10.1007/s00170-006-0752-7 Rathfelder, C., Groenda, H., & Reussner, R. (2008). Software industrialization and architecture certification. Proceedings of Industrialization of Software Management. 169-180. Retrieved from http://subs.emis.de/LNI/Proceedings/Proceedings139/P-139.pdf#page=170 Richardson, I., & Ryan, K. (2001). Software Process Improvements in a very small company. Software Quality Professional, 3(2), 23-35. Retrieved from http://www.itu.dk/~katten/speciale/Software%20Process%20Improvements%2 0in%20a%20Very%20Small%20Company.pdf 263 Rico, D., Sayani, H., & Sone, S. (2009). The business value of Agile software methods. Fort Lauderdale: J.Ross. Ritchie, L., & Dale, B. G. (2000). Self-assessment using the business excellence model: a study of practice and process. International Journal of Production Economics, 66(3), 241-254. doi: 10.1016/S0925-5273(99)00130-9 Rodina Ahmad, & Zaitun Abu Bakar. (2000). Information Systems skills requirements in Malaysia. Malaysian Journal of Computer Science, 13 (2), 64- 69. Retrieved from http://ejournal. um.edu.my/filebank/published_article/1772/96.pdf Rogers, M. R., & Lopez, E. C. (2002). Identifying critical cross-cultural school psychology competencies. Journal of School Psychology, 40(2), 115-141. doi:10.1016/S0022-4405(02)00093-6 Rout, T. (2011). High levels of process capability in CMMI and ISO/IEC 15504. In O’Connor, R. V., Rout, T., McCaffery, F., & Dorling, A. Software Process Improvement and Capability Determination (pp. 197-199). Berlin Heidelberg: Springer Berlin Heidelberg Rumpe, B., & Schroder, A. (2002). Quantitative survey on Extreme Programming projects. Third International Conference on Extreme Programming and Flexible Processes in Software Engineering, 26-30. Retrieved from http://www.se-rwth.de/~rumpe/publications/Quantitative-Survey-on-Extreme- Programming-Projects.pdf Ruth, N. (2008). A Multi Criteria Decision Making support to software selection. (Master’s thesis). Retrieved from http://hdl.handle.net/10570/784 Saaty, T. L. (2008). Decision making with the Analytic Hierarchy Process. International Journal of Services Sciences, 1(1/2008), 83-98. doi: 10.1504/IJSSci.2008.01759 Saaty, T. L. (1990). How to make a decision: the Analytic Hierarchy Process, European Journal of Operation Research, 48 (1), 9–26. doi: 10.1016/0377- 2217(90)90057-I Salo, O., & Abrahamsson, P. (2008). Agile methods in European embedded software development organizations: A survey study of Extreme Programming and Scrum, IET Software, 2(1), 58-64. doi: 10.1049/iet-sen:20070038 Salo, O., & Abrahamsson, P. (2005). Integrating Agile software development and Software Process Improvement: a longitudinal case study. International Symposium on Empirical Software Engineering, 193-202. doi: 10.1109/ISESE.2005.1541828 Sanchez, J. C., Williams, L., & Maximilien, E. M. (2007). On the sustained use of a Test-Driven Development practice at IBM. Agile Conference, 5-14. doi: 10.1109/AGILE.2007.43 Sanders, J., & Curran, E. (1994). Software Quality: A framework for success in software development and support. Wokingham: Addison-Wesley. 264 Santos, M. D. A., Bermejo, P. H. D. S., Oliveira, M. S. D., & Tonelli, A. O. (2011). Agile practices: an assessment of perception of value of professionals on the quality criteria in performance of projects. Journal of Software Engineering and Applications, 700-709. doi:10.4236/jsea.2011.412082 Savitha, K., & Chandrasekar, C. (2011). Vertical handover decision schemes using SAW and WPM for network selection in heterogeneous wireless networks. Global Journal of Computer Science and Technology. 11(9). Retrieved from http://arxiv.org/ftp/arxiv/papers/1109/1109.4490.pdf SCAMPI Upgrade Team. (2011). Standard CMMI® appraisal method for process improvement (SCAMPISM) A, Version 1.3: Method Definition Document Handbook Schindler, C. (2008). Agile software development methods and practices in Austrian IT-industry: results of an empirical study. International Conference on Computational Intelligence for Modelling Control & Automation, 321-326. doi: 10.1109/CIMCA.2008.100 Schneiderman, B. (1998). Designing the user interface: strategies of effective Human-Computer Interaction 3rd edition. Boston: Addison-Wesley Longman. Schuh, P. (2005). Integrating Agile development in the real world. Hingham: Charles River Media. Scriven, M. (1991). Evaluation thesaurus: fourth edition. Newbury Park: Sage Publications. Sekaran, U., & Bougie, R. (2010). Research methods for business. New York: John Wiley & Sons. Sekaran, U. (2003). Research methods for business (4th edition). New York, USA: John Wiley & Sons. Serkani, E. S., Mardi, M., Najafi, E., Jahanian, K., & Herat, A. T. (2013). Using AHP and ANP approaches for selecting improvement projects of Iranian Excellence Model in healthcare sector. African Journal of Business Management, 7(23). Retrieved from http://www.academicjournals.org/article/article1380702998_Serkani%20et%20 al.pdf Setiawan, F. P., Bouk, S. H., & Sasase, I. (2008). An optimum multiple metrics gateway selection mechanism in MANET and infrastructure networks integration. IEEE Wireless Communications and Networking Conference, 2229 – 2234. doi: 10.1109/WCNC.2008.394 Sfetsos, P., Stamelos, I., Angelis, L., & Deligiannis, I. (2009). An experimental investigation of personality types impact on pair effectiveness in pair programming. Empirical Software Engineering, 14(2), 187-226. doi: 10.1007/s10664-008-9093-5 Sfetsos, P., & Stamelos, I. (2010). Empirical studies on quality in Agile practices: a systematic literature review. Proceedings of the 2010 Seventh International 265 Conference on the Quality of Information and Communications Technology, 44-53. doi: 10.1109/QUATIC.2010.17 Shafiq Hussain, S., Erwin, H., & Dunne, P. (2011). Threat modeling using formal methods: A new approach to develop secure web applications. 7th International Conference of Emerging Technologies. 1-5. doi: 10.1109/ICET.2011.6048492 Sheffield, J., & Lematayer, J. (2013). Factors associated with the software development agility of successful projects. International Journal of Project Management, 31(3), 459-472. doi: 10.1016/j.ijproman.2012.09.011 Shih, H. S., Shyur, H. J., & Lee, E. S. (2007). An extension of TOPSIS for group decision making. Mathematical and Computer Modelling, 45(7-8), 801-813. doi: 10.1016/j.mcm.2006.03.023 Simpson, S. (2008). Fundamental practices for secure software development: A guide to the most effective secure development practices in use today: SAFECODE. Retrieved from http://www.safecode.org, 2008 Sindre, G., & Opdahl, A. L. (2001). Capturing security requirements through misuse cases. Retrieved from http://www.nik.no/2001/21-sindre.pdf Siponen, M., Pahnila, S., & Mahmood, M. (2010). Compliance with information security policies: an empirical investigation. Computer. 43(2), 64–71. doi: 10.1109/MC.2010.35 Sison, R., & Yang, T. (2007). Use of Agile methods and practices in the Philippines. 14th Asia-Pacific Software Engineering Conference, 462-469. doi: 10.1109/ASPEC.2007.35 Sison, R., Jarzabek, S., Hock, O. S., Rivepiboon, W., & Hai, N. N. (2006). Software practices in five ASEAN countries: an exploratory study. Proceedings of the 28th International Conference on Software engineering, 628-631. doi: 10.1145/1134285.1134378 Sliger, M., & Broderick, S. (2008). The software project manager's bridge to agility. Boston: Addison-Wesley. Sliger, M. (2006). A project manager's survival guide to going Agile. Retrieved from http://www.rallydev.com/documents/rally_survival_guide.pdf Sommerville, I. (2004). Software Engineering 7th Ed. Harlow: Pearson Education Limited. Sommerville, I. (2007). Software Engineering 8th Ed. Harlow: Pearson Education Limited. Srivastava, T. N., & Shailaja, R. (2011). Business research methodology. New Delhi: Tata McGrawHill Education Private Limited. Stamelos, I. G., & Sfetsos, P. (2007). Agile software development quality assurance: IGI Global. 266 Sterling, G. D., & Brinthaupt, T. M. (2003). Faculty and industry conceptions of successful computer programmers. Journal of Information Systems Education, 14(4), 417-424. Retrieved from http://jise.org/Volume14/14-4/Pdf/14(4)- 417.pdf Stewart, D. W., Shamdasani, P. N., & Rook, D. W. (2007). Focus groups theory and practices. Thousand Oaks: Sage Publications. Strode, D. E., Huff, S. L., & Tretiakov, A. (2009). The impact of organizational culture on Agile method use. 42nd Hawaii International Conference on System Sciences, 1-9. doi: 10.1109/HICSS.2009.436

相似書籍