Beyond factors that motivate the adoption of the ISO/IEC 29110 in Mexico: An exploratory study of the implementation pace of this standard and the benefits observed

Muñoz, Mirna; Mejía, Jezreel; Peña, Adriana; Laporte, Claude Y.; Gasca‐Hurtado, Gloria Piedad

doi:10.1049/sfw2.12041

Cited by 3 publications

(4 citation statements)

References 15 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…VSEs typically have no experience working with standardized processes and lack experience in intentionally performing activities such as architecture, design, verification, test definition, and execution (Muñoz et al 2021). They are aware of growing customer and legal demands to prioritize security, but they do not perceive this as adding value to their work.…”

Section: Most Companies Are Small Very Smallmentioning

confidence: 99%

Very Small Entities (VSEs): Outsourcing Risk to the Supply Chain Is Placing Systems Security Engineering on a Clay Foundation, but Playing Games May Help

Georgsen¹,

Køien²

2022

INSIGHT

View full text Add to dashboard Cite

This article addresses the inherent risk in a supply chain that comprises primarily Very Small Entities (VSE) with little to no security proficiency and limited resources and incentive to prioritize system security. In a globalized economy based on outsourcing and risk‐sharing, most engineering activities occur in the smallest companies, even for large and complex projects. The Future of Systems Engineering initiative (FuSE) appropriately has agility at the core of its Systems Security Engineering (SSE) foundation concepts, and VSEs are by their very nature agile. However, the line between agility and chaos may be thin, and engineers at VSEs must often accept a level of restraint and rigidity beyond their comfort level to achieve functional agility. The primary challenge in VSEs is adding structure without the necessary resources to enforce compliance manually. We propose that VSE focus their initial efforts on FuSE SSE Foundation Concepts that play into their nature and strengths as dynamic human social activity systems. Improvements in security proficiency and stakeholder alignment do not necessarily require much formal structure, and digital tools combined with social strategies can add structure to a resource‐constrained environment. Games can be excellent low‐cost tools to provide structure while minimizing resistance, and Agile Model‐Based Systems Engineering (AMBSE) using digital models can support automated enforcement. Here we use the card game Elevation of Privilege (EoP) as an example. Within the context of a SysML Threat Model integrated into a larger System Model, players naturally treat security requirements as traceable functional requirements. Automated model validation, re‐usable components and patterns enforce a Zero‐Trust architecture, a sufficiently formal trust model to provide evidence‐based assurance, yet achievable for small companies with limited resources.

show abstract

“…VSEs typically have no experience working with standardized processes and lack experience in intentionally performing activities such as architecture, design, verification, test definition, and execution (Muñoz et al 2021). They are aware of growing customer and legal demands to prioritize security, but they do not perceive this as adding value to their work.…”

Section: Most Companies Are Small Very Smallmentioning

confidence: 99%

Very Small Entities (VSEs): Outsourcing Risk to the Supply Chain Is Placing Systems Security Engineering on a Clay Foundation, but Playing Games May Help

Georgsen¹,

Køien²

2022

INSIGHT

View full text Add to dashboard Cite

show abstract

Section: Very Small Entities (Vse) and Supply Chain Riskmentioning

confidence: 99%

“…VSEs typically have no experience working with standardized processes and lack experience in intentionally performing activities such as architecture, design, verification, test definition, and execution 11 . VSEs recognize the growing customer requirement for security and their own internal need for improvement 11 , but they do not perceive the standards employed by larger companies as appropriate to their context 8 . VSEs prefer to follow informal and organically evolved methodologies partly because they perceive standardized methods as too general to fit their needs and because informality provides agility and opportunity to optimize workflows to fit their particular contexts 8 .…”

Section: Very Small Entities (Vse) and Supply Chain Riskmentioning

confidence: 99%

Serious Games with SysML: Gamifying Threat Modelling in a Small Business Setting

Georgsen

Køien

2022

INCOSE International Symp

View full text Add to dashboard Cite

This paper describes using casual games to capture and disseminate expert security knowledge with a digital model at a small company. Most companies in the global supply chain are Very Small Entities (VSE), meaning they employ five (5) to twenty‐five (25) people. These companies represent a risk because they have little to no security proficiency and limited resources and incentive to prioritize system security. Moreover, this is a hidden risk because the companies higher up in the supply chain rely on contractual mechanisms to enforce compliance with security requirements. Small companies rely on informal methods in their daily work and are resistant to change. Threat modelling in the context of Agile Model‐Based Systems Engineering (AMBSE) can provide VSEs with a structure that allows them to retain their informal operational agility. When modelling using games, the security expert plays the dual role of modeler and educator, and the engineering team is gaining security proficiency, improving the quality of both their current and future work. Players reported improved understanding of other stakeholders' perspectives. Agility, proficiency, and stakeholder alignment are among the critical foundation concepts identified by the INCOSE led Future of Systems Engineering Initiative (FuSE) to improve system security.

show abstract

“…Consequently, the software engineering community has witnessed the development of a variety of software process improvement (SPI) standards and models to improve the development process of companies, which was inspired by the principles of Edwards Deming 2 . Hence, software companies must strive to increase the effectiveness of their process activities to gain high‐quality software products 3,4 . SPI practices were initially proposed to guide the software development processes of large companies 5–8 .…”

Section: Introductionmentioning

confidence: 99%

Towards the sustainability of small and medium software enterprises through the implementation of software process improvement: Empirical investigation

Balogun

Almomani

Basri

et al. 2022

J Software Evolu Process

View full text Add to dashboard Cite

To improve and sustain the quality of software products, software process improvement (SPI) is needed. Currently, small and medium software enterprises (SMSEs) represent a high proportion of companies around the world and become a cornerstone in the worldwide industry economy. These companies have realized that improving their process is crucial for success, but they are facing difficulties to implement it due to limited resources, limited knowledge, and time constraints. This study aimed to identify the sustainability success factors (SSFs) that have a positive impact on implementing SPI efforts in SMSEs. Data were collected through a systematic literature review (SLR) approach and quantitatively through a survey questionnaire. A list of 44 SSFs was identified during SLR and empirical study. Results illustrate that there is a positive correlation between the ranks obtained from both dataset (rs (44) = .548, ρ = .001). Therefore, there would be significant differences between the SSFs identified in both datasets. In conclusion, the top‐ranked factors can then be used to guide the SPI coordinators on where they should focus their attention to reach the desired SPI goals, which is crucial to deliver the software products and also facilitates in development of model for SPIs in the future.

show abstract

Beyond factors that motivate the adoption of the ISO/IEC 29110 in Mexico: An exploratory study of the implementation pace of this standard and the benefits observed

Cited by 3 publications

References 15 publications

Very Small Entities (VSEs): Outsourcing Risk to the Supply Chain Is Placing Systems Security Engineering on a Clay Foundation, but Playing Games May Help

Very Small Entities (VSEs): Outsourcing Risk to the Supply Chain Is Placing Systems Security Engineering on a Clay Foundation, but Playing Games May Help

Serious Games with SysML: Gamifying Threat Modelling in a Small Business Setting

Towards the sustainability of small and medium software enterprises through the implementation of software process improvement: Empirical investigation

Contact Info

Product

Resources

About