Search results

This paper examines the conflict between rule-based and principle-based approaches to benefits realisation in agile projects. It proposes a principle-based framework as a more effective alternative, aligned with the iterative and adaptive nature of agile methodologies.

The research utilises semi-structured interviews to gather qualitative data from professionals experienced in agile projects. Causal loop diagrams are employed to illustrate the relationships between identified principles. The study identifies 12 key principles essential for agile benefits realisation, with a particular focus on visibility and consequence management.

The study finds that a principle-based approach to benefits realisation is more compatible with agile methodologies compared to a rule-based approach. The flexibility of principle-based decision-making allows for continuous adaptation and improvement, aligning with the dynamic and iterative nature of agile projects. The principles of visibility and consequence management emerge as critical factors in successfully realising benefits in an agile environment.

The findings are based on qualitative data from a limited number of interviews, which may not be generalisable across all agile projects. Further research with a larger sample size and diverse project types is recommended to validate and refine the proposed principles.

Agile teams and project managers can leverage the identified principles to enhance their decision-making processes and improve benefits realisation outcomes. Adopting a principle-based approach can lead to more flexible, responsive and effective project management practices.

By promoting more adaptive and responsive project management practices, the adoption of a principle-based approach can contribute to greater satisfaction and collaboration among project stakeholders, leading to more successful project outcomes.

This research contributes to the existing body of knowledge by highlighting the limitations of rule-based approaches in agile contexts and proposing a principle-based framework for benefits realisation. The identification of specific principles and their interrelationships provides a novel perspective and practical guidance for agile practitioners.

Project managers face decisions every day and those decisions result in an “either or” situation. This is also true when it comes to the choice of a project management approach, i.e. predictive versus iterative. A case is made in this article that project managers should be ambidextrous and apply practices that are beneficial to the project, irrespective of the origin of the practices.

This study is based on a questionnaire focussing on six themes. The results of 290 projects were analysed using ANOVA and boxplots to test for skewness and variances.

Based on the analysis of 117 practices, most of these projects could be classified as either hybrid or iterative projects. The results indicate that irrespective of the classification of the projects or the industry, projects are managed using a hybrid approach, with a tendency to incorporate more iterative practices than predictive practices.

This article contributes to the current debate on which approach is the best given certain circumstances.

For many innovative organisations, Industry 4.0 paves the way for significant operational efficiencies, quality of goods and services and cost reductions. One of the ways to realise these benefits is to embark on digital transformation initiatives that may be summed up as the intelligent interconnectivity of people, processes, data and cyber-connected things. Sadly, this interconnectivity between the enterprise information technology (IT) and industrial control systems (ICS) environment introduces new attack surfaces for critical infrastructure (CI) operators. As a result of the ICS cybersecurity risk introduced by the interconnectivity between the enterprise IT and ICS networks, the purpose of this study is to identify the cybersecurity capabilities that CI operators must have to attain good cybersecurity resilience.

A scoping literature review of best practice international CI protection frameworks, standards and guidelines were conducted. Similar cybersecurity practices from these frameworks, standards and guidelines were grouped together under a corresponding National Institute of Standards and Technology (NIST) cybersecurity framework (CF) practice. Practices that could not be categorised under any of the existing NIST CF practices were considered new insights, and therefore, additions.

A CI cybersecurity capability framework comprising 29 capability domains (cybersecurity focus areas) was developed as an adaptation of the NIST CF with an added dimension. This added dimension emphasises cloud computing and internet of things (IoT) security. Each of the 29 cybersecurity capability domains is executed through various capabilities (cybersecurity processes and procedures). The study found that each cybersecurity capability can further be operationalised by a set of cybersecurity controls derived from various frameworks, standards and guidelines, such as COBIT®, CIS®, ISA/IEC 62443, ISO/IEC 27002 and NIST Special Publication 800-53.

CI sectors are immediately able to adopt the CI cybersecurity capability framework to evaluate their levels of resilience against cyber-attacks, given new attack surfaces introduced by the interconnectivity of cyber-connected things between the enterprise and ICS levels.

The authors present an added dimension to the NIST framework for CI cyber protection. In addition to emphasising cryptography, IoT and cloud computing security aspects, this added dimension highlights the need for an integrated approach to CI cybersecurity resilience instead of a piecemeal approach.

This paper aims to identify and appropriately respond to any socio-technical gaps within organisational information and cybersecurity practices. This culminates in the equal emphasis of both the social, technical and environmental factors affecting security practices.

The socio-technical systems theory was used to develop a conceptual process model for analysing organisational practices in terms of their social, technical and environmental influence. The conceptual process model was then applied to specifically analyse some selected information and cybersecurity frameworks. The outcome of this exercise culminated in the design of a socio-technical systems cybersecurity framework that can be applied to any new or existing information and cybersecurity solutions in the organisation. A framework parameter to help continuously monitor the mutual alignment of the social, technical and environmental dimensions of the socio-technical systems cybersecurity framework was also introduced.

The results indicate a positive application of the socio-technical systems theory to the information and cybersecurity domain. In particular, the application of the conceptual process model is able to successfully categorise the selected information and cybersecurity practices into either social, technical or environmental practices. However, the validation of the socio-technical systems cybersecurity framework requires time and continuous monitoring in a real-life environment.

This research is beneficial to chief security officers, risk managers, information technology managers, security professionals and academics. They will gain more knowledge and understanding about the need to highlight the equal importance of both the social, technical and environmental dimensions of information and cybersecurity. Further, the less emphasised dimension is posited to open an equal but mutual security vulnerability gap as the more emphasised dimension. Both dimensions must, therefore, equally and jointly be emphasised for optimal security performance in the organisation.

The application of socio-technical systems theory to the information and cybersecurity domain has not received much attention. In this regard, the research adds value to the information and cybersecurity studies where too much emphasis is placed on security software and hardware capabilities.