How to prevent from failures of Software Projects?

Software, in today's time, has A lot to do with a business's success. It plays an important role in business development and presents an image that is unmatchable. More than 50 years after the invention of project methodologies, more than half of all IT projects fail due to a lack of time, resources, funds, software failures, etc..

What Is Software Project Failure

 A failure that occurs when a piece of software or hardware does not perform as expected by the user. The user may need to identify the severity of the failures such as catastrophic, critical, major or minor, depending on their impact on the systems they are operating on.

Reasons for Software Project Failure

1. Poor Project Management
2. Unrealistic or unarticulated project goals
3. Inaccurate estimates of needed resources
4. Badly defined system requirements
5. Poor reporting of the project's status
6. Poor communication among customers, developers, and users
7. Use of immature technology
8. Inability to handle the project's complexity
9. Unmanaged risks
10. Commercial pressures

Let's See Some Ways to Make Your Software Project  Success

 1. Ensure that your Vendor Comprehends the Information Correctly

We have noticed that many software projects fail or get challenged due to vendor / manager's incompetence. To make your software project a success, it is imperative that your vendor or project head collects adequate information from the client.

1. Check whether your vendor or software project manager is posing proper and precise questions to the client, which can actually help in understanding the end product. Check whether they have subject matter experts and project managers during the discussions.

2. Vendors, in-house teams and third-party contractors should be able to give nearly accurate time and budget frames for your project.

3. An experienced manager should try to understand the business case of the project, and tries to gauge the keenness of all your stakeholders. This is one of the many ways to ensure project success at a start-up company or new company that you are looking to set up.

 

2. Estimate Proper Time and Budget Frames

Once you are sure that your in-house or outsourced vendor has got a firm grip over the requirements and nature of the software project, expect a genuine timeline from them. Avoid vendors who keep on changing timelines, which implies that they have failed to gauge the project in its entirety. Ensure that the costing is purely based on the nature and complexity of the project, and not just on the assumptions.

 

3. Design and Processes are Vital; Give them Due Importance

Check if your vendor or your software team can come up with a clean design and execution plan. Software project planning and road map designing is the key, and if you see that the in-house or outsourced vendor is jumping directly to coding anticipating early rollouts, be careful as it could lead to disaster.

 

4. Engage a Team with the Right Skill Set

Most software development contracts (SDLC) tend to rely on the same team for each and every step of the SDLC, often ignoring the specific skills and competence that your project may demand at different stages. Interview junior developers before engaging them to work on your project if possible. Don't assign partly skilled developers under experienced developers just to save costs, which leads to software project failure.

 

5. Ensure that the Success Metrics are Well-defined

Do you know how to define success metrics and KPIs for a project? This will ensure that your vendor or project manager has got clear pointers to work upon and succeed. Failing to define these metrics like functional milestones may cause the project to fail as they are left unchecked.

 

6. Active User Participation is the Key

If not, you could be staring at a challenged or failed project. End users' perspective is a vital ingredient of your software project.

 

7. Ascertain that Testing is An Ongoing Process

Code testing should never take a backseat and must be part of every project from start to finish. Ensure that the project head is always ready with a clean working source - most vendors/PMs fail to do this and wait till the end to test the whole project. Failing to do so will surely lead to catastrophic errors in the live environment for you and your clients.

 

8. Skilled Executive Sponsors

Executive sponsors are critical to the success of a software project and if your vendor is engaging a poorly skilled or an executive sponsor who spends less time with the development process it will leave a deep dent in the overall development. Successful software projects have executive sponsors who fuel the whole development process with their presence and actions.

 

9. On-time Delivery of Internal Milestones

A clear milestone chart with details of every specific step of the process is important for project success. If your vendor/in-house team is delivering milestones on time and as per specifications you have engaged the right vendor. If they fail or often change milestone dates then you are in for trouble.

 

10. Revise or Revisit Requirements, Wherever Needed

This is a sign that they have a robust process and are keen to clarify things when needed. See whether your vendor is back to gather more requirements from you, which is a good sign.

Provisions in Sri Lanka for Cyber World

 

The article is about the laws in Sri Lanka to prevent cyber-attacks and analyzing whether those laws are sufficient to prevent a cyber warfare in the future. Cyber warfare consists with the actions of any international organization to attack and do damage the infrastructure, computers or information systems of another nation by using computer viruses or denial of service attacks. This can be also defined as affecting in a war fare in the background of computers and networks.

The first global instrument to address cyber crime is “2001 Budapest convention promoted by the council of Europe”. Sri Lanka also has taken the membership of that council and Computer Crime No.24 of 2007 Act (CCA) came into practice. In Sri Lanka, it can be identified that there are several acts for the prevention of crimes which cause through the internet as follows (Ariyadasa, 2019).

•        Electronic Transaction Act.
•        Information and Communication Technology Act.
•        Telecommunication Act.
•        Computer Crime Act.
•        Intellectual Property Act

Literature Review

When considering globally, the number of cyber security incidents that has been occurred in year 2015 was 59.06 million. According to the estimated statistics, the total annual cost of all data breaches by year 2019 will be $ 2.1 trillion. When concerning about Sri Lanka, the Sri Lanka Computer Emergency Readiness Team (Sri Lanka CERT) received 3907 incidents which are related to cyber security in year 2017. Sri Lanka has taken a number of measures for the cyber security based on ISO 27000, data sharing policy and legislations such as (Sri Lanka CERT|CC, 2019);

• Electronic Transactions Act No. 19 of 2006,
• Payment devices frauds Act No. 30 of 2006. 
• The Intellectual property rights Act.
• Computer crimes Act No. 24 of 2007.

Terrorists use the new technology to fulfill their purposes. The terrorists use social media to communicate their messages. Sri Lanka has to implement new laws to protect against the misuse of communication networks. So that, the laws have to be strict. Sri Lanka should have a proper digital security which protect the general public who involve with the information. And also, the Sri Lankan government needs to enforce new laws based on social media and regulate social media.

 Penalties should be brought against hate speech (Ariyadasa, 2019). According to the Oxford dictionary, Cyber Bullying refers to using electronic communication to bully a person by sending messages in a threatening nature. In cyber bullying, the use of Electronic communication or internet to hurt someone take place or forcing someone to do something that they do not want to do taken place. Cyber bullying take place when someone harass on social media or internet communications such as skype, WhatsApp, viber, you tube etc. Posting rumors, sexual remarks etc. can be considered as harmful bullying behaviors (Ariyadasa, 2019).

          

According to Sri Lankan police records, a decrease of the normal crime rate can be identified. But the study analyzes cyber-crime. This type of crimes gradually increased. Phishing, abuse privacy, malware, e-mail harassment, fake accounts (Facebook), and intellectual property cases reported to the Sri Lankan Computer Emergency Readiness Team. In addition to this e-banking cases, website hacking, e-mail harassment, child pornography cases reported to Cyber-Crime Unit in Sri Lanka police. According to the computer crime act of 1997, computer crime has been identified as a term used to identify all the frauds that are connected with or related to computer and information technology. 

In Section 3 to Section 10, it has been described the key substantive offences under computer crime act. Securing unauthorized access to a computer an offence, doing any act to secure unauthorized access in order to commit an offence, causing a computer to perform a function without lawful authority an offence, offences committed against national security and national economy and public order. And also, about dealing with unlawful data and, unlawfully obtained an offence, illegal interception of data an offence, using of illegal devices an offence, unauthorized disclosure of information enabling access to a service also an offense (Jayasekara and Rupasinghe, 2015). 

There is a provision in the act which enhances the scope of intellectual property provisions contained in the Intellectual Property Act 36 of 2003. An amendment made to the penal code in 2006 introduced an offence requiring all persons providing a computer service like a cybercafe to ensure that such a service would not be used for offences relating to sexual abuse of a child (Jayasekara and Rupasinghe, 2015).

                 

1.   Espionage

Cyber espionage is one of the area concerns about the illegally access confidential or classified information. This can be happened to military or any other organization. So, it is necessary to know how to ensure their data classification (Nathaniel, 2018). Without having adequate security measures and strategies, the world will not be protected or safe from cyber espionage privy to data drain to multinational organizations from local. In Sri Lanka there is a need of data security and digital privacy laws since currently there are no data privacy laws practice in Sri Lanka (Fernandopulle, 2018). In the contemporary world, many countries and nations are engaging in cyber espionage which is distinct from a cyber-attack.

When concerning about cyber-attacks, cyber-attacks cause huge damage for infrastructure but in cyber espionage the main goal is gathering information. In cyber warfare, there is a use of hacking to attack the target for the purpose of espionage or sabotage (Sri Lanka Computer Emergency Readiness Team | Coordination Centre, 2016).

          

        

         

2. Sabotage   

Simply, sabotage can be defined as stealing of electronic data. In this situation an intentional damage to the websites take place. This cause for the websites to get hacked, defaced or destroyed (Rajapaksha, 2015). The cyber sabotage is also carried out by terrorists. When concerning about sabotage, one of the most important case was the August 1997, “suicide email bombings” by internet black tigers, a faction of the Liberation Tigers of Tamil Eelam (LTTE), here the target was the e mail accounts of Sri Lankan embassies in Seoul, Washington and Ottawa (Dolnik, 2009). Sabotage attacks are a huge security threat for the future.

                                      

3.   Cyber Terrorism

The terrorists also use the internet for the purpose of organization, planning, entertainment and to educate the believers. Al – Qaeda, started in 2011, many Jihadi groups and individuals moved on to social media platforms. They create sponsored twitter accounts and use them to release their statements and videos. In Sri Lanka, the computer crimes act covers several areas related with computer crimes, data misuse, data privacy, cyber stalking, cyber bullying etc. have to be filled by the legislature (Ariyadasa, 2019). Terrorists like to tight control of their messages but lacking directly control of mass media, print or television, have in the past relied on compelling mainstream media into doing the communication by means of the staging of attacks. 

Social media enable terrorists to communicate their radicalizing messages to a far wider circle of potential adherents than they could have reached with traditional media. The radicalization required personal contact with someone who could provide materials, ideological grooming, and connections to wider jihadist networks (Ariyadasa, 2019). Cyber terrorism does not require the cyber terrorists to be physically present. Cyber terrorists can remotely launch attacks, and remain anonymous by using proxy servers and other methods to hide their real addresses. Because cyber terrorists will simply hide their identity, it is hard for government agents to trace and capture them.       

           

      

     4.  Electric Power Grid

Electric grids are complex infrastructures. The electric grids are far more than generating stations, transformers, high voltage transmitting lines and finally the distribution lines which are connect to the consumers. There is a major concern about cyber security with the increased connectivity. Since there is a high level of connectivity, a high level of protection is needed (Monteagudo, 2019). The privacy of the information of the consumers have to be concerned and also it is necessary to protect the system from malware and malicious updates.

      5. Economic Disruption

The cyber-attacks highly impact towards the economic disruption of a country. The cyberattacks can disrupt the lives of citizens In Sri Lanka, the country’s future economic prosperity and social wellbeing will be depending on the country’s security of cyber networks (Dauris, 2019). The cyber-attacks impact towards the financial system of a country, causing banks, businesses and consumers. The cyber-attacks impact on stock prices too. In addition to direct financial damage, businesses and governments also have to spend money and resources to identify what know-how and data have been compromised by hackers.

6.  Surprise Attacks

The Surprise attacks often succeed even though, in most cases, warnings had been available beforehand. Surprise has always been an inseparable feature of terrorism. Terrorism operates on the presumption that the victim will be accessible and vulnerable precisely because the attack is unexpected at a particular point in time and space. In other words, for an attack to be successful the victim must be taken by surprise (Morris, 2009).

7. Propagandism

Cyber propaganda is the use of modern electronic methods to influence public perceptions towards a certain point of view. Here, the stealing of private information and releasing that information to the public, hacking machines, spreading fake news etc. take place (Trendmicro.com, 2017). The LTTE also conducted propaganda campaigns to raise funds from the Tamil diaspora and international sources using social media platforms. The criminal activities such as cloning of credit cards and credit card fraud had been carried out using Information Communication Technology. In an examination of the LTTE’s military operations against the Sri Lankan state it became apparent that the LTTE had launched cyber-attacks on the country’s websites and its missions abroad.

 

Methodology

When concerning about the laws prevailing in Sri Lanka, four main acts are related to internet. Those acts are;

• Computer crime Act No. 24
•  Electronic transaction Act No.19
•  Information Communication Technology Act No. 27
•  Information Communication Technology Act No. 33
•  Intellectual property Act No. 26

 

(1) Primary data: interviews, lawyers, judges cyber-crime investigators, policy makers, media researchers.

(2) Content analysis: Computer Crime Act No. 24 of 2007, Electronic Transaction Act No. 19 of 2006, Intellectual Property Act No. 36 of 2003, Information and Communication Technology Act No. 27 of 2003;

 (3) Secondary data: websites, books, journals, and magazines, Academic research articles about cybercrimes.

In Sri Lankan Laws, following can be considered as the laws in Sri Lanka for the prevention of computer and cyber-crimes;

• Information Communication Technology Act 2003.
• Payment and settlement Act of 2005.
• Intellectual property Act No 36 of 2006.
• Sri Lankan Telecommunication Act No 27 of 1996. Mobile Payment Guidelines No 1 of 2011.

 

Payment Devices Frauds Act No. 30 of 2006,

When considering this act, the Payment devices fraud Act No 30 of 2006 has been introduced to prevent the use of unauthorized or counter payment devices in the country

 

Intellectual Property Act No. 36 of 2003,

This act contains several new features in relation to the protection of software, trade secrets and integrated circuits.

 

Computer Crimes Act No. 24 of 2007

The Computer Crimes Act No. 24 of 2007 provides for the identification of computer crimes and stipulates the procedure for the investigation and enforcement of such crimes. The Act creates offences for unauthorized modification, alteration or deletion of information and denial of access, which makes it an offence for any person to program the computer in such a manner so as to prevent authorized persons from obtaining access. Other offences sought to be created under the proposed Act include causing damage or harm to the computer by the introduction of viruses and logic bombs etc., unauthorized copying of information, unauthorized use of computer service and interception of a computer program, data or information while it is been transmitted from one computer to another (Gov.lk, n.d.).

 Sri Lanka's Criminal Code of Criminal Procedure is being implemented to identify a computer crime, to investigate and prevent crime. In the first chapter of the Sri Lanka Computer Crimes Act (CCA), 11 offenses are listed as per the purpose of identifying computer crimes. These are internationally accepted common mistakes. The first offence identified in the act is to attempt to access or access without permission to a computer, so that if there is no legal right to access, the individual is committing a computer crime. Section 5 is one of the most important sections that must be discussed when considering the CCA. In here a person has committed an unauthorized entry into the computer, computer system, or computer program as a crime. 

According to section 15 of CCA, special procedure to investigate computer crime has been introduced by Sri Lanka's cybercrime laws. Earlier, the court did not admit the evidence by the court. Also, there are no sufficient police officers present in the investigation, and the lack of technical knowledge of police officers who are technically less likely to do so There are problems with such weaknesses Location doesn't shield IT professionals. The most important point in Sri Lanka is that the Sri Lankan law allows to take both civil and criminal action in the court. Also, the Sri Lankan law allows the ability to enforce injunctions. Under the Sri Lankan computer crime act, any person trying to commit an offence under above categories can be subjected to penalty. (Senarathna, 2019).

 Cyber security Act

A. The objectives of cybersecurity act is to confirm the effective implementation of the National Cyber Security Strategy in Sri Lanka, mitigate and take actions to cybersecurity threats and incidents effectively, establishing the Cyber Security Agency of Sri Lanka and to empower the institutional framework to provide a safe and secure cybersecurity environment; and protect the Critical Information Infrastructure. The Act has provision for the Cyber Security Agency which helps to solve all the issues which are relating to the cybersecurity policy prevailing in the country. (Sunday Observer, 2019).

B.

a)To ensure the effective implementation of the National Cyber Security Strategy in Sri Lanka. b) To prevent, mitigate and respond to cybersecurity threats and incidents effectively and efficiently.

c) To establish the Cyber Security Agency of Sri Lanka and to empower another institutional framework to provide for a safe and secure cybersecurity environment and,

 d) To protect the Critical Information Infrastructure.

 

 The Electronic Transactions Act No. 19 of 2006

This act is based on the standards established by United Nations Commission on International Trade Law Model Law on Electronic Commerce (1996) and Model Law on Electronic Signatures (2001).

The objectives of the Act as are as follows (Electronic Transactions ACT, No. 19 of 2006)

To facilitate national and international electronic commerce by eliminating legal barriers and establishing legal certainty.

To encourage the use of reliable forms of electronic commerce.

To facilitate electronic filing of documents with government and to promote efficient delivery of government services by means of reliable forms of electronic communications.

To improve public confidence in the authenticity, integrity and reliability of data messages and electronic communications.

Suggestions and Opinions

 Without a transactional jurisdiction, controlling of cybercrimes is not easy. A single individual or a state cannot fight against these types of crimes. It is possible to prevent the cybercrimes by getting together as countries. For the purpose of harmonization of cybercrimes, the International cooperation can be implemented. The prevailing legal system in the country have to be modify to face these issues in a transnational level with the help of other jurisdictions. The establishment of rules and regulations under Cyber Crime Act is in a very lower level in the country. ICT Agency of Sri Lanka should identify and commence programs to develop capacity in the Police Department so that Police personnel would be well equipped to investigate computer crimes. Lack of knowledge and awareness in terms of computer crimes in people is another problem in Sri Lanka. 

Awareness about computer crimes and new media literacy have to be provided in all three languages practiced in the country. It is necessary to taught parents about the internet safeguard methods. Human Resource of an organization should be trained from time to time to raise awareness about the latest attacking procedure. Conduct regular risk assessments and define vulnerabilities. Organizations must now be information security conscious and must develop and implement proper security controls based on the results of their internal risk assessment and vulnerability assessment.

Conclusion

In Sri Lanka, there is a huge challenge in preventing cybercrimes. The computer crimes are not only problems among individuals but also this is a method of war and even nuclear bombs can be activated by without the authority. Nasar measures have to be taken by the government of Sri Lanka and other countries regarding cybercrimes. So that, the people can enjoy peace and security in the world. In Sri Lanka, there is a challenge in preventing cyber-crime.

 The growth of network-based crime has raised difficult issue in respect of appropriate balance between the needs of those investigating and prosecuting such crime, and the rights of users of such networks, so there is a need to empower the coordination process. Prosecutor, investigator, and judger need to work in coordinating manner, experienced investigators need to deal with cyber-crime. Awareness in new media literacy and information technology is one way of minimizing cyber-crime. Also, Sri Lankan legal system needs to be modified. 

My opinion is that the law of Sri Lanka must be brought to a more advanced level.