1 / 39

RISK MANAGEMENT

RISK MANAGEMENT. BY KANAKA DURGA KOTAMARTHY. INTRODUCTION. Risk management is the identification, assessment, and prioritization of risks. It also has to minimize, monitor, and control the probability and/or impact of unfortunate events. Risk- the possibility of suffering loss.

delila
Download Presentation

RISK MANAGEMENT

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. RISK MANAGEMENT BY KANAKA DURGA KOTAMARTHY

  2. INTRODUCTION Risk management is the identification, assessment, and prioritization of risks. It also has to minimize, monitor, and control the probability and/or impact of unfortunate events. Risk- the possibility of suffering loss. Risks may be strategic, financial, operational, employee, technical or economical.

  3. CONTENTS • Human factors in risk management • Risk Management Approaches • Risk Management Tools • Risk Management in Software Acquisition • Systematic Review • Results Summary • Conclusion

  4. RISK • A risk is a potential problem or an uncertain event– it might happen and it might not. • Two characteristics of risk • Uncertainty – the risk may or may not happen, that is, there are no 100% risks (those, instead, are called constraints) • Loss – the risk becomes a reality and unwanted consequences or losses occur

  5. Risk Management Continuous Risk Management is a practice with processes, methods and tools for managing risks in a product – SEI. Integrated software security risk management should be considered from the early phases in the development, so that software qualities can be ensured, and the products can be delivered on time within budget.

  6. Human Factors in Risk Management • Human and organization factors and their relations to the security risks should be addressed for ensuring the software security. Human involved in the software development: • Individual • Team • Management • Stakeholder

  7. Risk factors of Individual and Team • Personal competency of employing the development methods, language and tools • Experience and leadership of the team leader • Team performance • Availability of skilled personnel • Commitment to the project • Personnel loyalty to the organization • Skills of identifying and analyzing the factors in risk management, etc.

  8. Risk factors of Management and Stakeholders • Management directions and supports • Confidence level of the management team • Recruitment of right personnel • Collaborations with external organizations • Contract between management and service providers • Appropriate training resources • Periodical risk assessment and security planning • Additional budget, schedule for risk mitigation, etc.

  9. Risk factors of Organization • Organization structure and its stability • Internal and external communications • Efficiency • Maturity • Environment for implementing security policies and procedures • Integration of security issues with day-to-day operators • Adequate facility for software development, etc.

  10. Security Vulnerabilities • Deficient security awareness • Inadequate considerations of security issues more than virus and worms • Ignoring security alerts • Lack of security analysis before choosing products • Ignoring user’s responsibilities • Lack of periodical monitoring and maintenance, or timely update of security devices • Poor relationship with other teams, etc.

  11. Human Factors For Security Risk Management Process • Risk Identification • Risk Analysis and Mitigation Human perception –important risk factor for the whole process. Underestimation or overestimation of aspects of risk can bring wrong evaluation.

  12. Consideration and Recommendations • Human and Team work - proper training, appropriate software architecture, defined roles, etc. • Organization and Management – approved security policies, checklists, input/output validation, etc. • Technical Consideration – security policies and procedures, technologies, tools, etc.

  13. Approaches to Project Management • Reactive approach (traditional project Management) • Proactive approach (risk management) Approaches of risk management • Software Engineering Institute(SEI)’s SRM • Capability Maturity Model Integration(CMMI) • Project Management Body Of Knowledge(PMBOK)

  14. SEI’s Software Risk Management SEI risk management paradigm

  15. CMMI Risk Management and Process Maturity

  16. CMMI currently addresses three areas of interest: • Product and service development-CMMI for Development (CMMI-DEV) • Service establishment, management and delivery-CMMI for Services (CMMI_SVC) • Product and service acquisition-CMMI for Acquisition (CMMI-ACQ)

  17. PMBOK According to this guide, risk management comprises a number of processes which are: • Risk Management Planning • Risk Identification • Qualitative Risk Analysis • Quantitative Risk Analysis • Risk Response Planning • Risk Monitoring and Control

  18. Examples of Risk Management Tools • The Riskit Process • Risk Guide • Risk Radar Enterprise

  19. Steps in Riskit • Risk management mandate definition • Goal review • Risk identification • Risk analysis • Risk control planning • Risk control • Risk monitoring

  20. Riskit process

  21. RiskGuide Example of Risk Assessment Report

  22. Risk Radar Enterprise Example of RRE Risk State Screen

  23. Weaknesses of these tools is • Lack of deductive power • They tend to be too generic Intelligent Risk Management Tools Frameworks for developing them • Neural Network Approach • Intelligent Agent Based

  24. Risk Management in Software Acquisition

  25. Systematic Review • Question Formulation • Source Selection • Studies Selection • Information Extraction

  26. Flow diagram of systematic review

  27. Question Formulation • Question Focus – to identify initiatives and proposed reports of RM • Question Quality and Amplitude – defining syntax and semantics

  28. Sources Selection • Sources Selection Criteria Definition • Study Languages • Sources Identification • Sources Selection after Evaluation • References Checking

  29. Studies Selection • Studies Definition • Studies Type Definition • Procedures for studies selection • Selection Execution • Initial Studies Selection • Studies Quality Evaluation

  30. Information Extraction • Information Inclusion and Exclusion Criteria Definition • Data Extraction Forms • Extraction Execution • Resolution of divergences between reviewers

  31. Results Summary • Studies Trends • Studies Classification • Analysis of those studies covering the relationship of both acquisition and risk management

  32. Studies Trends

  33. Studies Classification Topics related only to risk management Topics related only to acquisition A relationship of both topics Other studies that have no relationship with these issues

  34. Studies covering relationship of both acquisition and risk management Studies analyzed by country Studies by company size

  35. Studies analyzed by models

  36. Proposals of Risk Management Acquisition

  37. Conclusion Human and Organization’s factors that were causing the risk need to be handled properly. The need of intelligent risk management tools is discussed. The systematic reviews makes an assessment of the studies in risk management for software acquisition in small settings in order to indentify the existing initiatives.

  38. References • Human Factors in Software Risk Management by Shareeful Islam, WelDong. • State of the Art of Risk Management in Software Acquisition by Jose A.Calvo-ManzanoVillalon, Cuevas Agustin, Gloria GascaHurtado, Tomas San FeliuGilabert • Intelligent Risk Management Tools for Software Development by John Dhlamini, IssacNhamu, Admire Kachepa

  39. Thank you

More Related