In modern Software Project, security and risk management are not just something one might do if there are time and resources. Security has become an important part of the end product. So, risk management must be introduced at the beginning of the project, and must be evaluated and assessed during the whole development cycle
Software Development Risk Methodologies for identification of software risk items have been offered by Boehm (1991), Keilet al., (1998), Ropponen and Lyytinen (2000), Barki et al., (1993) and IEEE (2001). Karolak (1996) and Jones (1994) have broadened the scope of software risk items to include strategic risk, such as marketing risks and financial risks.
Software Development Risk (cont’d) Ropponen and Lyytinen (2000) have classified software risk items into; • Scheduling and timing risks • System functionality risks • Subcontracting risks • Requirement management risks • Resource usage and performance risks • Personnel management risks.
Software Development Risk (cont’d) Meanwhile, Boehm and Ross (1989) suggest a list of the 10 major software risk items; • Personnel shortfalls • Unrealistic schedules and budgets • Developing wrong software functions • Developing wrong user interface • Gold plating • Continuing stream of requirement changes • Shortfalls in externally furnished components • Shortfalls in externally performed tasks • Real-time performance shortfalls • Straining computer science capabilities
Risk management activities and measures RMAs are to prevent software risks, to achieve early identification of software risk items, and to resolve them. Boehm and Ross (1989), Boehm (1991), Ropponen and Lyytinen(2000), and Karolak (1996), among others, have suggested a wide variety of risk management actions
Risk management activities and measures (Cont‘d) risk management actions can be grouped into the following classes: • Internal risk management actions, applied within the software developing organization. • Subcontracting risk management actions, dealing with the relationship between the software developer and his subcontractors and suppliers. • Customer risk management actions, dealing with the relationship between the software developer and the customer.
Risk management activities and measures (Cont‘d) When planning RMA, one should note that; • Some RMAs can prevent, identify or resolve SRIs of various types. • Some SRIs can be treated by several RMAs. • The efficiency of an RMA varies significantly with different projects and in different environments.
The risk management process It combines planning activities, implementation activities and monitoring activities. The aim; to initiate those risk management actions that can respond to the software risks identified and evaluated earlier.
The risk management process (Cont’d) The RMA workflow,