To see the other types of publications on this topic, follow the link: Software risk management.
Dissertations / Theses on the topic 'Software risk management'
Create a spot-on reference in APA, MLA, Chicago, Harvard, and other styles
Consult the top 50 dissertations / theses for your research on the topic 'Software risk management.'
Next to every source in the list of references, there is an 'Add to bibliography' button. Press on it, and we will generate automatically the bibliographic reference to the chosen work in the citation style you need: APA, MLA, Harvard, Chicago, Vancouver, etc.
You can also download the full text of the academic publication as pdf and read online its abstract whenever available in the metadata.
Browse dissertations / theses on a wide variety of disciplines and organise your bibliography correctly.
1
Fontoura, Lisandra Manzoni. "PRiMA : project risk management approach." reponame:Biblioteca Digital de Teses e Dissertações da UFRGS, 2006. http://hdl.handle.net/10183/6947.
Full textAbstract:
Esta tese propõe uma abordagem sistemática para gerenciar riscos em projetos de software, por meio da adaptação de processos. O objetivo da abordagem é permitir a elaboração de um processo específico para um dado projeto, visando minimizar a exposição do projeto aos riscos, identificados de acordo com o contexto do projeto. As atividades, possíveis de serem executadas em processos de projetos de uma organização, são estruturadas em um framework de processo (PRiMA-F), que inclui também os padrões de processo e organizacionais usados para descrever ações preventivas e corretivas aos riscos. A estruturação do framework básico, construído pela organização, poderá permitir distintas instanciações, como por exemplo, processos de acordo com o paradigma ágil ou planejado, ou em conformidade com normas de qualidade, como CMM e outras; além dos padrões organizacionais e de processo para gestão de riscos de projeto. PRiMA-F define o escopo maior do processo de software da organização e este é adaptado de acordo com os riscos identificados para o projeto e suas necessidades específicas, dando origem ao processo a ser usado no projeto. adaptação. Os guias descrevem como adaptar elementos de processo de acordo com o tamanho e o formalismo do projeto. Configurações de processo são modelos prédefinidos, visando atender projetos típicos ou modelos de qualidade. Prima-F pode ser estendida para novos riscos, padrões e processos, de acordo com as necessidades da organização. Utilizando o paradigma Goal/Question/Metric, no framework de processo (PRiMAF), são definidas métricas do processo de software, associadas aos riscos, para serem usadas para acompanhar o progresso dos fatores de risco, possibilitando ao gerente de projeto tomar ações corretivas, quando necessário e no momento adequado. As ações corretivas são descritas usando padrões organizacionais e de processo. Uma ferramenta de apoio à sistemática proposta (PRiMA-Tool) foi desenvolvida. Estudos de caso foram elaborados para validar a sistemática proposta
2
Greer, Desmond. "Software engineering risk : understanding and management." Thesis, University of Ulster, 2000. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.326127.
Full text
3
Gabriš, Ondrej. "Software Projects Risk Management Support Tool." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2011. http://www.nusl.cz/ntk/nusl-412827.
Full textAbstract:
Management projektů a jejich rizik je v současnosti rozvíjející se disciplína, která si získává stále větší pozornost a uplatnění v praxi. Tato práce popisuje úvod do problematiky řízení rizik, zkoumání metod jejich identifikace, vyhodnocení a managementu, předcházení jejich následkům a jejich zvládání. V další části práce byla provedena analýza vzorků rizik z reálných projektů, byly popsány metody pro identifikaci a vyhodnocení následků rizik v úvodních fázích softwarového projektu, taktéž byly popsány atributy rizik a navržen způsob jejich dokumentace. V závěrečné části zadání byl navržen a implementován prototyp modelové aplikace pro podporu managementu rizik softwarových projektů.
4
Crosby, Dave. "Project risk management in smaller software teams." Click here to access this resource online, 2007. http://hdl.handle.net/10292/378.
Full textAbstract:
This thesis investigates project risk management issues in smaller software teams. Certain gaps in the literature are identified. There is limited literature on what risk management techniques software practitioners use. The studies that are published tend to focus on large software teams. This thesis investigates what risks these smaller teams consider to be important. It also investigates what techniques are perceived to address these risks and how effective those techniques are considered to be. One of those risks is found to be of primary importance, yet this risk is not suggested by the project management literature. This thesis goes on to conduct a more in-depth exploration of that specific risk in the context of these smaller teams Interviews were selected as the most appropriate method to achieve the objectives of the thesis. Nineteen interviews in eight software organisations are conducted to collect data for this thesis. Three different perspectives on project risk were investigated. Those were the perspectives of the; service managers, project managers and developers. Hence a large store of rich information is collated. The results are analysed and a rich set of information is presented in this thesis. As a result of this research it is suggested that smaller software teams may find it useful to consider the 16 risks discussed in this research and how applicable those risks are to their individual organisation. Service managers may need to do more to raise the awareness of the importance of risks associated with ‘customer relationship issues’ within their own organisations. Three risks stood out as areas where future research might be most fruitful. They were; customer relationship issues, introduction of new technology and unrealistic schedules and budgets. Risks related to customer relationship issues were of particular significance and have tended to be over looked in the project management literature. It is submitted that research into standard project risk management approaches may need to be combined with business risk management approaches to gain a full understanding of the risks faced and addressed by these smaller teams.
5
Chiste, Brandão Ana Beatriz. "Risk Management in Software projectsusing Scrum framework." Thesis, KTH, Tillämpad maskinteknik (KTH Södertälje), 2013. http://urn.kb.se/resolve?urn=urn:nbn:se:kth:diva-122857.
Full text
6
JUNIOR, JOSE LUIS COUTO LYRA. "SOFTWARE IMPLEMENTATION FOR OPERATIONAL RISK MANAGEMENT SUPPORT." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2005. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=7631@1.
Full textAbstract:
PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIROO gerenciamento de risco em instituições bancárias, mais do que mera imposição das agências reguladoras distingue-se como fator de sucesso na melhoria dos processos, aumentando o resultado financeiro. Após o Acordo da Basiléia, a gerência de riscos de mercado e de crédito, cuja atuação se dá sobre as receitas, passou a ser realizada. Entretanto, alguns riscos atuam sobre as despesas, destacando-se o operacional, que é o risco de perdas oriundas de problemas com controles internos, sistemas, pessoas e eventos externos. O objetivo deste trabalho foi elaborar uma revisão abrangente da literatura e um protótipo de sistema computacional que permite medir o VaR do risco operacional de uma unidade de risco, utilizando o Modelo de Distribuição de Perdas (LDA), e aplicar modelos causais que expliquem estas perdas. Este protótipo é uma aplicação Internet/intranet desenvolvida na linguagem ASP e utilizou o MS-Access como banco de dados. Para os cálculos estatísticos, implementou-se uma interface de comunicação aplicação/MATLAB. A revisão da literatura objetivou a familiarização com conceitos básicos de risco operacional descritos pelo Comitê da Basiléia. Adicionalmente, apresentou detalhes técnicos para implementação do LDA, tais como Distribuição de Freqüência e de Severidade, métodos para determinação da distribuição de perdas operacionais e construção da base de dados de perdas. Independente das particularidades institucionais, esse protótipo permite a visualização das providências estratégicas e operacionais a serem tomadas para implementação e implantação de um sistema similar. Marca um ponto de partida para o desenvolvimento de um produto abrangente de gerenciamento de risco operacional nas mais variadas instituições e segmentos de mercado.
The risk management in financial institutions, more than just an imposition of the regulatory agencies, represents a success factor in the processes enhancement, elevating the financial results. After Basel Accord, credit and market risks management, which acts over earnings, were implemented. However, some risks are associated to the expenses, such as the operational risk, related to the losses from internal control, systems, human and external events problems. The aim of the present study was the elaboration of an extensive literature review and the development of a computation system prototype able to measure the operational risk VaR of a risk unit, using the Loss Distribution Approach (LDA) and to apply causal models that explain these losses. This prototype is an Internet/intranet application developed in ASP language, using MS-Access as database. For statistical evaluation, an interface between the application and MATLAB was implemented. The literature review pretended to give a better understanding of the basic concepts of operational risk described by the Basel Committee. In addition, it presented technical details for LDA implementation, such as Frequency and Severity Distribution, methods for the distribution of the operational losses determination and losses database construction. Independent of institutional peculiarities, this prototype allows the observation of strategic and operational providences to be taken for implementation and implantation of a similar system. It determines a startingpoint in the development of an operational risk management product valuable in several institutions and market segments.
7
Yakin, Cenkler. "Quantifying Risk Management Process In A Software Organization." Master's thesis, METU, 2006. http://etd.lib.metu.edu.tr/upload/12607138/index.pdf.
Full textAbstract:
This study presents a quantifying risk management process and its application on a software organization in terms of risk items mitigated, exposures covered, costs, and expected exposures covered.
Risk management is defined as setting forth a discipline and environment of proactive decisions and actions to assess continuously what can go wrong (risks), to determine what risks are important to deal with, and to implement strategies to deal with those risks. Risk management can be applied in all of the business areas. In the literature, there are sources for risk management. Some of them are qualitative, and some of them are quantitative. However, there is no much source about the application study of a quantifying risk management process on a software organization.
In order to obtain insight about this issue, this study presents a quantifying risk management system to the literature and also compares the quantifying risk management policies on the data set of a software organization by finding out and analyzing their performance with respect to designated decision parameters and preference profiles for risk items mitigated, exposures covered, costs, and expected exposures covered. At the end of this study, suitable quantifying risk management policies for each profile are recommended by considering the analysis of the data set as base.
8
Nilsson, Peter, and Erik Ohlsson. "Categorisation and formulation in risk management : Essential parts of a future Experience based Risk Management model within software engineering." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1727.
Full textAbstract:
This software engineering thesis addresses three main issues. When creating the risk documents for this master thesis project, we became even more aware of the problems with categorization and formulation of risk statements and the scope is now focusing on categorization and formulation as a necessity for Experience based Risk Management (EbRM). The EbRM process is the foundation of the thesis and the categorisation and formulation parts had to be solved before implementing the EbRM model. To give the reader a notion about the background of this work, a brief introduction to the Experience based Risk Management model is given in the thesis. The thesis is based on literature studies, experiences and experiments. The formulation system is gathered from the Software Engineering Institute (SEI) and is called the CTC-format (Condition, Transition, Consequence). This format allows you to separate conditions and consequence of the risk and thereby provides you with easier categorisation and understandability. The categorisation system used is the SEI Taxonomy Based Categorisation (TBC). A categorisation system built as a search tree where each leaf represents a rather narrow risk domain. In order to evaluate those two different systems we performed an experiment showing that the combination thereof gave a much higher match in sorting risks between different groups. The conclusions of this work are that the TBC in connection with the CTC structure forms a very good basis for risk management when it comes to categorisation and formulation. In addition to properly formulated and tagged names and a thorough process when identifying and documenting risks, the risk management will be facilitated by using our conclusions in further risk management. Oral information must as well be on a sufficient level to gain full benefits from a risk management process.
9
Burd, Elizabeth L. "Reuse with risk management : a decision support approach." Thesis, University of York, 1999. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.247526.
Full text
10
Olagbemiro, Albert O. "Application of Real Options theory to software engineering for strategic decision making in software related capital investments." Monterey, Calif. : Naval Postgraduate School, 2008. http://edocs.nps.edu/npspubs/scholarly/dissert/2008/Dec/08Dec%5FOlagbemiro_PhD.pdf.
Full textAbstract:
Dissertation (Ph.D. in Software Engineering)--Naval Postgraduate School, December 2008.Dissertation Supervisor(s): Shing, Man-Tak ; Mun, Jonathan. "December 2008." Description based on title screen as viewed on January 29, 2009. Includes bibliographical references (p. 175-181). Also available in print.
11
MacGregor, Eve. "Risk management strategies for intercultural factors in global software development." Thesis, University of British Columbia, 2007. http://hdl.handle.net/2429/31978.
Full textAbstract:
More and more development effort is spread across the globe in a variety of project configurations. In order to effectively manage these projects software project risk analysis must be expanded to include factors that are unique to projects that span distances, time zones and national and organizational cultures. This thesis describes a qualitative exploratory case study within a company that was initially outsourcing to a software house in India and later moved that development to an offshore office in China. This case is one of several that were part of a multi-pronged research effort exploring the effects of culture in a Global Software Development (GSD) environment. The interview questions explored the day-to-day work process of project personnel through a detailed conversation about their daily work life and their opinions about how the project went or was going. The analysis of participant interviews took a Grounded Theory approach. This thesis explores the issue of risks related to culture from two perspectives; a top-down approach wherein the literature in sociology and anthropology give insight into the concept of culture and into socio-cultural models and a bottom-up approach whereby the case study results are synthesized into practical recommendations. The results are two-fold. The first is a set of propositions that are useful for the identification and planning phases of risk management. The second is a summary of the risks encountered in the case under study along with associated strategies and the sociocultural model concepts and indices that are related.Applied Science, Faculty of
Electrical and Computer Engineering, Department of
Graduate
12
Cao, Xuke. "A cross-culture study of risk management in software projects." Thèse, [Rimouski, Québec] : Université du Québec à Rimouski, 2006.
Find full textAbstract:
Thèse (M. Sc.) - Université du Québec à Rimouski, 2006.Titre de lʹécran-titre (visionné le 23 avril 2007). Mémoire présenté à l'Université du Québec à Rimouski comme exigence partielle du programme de Maîtrise en gestion de projet. CaQRU CaQRU Bibliogr.: f. 53-58. Paraît aussi en éd. imprimée. CaQRU
13
Odeh, Muhammad F. "The Effect of Integrating Risk Management on Large-Scale Information Technology Projects Using an Integrated Software Risk Management Tool." Thesis, The George Washington University, 2018. http://pqdtopen.proquest.com/#viewpdf?dispub=10785800.
Full textAbstract:
A risk in principle is an uncertain event that if it occurs, may have an adverse or positive effect on a project's objectives. Adverse risks imply threats and positive ones may lead to opportunities. Proper risk management is creating an appropriate environment and a policy for maintaining efficient and effective processes that are vital elements not only to the success of projects but the organization as a whole.
The occurrence of risks is a reality in information technology (IT) projects, regardless if it is an implementation of proven technology, a new one or development of software for a specific function. An appropriate approach is a practice whereby organizations methodically address these risks with the objective of achieving sustained benefit within each project and across the organization as a whole. On the other hand, poor management is ignoring the chances of anticipating time, resources, and scope or budget risks. Risk management incorporates risk planning, identification, analysis, response planning, monitoring and controlling and closing processes. These standard methods, marshal the understanding of potential upside and downside factors that can affect the business and increases the probability of success while reducing not only the likelihood of failure and cost overrun but also the uncertainty of achieving the organization’s overall financial objectives.
This praxis represents a modeling approach focused on the impact of risk management on information technology projects by developing an integrated risk management tool. A framework to proactively adhere to risk management processes for identifying and analyzing risks so that proper responses are planned, risks are tracked, monitored, controlled and closed. The successful implementation of this risk management tool will serve as a guide to others for developing and implementing systematic project risk management that is suitable for their organizations. It helps provide better control over the future of the project and improves the chances of the project meeting its objectives and complete on time and budget.
This praxis contributes to the practice of risk management in IT projects by refining the perception of proactively utilizing proper risk management processes from the inception of the project and throughout its lifecycle. It also improves the understanding of what drives the use of risk management processes and methodologies on IT projects for the improvement of projects success rates and the overall health of the organization.
The failure ratio of IT projects meeting their objectives is a common concern and a frustrating challenge for executives. Integrating risk management processes throughout the lifecycle of project management using appropriate methodologies, techniques, and tools, mastering technology, relying on skilled project managers and effective teams and stakeholders’ management is practical and proven applications companies, project managers and practitioners can employ to increase the value and make the most of their IT projects.
14
Whitworth, Lloyd R. "Software risk management : a case study of the V-22 program /." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1996. http://handle.dtic.mil/100.2/ADA307865.
Full text
15
Arwe, John E. (John Elliott) 1964. "Reducing system software project risk through choice of project architecture." Thesis, Massachusetts Institute of Technology, 1999. http://hdl.handle.net/1721.1/9744.
Full textAbstract:
Thesis (S.M.)--Massachusetts Institute of Technology, System Design and Management Program, 1999.Includes bibliographical references (leaves 83-86).
The choice of project architecture - the structure of and interrelationships between product, processes, and organization - alters the project's risk profile. While most analyses take project scope as an input, I propose the examination of multiple project decompositions take place as part of project planning and project monitoring. The subprojects created by each decomposition will have unique risk profiles, suggesting different process and organizational adaptations that lower overall project risk. By selecting project decompositions that partition risk and then adapting the structure of each sub-project to mitigate its particular risks, the probability of risk occurrence is reduced and the severity of consequences may be reduced. Case studies of four IBM mainframe system software projects illustrate lessons regarding project architecture, some general and some project- or process-specific. These projects employ both waterfall and iterative process models, managed using varying degrees of functional, lightweight, and heavyweight organizations.
by John E. Arwe.
S.M.
16
Williamson, Christopher Loyal. "A formal application of safety and risk assessmen in software systems." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sep%5FWilliamson%5FPhD.pdf.
Full text
17
Roberts, Caroline. "Risk-based decision-making for the management of structural assets." Thesis, Cranfield University, 1999. http://dspace.lib.cranfield.ac.uk/handle/1826/4587.
Full textAbstract:
This thesis investigates the benefit of risk-based decision methods in engineering decisions. A thorough literature review identified the major issues and limitations in current methods. Consequently a more comprehensive model was developed to account for the complexities of real life decision-making. The enhancements introduced to the model include identifying and evaluating stakeholder influences, decision objectives, criteria and preferences between criteria and decision outcomes. Monitoring and controlling important parameters during implementation is also included to ensure objectives are met and risks controlled. Tools and techniques were identified to support decision-making within the new model. The research focuses on how available techniques can improve engineering decision-making. The model was applied to four case studies analysing real life, 'live' decision problems in bridge management and pipeline management. These confirmed the relevance and importance of the model enhancements. The practicality of the methods, their benefits and limitations were evaluated such that the proposed model was enhanced further. The enhanced model was shown to bring enhanced understanding to all four case studies and made the decisions more rational, thorough and auditable. The fifth case study reviewed how unsupported decisions are currently made within the sponsoring company. This involved a detailed desktop analysis of past projects and interviews with senior engineers and provided further evidence, which emphasised the value of using the decision model. General guidelines were developed based on the case study experiences to help the decision-maker identify the level of analysis required for different types of decision problems. These were defined as applicability matrices. The benefit of using a third party facilitator in each of the case studies was identified in terms of the roles of leader, liaison, disseminator, spokesman and disturbance handler. The balance between these five roles through the stages of the decision process was found to be important to ensure the facilitator does not dominate the decision.
18
Russ, Kimberly Sue. "An experimental investigation of the impact of risk on software project management." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1995. http://handle.dtic.mil/100.2/ADA304267.
Full textAbstract:
Thesis (M.S. in Information Technology Management) Naval Postgraduate School, September 1995.Thesis advisor(s): T. Hamid, Kishore Sengupta. "September 1995." Includes bibliographical references. Also available online.
19
Lindholm, Christin. "Software development and risk management in the safety critical medical device domain /." Lund : Department of Computer Science, Lund University, 2009. http://www.lu.se/o.o.i.s?id=12683&postid=1304138.
Full text
20
Yassin, Areej M. "Organizational Information Markets: Conceptual Foundation and an Approach for Software Project Risk Management." Scholar Commons, 2010. http://scholarcommons.usf.edu/etd/3500.
Full textAbstract:
This dissertation employs both design science and behavioral science research paradigms to investigate an emerging form of technology-enabled human collective intelligence known as information markets. This work establishes a conceptual foundation for the study of organizational information markets and the design and use processes of information markets inside organizations.
This research conceptualizes markets from an information systems perspective and presents an information systems research framework for organizational information markets. This work develops a systems theory of information markets to facilitate investigation of the relationships and interactions between markets as systems and their context of use. It proposes a structuration model for design and use of IT artifacts in organizations and applies it to the study of information markets. A framework of market users is developed to guide market design to satisfy the different motivational and informational needs of market users. A design based solution is proposed to an important open question in the information markets literature; how to generate sufficient uninformed trades. This research extends structuration theory by developing the structuration model of technology-induced organization development.
A well-designed information market can generate several benefits to organizations that contribute to their growth and development. Due to the importance of software in everyday life, and the high costs and percentages of failure in software projects, this dissertation proposes an information market solution to help organizations better manage the risks facing software projects. It also develops a theoretical framework for the determinants of software project risk assessment accuracy and evaluates the market‘s efficacy in improving assessment accuracy via the use of controlled laboratory experiments.
The results of the experiments demonstrate the market‘s efficacy in improving assessment accuracy by increasing the currency, accuracy and completeness of reported status information about project main objectives such as cost, schedule, performance and functionality. The results also demonstrate the market‘s efficacy in increasing individual willingness to report negative status information by decreasing their perception of information asymmetry between them and management/clients, and by increasing their perception of both the anonymity of the reporting mechanism and their perceived self-interest in reporting negative status information.
21
Licorish, Sherlock Anthony. "Tool support for social risk mitigation in agile projects a thesis submitted in partial fulfilment of the degree of Master of Computer and Information Sciences (MCIS) at the Auckland University of Technology, Auckland, June 2007 /." Click here to access this resource online, 2007. http://repositoryaut.lconz.ac.nz/theses/1354/.
Full textAbstract:
Thesis (MCIS - Computer and Information Sciences) -- AUT University, 2007.Primary supervisor: Anne Philpott. Co-supervisor: Professor Stephen MacDonell. Includes bibliographical references. Also held in print (x, 147 leaves : ill. ; 30 cm.) in City Campus Theses Collection (T 005.12 LIC)
22
Murrah, Michael R. "Enhancements and extensions of formal models for risk sssessment in software projects /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FMurrah.pdf.
Full text
23
Zeľo, Tomáš. "Managing of foreign exchange risk in software development company." Master's thesis, Vysoká škola ekonomická v Praze, 2011. http://www.nusl.cz/ntk/nusl-85294.
Full textAbstract:
This master thesis discusses the field of foreign exchange risk management and assesses efficiency of this type of risk management within FFastFill plc. The thesis contains two major parts. The first part, which contains the first and the second chapter, focuses on theoretical characteristics of foreign exchange market and sequentially defines the terms of foreign exchange exposure and foreign exchange risk. This part of thesis discusses hedging strategies and matters that are related to the selection of optimal hedging strategy. The second part of thesis contains the third and the fourth chapter. This part analyses the company from various perspectives and consequently analyses and quantifies the magnitude of company's translation and transaction exposure. The aim of this analysis is to assess company's current hedging strategy and to propose the optimal hedging strategy.
24
Murrah, Michael R. "Proposal to develop enhancements and extensions of formal models for risk assessment in software projects." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FMurrah.pdf.
Full text
25
Barbosa, Gabriel Negreira. "A CMS-based tool for continuous and collaborative risk management process." Instituto Tecnológico de Aeronáutica, 2009. http://www.bd.bibl.ita.br/tde_busca/arquivo.php?codArquivo=955.
Full textAbstract:
A Security Risk Management Process is an important part for any approach to software security. To be effective, this process should address some issues, like the analysis of different risks and related safeguards, continuous collaboration among involved professionals, and a robust access control mechanism due to the sensitivity of the involved information. In this research, it was developed a solution for security risk management based on an open-source CMS (Content Management System). This tool attends requirements for a secure, continuous and collaborative risk management, due to the importance and the lack of mature solutions in those aspects.
26
Guo, Qiu Ling. "Development of risk analysis models for decision-making in project management." Thesis, Edinburgh Napier University, 2001. http://researchrepository.napier.ac.uk/Output/2745.
Full textAbstract:
Risks and uncertainties are inherent in construction projects and if neglected these risks often lead to project cost and time overruns. Traditional methods of forecasting risks rely upon intuition and 'feel' which has proved inadequate for the needs of investors in modern construction projects. To cope with these recognised risks, a risk management framework, which consists four components (risk identification, risk classification, risk analysis and risk response), has been developed. The present research focuses on financial risks in construction management, and in particular, the development of enhanced quantitative, probabilistic methods for risk analysis. A comprehensive review of the treatment of risk and uncertainty in the construction industry is undertaken. Background knowledge of probability theory and Monte Carlo simulation is reviewed, as is previous investigations into construction network analysis and project economics. A comparison of the Programme Evaluation and Review Technique (PERT) and the Monte Carlo Simulation (MCS) methods in construction networks risk analysis is carried out. Two example projects are analysed by both methods. When applying the MCS method, a sensitivity analysis is carried out by investigating the effect of different probability distributions (Normal, Log-Normal, Beta, Triangular and Uniform) for individual activity durations, the number of simulations used and the effect of the manner of how the mean and standard deviations are set for the different probability distributions. A new analytical method, the Modified Stochastic Assignment Model (MSAM), is proposed for the prediction of project duration. Five example projects are used to demonstrate the validity of the MSAM and to illustrate its application in construction project evaluations. The accuracy of the MSAM method is assessed by comparison to the MCS method. A comparison of the MSAM with other analytical methods commonly used in construction network analysis, such as PERT and the Probabilistic Network Evaluation Technique (PNET), is also presented. The First Order Second Moment (FOSM) method, a methodology previously used solely in system reliability analysis is applied to project economics. The definition of the FOSM method is given and detailed mathematical treatments of these methods are described. The methodology of using the FOSM in construction economics is explained and ten examples are analysed using both the FOSM method and the MCS to show the applicability and the degree of accuracy of these methods. The current research shows that the MSAM method yields the probability of project completion within a prescribed target time, or the required project time at a specific probability. The research also shows that it is possible to use the FOSM methods for risk analysis in decision-making in construction economics in such areas as selection of project, elemental cost analysis, cash flow streams and setting of plant hire rates. Both methods require computational time that is significantly less than an equivalent MCS.
27
Alem, Mohammad. "Event-based risk management of large scale information technology projects." Thesis, De Montfort University, 2013. http://hdl.handle.net/2086/11392.
Full textAbstract:
Globalisation has come as a double-edged blade for information technology (IT) companies; providing growth opportunities and yet posing many challenges. Software development is moving from a monolithic model to a distributed approach, where many entities and organisations are involved in the development process. Risk management an important area to deal with all the kinds of technical and social issues within companies planning and programming schedules, and this new way of working requires more attention to be paid to the temporal, socio-cultural and control aspects than before. Multinational companies like IBM have begun to consider how to address the distributed nature of its projects across the globe. With outlets across the globe, the company finds various people of different cultures, languages and ethics working on a single and bigger IT projects from different locations. Other IT companies are facing the same problems, despite there being many kinds of approaches available to handle risk management in large scale IT companies. IBM commissioned the Distributed Risk Management Process (DRiMaP) model as a suitable solution. This model focused on the collaborative and on-going control aspects, and paid attention to the need for risk managers, project managers and management to include risk management into all phases of projects and the business cycle. The authors of the DRiMaP model did not subject it to extensive testing. This research sets out to evaluate, improve and extend the model process and thereby develop a new and dynamic approach to distributed information systems development. To do this, this research compares and contrasts the model with other risk management approaches. An Evolutionary Model is developed, and this is subjected to empirical testing through a hybrid constructive research approach. A survey is used to draw out the observations of project participants, a structured interview gathered the opinions of project experts, a software tool was developed to implement the model, and SysML and Monte Carlo methods were applied to this to simulate the functioning of the model. The Evolutionary Model was found to partially address the shortcomings of the DRiMaP model, and to provide a valuable platform for the development of an enterprise risk management solution.
28
Guillaume, Fumeaux. "Public Software as a Service a Business-Driven Guidance for Risk Control." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-60510.
Full textAbstract:
Because cloud computing adoption grows day-by-day, it is essential for theexecutives of a company to be able to rely on a risks management guidanceto fully grasp all the aspects concerning cloud computing security.The concerns of the industry, the security standards, the official guidelines,and the European laws about the security when using cloud serviceshave been analyzed. The risks, the measures, and the obligations have beengathered. This paper, with all these information collected, describes how torun a risk management for public SaaS security keeping a business-drivenmindset. While running the risk assessment, the management should look atthe impact a threat may have on company activities, image, and finances. Itwill decide on the measures that should be implemented by the administrationor the IT.Following this guidance should minimize the risk of using public SaaScloud computing and allowing a company to align its security goals with itsbusiness goals.
29
Serfontein, Heinrich. "A critical evaluation of the importance of a governance, risk and compliance software in the GRC process." Thesis, Stellenbosch : Stellenbosch University, 2012. http://hdl.handle.net/10019.1/95659.
Full textAbstract:
Thesis (MBA)--Stellenbosch University, 2012.Governance Risk and Compliance (GRC) software applications are designed to facilitate the GRC process. GRC software inherently faces the same implementation challenges as any other Enterprise Resource Planning (ERP) software. The design and usability of GRC software contribute substantially to how much value is added to the GRC process and as GRC is still in its infancy; it is likely to keep evolving as this process matures. Due to the inconstant nature of the GRC process, GRC software applications require a large amount of customisation to meet the special requirements of each organisation. The objective of this research was to establish the extent to which GRC software applications add value to the GRC process. The researcher also tried to establish whether organisations, that are currently using GRC software applications, gain more value from the GRC process than before they implemented GRC software applications. He conducted the research by presenting research questions, in the form of a questionnaire, to the risk executives of three Western Cape companies. The author of this research paper collected the responses from each company by conducting one-on-one interviews with each of the executives concerned and then reviewed and analysed the interview results of each company. Finally, the author completed a cross case analysis, by comparing GRC software application dimensions and characteristic ratings across the three companies concerned. The research indicated that there is not a great difference in importance between the five GRC design dimensions because they all received high performance ratings. There were some differences, however, in the perceived performance of each dimension, when analysing the dimension characteristics ratings. The research showed that the greatest benefit, of the use of GRC software applications, is the ability to add structure and consistency to the GRC process.
30
Thota, Venkata Rama Chaitra. "Risk as a Mechanism in Self-Organizing Agile Software Development Teams." University of Cincinnati / OhioLINK, 2017. http://rave.ohiolink.edu/etdc/view?acc_num=ucin1505206458441433.
Full text
31
Eksteen, Lambertus Lochner. "An investigation into source code escrow as a controlling measure for operational risk contained in business critical software." Thesis, Stellenbosch : Stellenbosch University, 2012. http://hdl.handle.net/10019.1/95629.
Full textAbstract:
Thesis (MBA)--Stellenbosch University, 2012.This research report outlines corporate governance and information technology risk management frameworks and the use of software escrow within a holistic enterprise risk management strategy to maintain business continuity. Available risk mitigation tools and frameworks were analysed including the use of software escrow as an information technology risk mitigation tool and continuity instrument. The primary researched problem relates to how organisations can ensure business continuity through managing the risks surrounding business-critical software applications. Software escrow was identified in the literature review as a risk management tool used to mitigate operational risks residing in the licencing of mission-critical software applications. The primary research question is: “How can source code escrow contribute towards business continuity by limiting risks contained in licensed business critical software applications?” This study found that an escrow agreement ensures an end-user access to licenced mission-critical intellectual property in the event of the owner’s insolvency, acquisition or breach of maintenance agreements and thereby ensures continuity. The following secondary research questions were also answered: “What types of operational risks will be minimised using software escrow?” and “What constitutes an effective source code agreement in South Africa?” The research identified that the main driver for escrow was operational risk of a mission-critical system failure due to maintenance and upgrades not taking place. The reasons identified included insolvency of the software supplier, acquisition of the supplier, loss of key resources (developers) and breach of maintenance or development agreements. The research also identified some limitations to the application of escrow and the reasons for some agreements not being executed. Key escrow contract quality criteria were identified which ensure an effective agreement under South African law. The following essential quality criteria were found to improve the efficiency of execution of the escrow contract: - Frequency and quality of deposits; - Deposit verification to ensure usability of material post release; and - Well-defined release trigger events to avoid legal disputes regarding what constitutes a release. Case studies highlighted the main risks that drive the creation of escrow agreements and identified limitations to the execution of some escrow agreements. The software end-user operational risks mitigated by the use of escrow included: - Continued use of the software despite vendor bankruptcy; - Reducing the dependency on the supplier for maintenance and support of the software Safeguarding critical business processes; and - Return on investment (software implementation, hardware and training of staff). It was concluded that, despite the legal and practical complexities concerned with escrow, it remains the best instrument to ensure continuity when relying on licensed intellectual property used for business-critical functions and processes. Software escrow is therefore a vital component of a well-formulated license agreement to ensure access to mission-critical technology (including all related intellectual property) under pre-defined conditions of release to the end-user (licensee). In the event of a release, the escrow agent gives the end-user access to the deposited source code and related materials for the purposes of business continuity only and in no way affects the ownership rights of the supplier/owner.
32
Taylor, Hazel Ann. "Risk management and tacit knowledge in IT projects: making the implicit explicit." Thesis, Queensland University of Technology, 2004. https://eprints.qut.edu.au/15907/1/Hazel_Ann_Taylor_Thesis.pdf.
Full textAbstract:
This research addressed the need for in-depth investigation of what actually happens in the practice of risk management in software package implementation projects. There is strong 'official' sanction in the IT literature for the use of formal risk management processes for IT projects but there is a confused picture of their application in practice. While many potential risk factors for IT projects have been identified, and formal procedures have been prescribed for the management of these risks, there has been little work investigating how project managers assess these risks in practice and what countermeasures they employ against these risks in their projects. In particular, the study used an interpretive critical decision interview approach to focus on those areas of risk management knowledge that project managers have acquired through experience, i.e. tacit knowledge.
A new categorization of risk factors emanating from three sources -- vendor, client, and third party -reveals risk factors not previously identified. Some of these new factors arise from the three sources noted, while others arise from the package implementation focus of the projects and from aspects arising from the location of the projects in Hong Kong. Key factors that cause problems even when anticipated and mitigated, and the most often unanticipated problems are also identified.
The study further presents an examination of the studied managers' risk management practices, and the strategies they use to address both potential and actual problems. This examination revealed close conformance with recommended literature prescriptions at some stages of projects, and significant variation at other stages, with strategies applied being broad and general rather than risk specific. A useful categorization of these strategies into four broad groups relating to different sets of risk factors is presented, reflecting the actual practice of respondents.
Tacit knowledge was revealed throughout these investigations in the variances observed between prescribed and actual practice, and particularly from an examination of project managers' decision-making practices from two different perspectives - rational and naturalistic. A hybrid decision-making model is proposed to capture the actual processes observed, and to provide prescriptive guidance for risk management practice.
The investigation makes a contribution to the field of IT project risk management in three ways. First, the investigation has addressed the need for empirical studies into IT risk management practices and the factors influencing project managers in their choice and application of strategies to manage risk. Second, by examining how experienced IT project managers approach the task of managing risk in software package implementations, the study has extended our understanding of the nature of the knowledge and skills that effective IT project managers develop through experience. Third, the study makes a theoretical contribution to our understanding of IT project risk management by examining the decision-making processes followed by IT project managers from the perspective of two contrasting theories of decision-making - the rational method and the Naturalistic Decision Making theory.
33
Taylor, Hazel Ann. "Risk management and tacit knowledge in IT projects: making the implicit explicit." Queensland University of Technology, 2004. http://eprints.qut.edu.au/15907/.
Full textAbstract:
This research addressed the need for in-depth investigation of what actually happens in the practice of risk management in software package implementation projects. There is strong 'official' sanction in the IT literature for the use of formal risk management processes for IT projects but there is a confused picture of their application in practice. While many potential risk factors for IT projects have been identified, and formal procedures have been prescribed for the management of these risks, there has been little work investigating how project managers assess these risks in practice and what countermeasures they employ against these risks in their projects. In particular, the study used an interpretive critical decision interview approach to focus on those areas of risk management knowledge that project managers have acquired through experience, i.e. tacit knowledge. A new categorization of risk factors emanating from three sources -- vendor, client, and third party -reveals risk factors not previously identified. Some of these new factors arise from the three sources noted, while others arise from the package implementation focus of the projects and from aspects arising from the location of the projects in Hong Kong. Key factors that cause problems even when anticipated and mitigated, and the most often unanticipated problems are also identified. The study further presents an examination of the studied managers' risk management practices, and the strategies they use to address both potential and actual problems. This examination revealed close conformance with recommended literature prescriptions at some stages of projects, and significant variation at other stages, with strategies applied being broad and general rather than risk specific. A useful categorization of these strategies into four broad groups relating to different sets of risk factors is presented, reflecting the actual practice of respondents. Tacit knowledge was revealed throughout these investigations in the variances observed between prescribed and actual practice, and particularly from an examination of project managers' decision-making practices from two different perspectives - rational and naturalistic. A hybrid decision-making model is proposed to capture the actual processes observed, and to provide prescriptive guidance for risk management practice. The investigation makes a contribution to the field of IT project risk management in three ways. First, the investigation has addressed the need for empirical studies into IT risk management practices and the factors influencing project managers in their choice and application of strategies to manage risk. Second, by examining how experienced IT project managers approach the task of managing risk in software package implementations, the study has extended our understanding of the nature of the knowledge and skills that effective IT project managers develop through experience. Third, the study makes a theoretical contribution to our understanding of IT project risk management by examining the decision-making processes followed by IT project managers from the perspective of two contrasting theories of decision-making - the rational method and the Naturalistic Decision Making theory.
34
Chang, Victor. "A proposed model to analyse risk and return for a large computing system adoption." Thesis, University of Southampton, 2013. https://eprints.soton.ac.uk/361523/.
Full textAbstract:
This thesis presents Organisational Sustainability Modelling (OSM), a new method to model and analyse risk and return systematically for the adoption of large systems such as Cloud Computing. Return includes improvements in technical efficiency, profitability and service. Risk includes controlled risk (risk-control rate) and uncontrolled risk (beta), although uncontrolled risk cannot be evaluated directly. Three OSM metrics, actual return value, expected return value and risk-control rate are used to calculate uncontrolled risk. The OSM data collection process in which hundreds of datasets (rows of data containing three OSM metrics in each row) are used as inputs is explained. Outputs including standard error, mean squared error, Durbin-Watson, p-value and R-squared value are calculated. Visualisation is used to illustrate quality and accuracy of data analysis. The metrics, process and interpretation of data analysis is presented and the rationale is explained in the review of the OSM method. Three case studies are used to illustrate the validity of OSM: • National Health Service (NHS) is a technical application concerned with backing up data files and focuses on improvement in efficiency. • Vodafone/Apple is a cost application and focuses on profitability. • The iSolutions Group, University of Southampton focuses on service improvement using user feedback. The NHS case study is explained in detail. The expected execution time calculated by OSM to complete all backup activity in Cloud-based systems matches actual execution time to within 0.01%. The Cloud system shows improved efficiency in both sets of comparisons. All three case studies confirm there are benefits for the adoption of a large computer system such as the Cloud. Together these demonstrations answer the two research questions for this thesis: 1. How do you model and analyse risk and return on adoption of large computing systems systematically and coherently? 2. Can the same method be used in risk mitigation of system adoption? Limitations of this study, a reproducibility case, comparisons with similar approaches, research contributions and future work are also presented.
35
Pinna, Cristina Coelho de Abreu. "Um roteiro centrado em arquitetura para minimização de riscos e incertezas em projetos de software." Universidade de São Paulo, 2004. http://www.teses.usp.br/teses/disponiveis/3/3141/tde-28082004-162053/.
Full textAbstract:
Visando lidar com as crescentes complexidades dos sistemas de software e aumentar a maturidade do processo de desenvolvimento através da minimização dos riscos e incertezas, a disciplina de Gestão de Riscos tem se apresentado como tema crescente na indústria e na academia de software. Um gerenciamento de riscos adequado pode implicar em melhoria do produto e no aumento da produtividade do processo de desenvolvimento de software. O presente trabalho apresenta uma especialização do processo de Gestão de Riscos para projetos de software. Esta especialização consiste em uma estratégia preventiva da Gestão de Riscos que permite transformar riscos e incertezas de projetos de software em requisitos de Arquitetura de software, de forma que a Arquitetura final obtida não seja impactada pelas eventuais ocorrências desses riscos, garantindo assim qualidade do produto e produtividade do processo. Após a conceituação teórica sobre riscos, incertezas e Arquitetura de software e a descrição da estratégia para mapeamento das categorias de riscos e incertezas em requisitos de Arquitetura, o trabalho apresenta a aplicação da estratégia proposta a alguns projetos de software reais, destacando os pontos positivos da abordagem. Conclusivamente, são discutidas as vantagens e os pontos críticos para a aplicação da estratégia proposta em projetos do dia-a-dia das organizações.In order to handle the growing complexities of software systems and increase the maturity of the development process through the minimization of risks and uncertainties, the Risk Management has been presented as an important subject in the software industry and academy. An adequate risk management can result in product quality improvement as well as increase the productivity of the software development process. This dissertation presents a specialization of Risk Management process for software projects. This specialization consists of a preventive strategy of Risk Management, which makes possible turning risks and uncertainties of software projects into requirements of software Architecture in a way that the final obtained Architecture is not impacted by eventual occurrences of these risks, therefore assuring the product quality and the process productivity. After the theoretical conceptualization of risks, uncertainties and software Architecture, and the description of the strategy for mapping risk and uncertainties categories in Architecture requirements, the dissertation presents the application of the proposed strategy to some software projects, emphasizing the positive points of the approach. Conclusively, the advantages and critical points for the application of the proposed strategy in regular projects are discussed.
36
Rodriguez, Rene, and Dalton Knapp. "Management Systems & Software Vulnerabilty : A cross sectional study on IT managers in the energy sector." Thesis, Linköpings universitet, Företagsekonomi, 2018. http://urn.kb.se/resolve?urn=urn:nbn:se:liu:diva-148435.
Full textAbstract:
The researchers want the results to support the management systems theory and the growingneed to apply strong standards. Upper level energy managers in the U.S need to be concernedbecause there are constant infrastructure risk disasters that are produced when internal softwareis compromised. The researchers want our empirical results to display the importance of thisproblem and see if the management systems theory is being used.
37
Rosén, Mikael, and Amir Saifi. "Projektriskhantering : En fallstudie på ett mjukvaruföretag." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2003. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-3221.
Full textAbstract:
This report provides an overview of Project Risk Management (PRM), which is a key part within project management. We performed a case study within a software company to improve their existing PRM process. The methods we used to perform the case study were interviews and a questionnaire. The objective of the case study was to understand the formal guidelines and the informal practices of managing risks in order to locate the lacks and flaws of PRM at the company. Alongside performing the case study, we studied project risk management in various references to build an overview of the characteristics of a successful model for project risk management. The characteristics of the successful model were compared to the data gathered from our case study and resulted in seven findings/weaknesses. To minimise these weaknesses we have suggested four improvement approaches. The improvement suggestions mainly consist of formal guidelines. Besides guidelines, proper Knowledge of PRM, a Risk Officer and clear Communication channels helps facilitate a more successful PRM.Den här rapporten återger en översikt av PRM (Project Risk Management - Projektriskhantering) som är en grundläggande del av projekthantering. Vi har utfört en fallstudie på ett mjukvaruföretag för att förbättra deras befintliga PRM-process. Metoden som vi använt oss av för att genomföra fallstudien har bestått av intervjuer och en enkätundersökning. Målet med fallstudien var att förstå vilka formella och informella rutiner/riktlinjer som finns och hur de används för att kunna identifiera svagheter i PRM-processen. Parallellt med genomförandet av fallstudien studerade vi PRM i litteraturen utifrån aktuella referenser på området för att kunna ta fram en bild av vilka karaktärsdrag en framgångsrik modell för riskhantering bör innehålla. Dessa karaktärsdrag jämfördes sedan med den data vi fick fram från fallstudien och resulterade i att vi fann sju svagheter med PRM på företaget. För att minimera dessa svagheter så har vi givit fyra förbättringsförslag. I huvudsak består förbättringarna av formella stödmallar. Förutom dessa mallar så behövs även kunskap om fördelarna med PRM, en riskofficer och klara kommunikationskanaler för att skapa en mer lyckosam PRM-process.
mikael@riskmanager.se amir@riskmanager.se
38
Ipland, Frederick Ferdinand. "An investigation to determine incremental risks to software as a service from a user’s perspective." Thesis, Stellenbosch : Stellenbosch University, 2011. http://hdl.handle.net/10019.1/18086.
Full textAbstract:
Thesis (MComm)--Stellenbosch University, 2011.ENGLISH ABSTRACT: Software as a Service (SaaS) – which is a deployment model of cloud computing – is a developing trend in technology that brings with it new potential opportunities and consequently potential risk to enterprise. These incremental risks need to be identified in order to assist in risk management and therefore information technology (IT) governance. IT governance is a cornerstone of enterprise-wide corporate governance. For many entities corporate governance has become a statutory requirement, due to the implementation of legislation such as Sarbanes-Oxley Act of the United States of America. The research aims to assist in the IT governance of SaaS, by identifying risks and possible controls. By means of an in-depth literature review, the study identified 30 key risks relating to the use and implementation of SaaS from the user’s perspective. Different governance and risk frameworks were considered, including CobiT and The Risk IT Framework. In the extensive literature review, it was found that CobiT would be the most appropriate framework to use in this study. Mapping the risks and technologies from the user's perspective to one or more of the processes of the CobiT framework, the research found that not all processes where applicable. Merely 18 of 34 CobiT processes where applicable. The study endeavoured to identify possible controls and safeguards for the risks identified. By using the technologies and risks that were mapped to the CobiT processes, a control framework was developed which included 11 key controls to possibly reduce, mitigate or accept the risks identified. Controls are merely incidental if it is not linked to a framework.
AFRIKAANSE OPSOMMING: Software as a Service (SaaS) – ‘n ontplooiingsmodel van cloud computing – is ‘n ontwikkelende tegnologiese tendens wat verskeie moontlikhede, maar daarby ook verskeie risiko’s vir ondernemings inhou. Hierdie addisionele risiko’s moet geïdentifiseer word om te help met die bestuur van risiko’s en daarom ook die beheer van Informasie Tegnologie (IT). IT beheer is ‘n belangrike deel van die grondslag van ondernemingswye korporatiewe beheer. As gevolg van die implimentering van wetgewing soos die Sarbanes-Oxley wetsontwerp van die Verenigde State van Amerika, het korporatiewe beheer ‘n statutêre vereiste geword vir verskeie ondernemings. Hierdie studie poog om die IT beheer van SaaS by te staan, deur risiko’s en moontlike beheermaatreëls te identifiseer. Deur middel van ‘n indiepte literatuur ondersoek het die studie 30 sleutelrisiko’s geïdentifiseer wat verband hou met die gebruik en implimentering van SaaS vanuit ‘n gebruikersoogpunt. Verskeie korporatiewe- en risiko raamwerke, insluitende CobiT en The Risk IT Framework, was oorweeg. Die literatuur ondersoek het egter bevind dat CobiT die mees toepaslikste raamwerk vir dié studie sal wees. Deur die risiko’s en tegnologieë vanuit ‘n gebruikers perspektief te laat pas met een of meer CobiT prosesse, het die navorsing bevind dat nie alle prosesse in CobiT van toepassing is nie. Slegs 18 van die 34 prosesse was van toepassing. Die studie het ook gepoog om moontlike beheer- en voorsorgmaatreëls vir die risiko’s te identifiseer. Deur die tegnologieë en risiko’s te gebruik wat gepas is teen die CobiT prosesse, is ‘n beheer raamwerk ontwikkel wat 11 sleutel beheermaatreëls insluit, wat die geïdentifiseerde risiko’s kan verminder, temper of aanvaar. Beheermaatreëls is slegs bykomstig as dit nie direk aan ‘n raamwerk gekoppel is nie.
39
Eklund, Sophie, and Daniel Gunnarsson. "The Rational Unified Process : A study on risk awareness." Thesis, Blekinge Tekniska Högskola, Institutionen för programvaruteknik och datavetenskap, 2002. http://urn.kb.se/resolve?urn=urn:nbn:se:bth-1373.
Full textAbstract:
Introduction to problem: Many software development projects today have a tendency to fail on some level. Even though they may not fail entirely, they might be completed with schedule delays, budget overrun or with poor quality that do not meet the customer?s requirements. When a project fails in some way, it is because one or many project risks have occurred. Our own opinion in this matter is that if the project team members are more aware of the project?s risks, it might increase the probability of project success. Therefore, we wanted to explore the area of risk awareness. We contacted Volvo Information Technology AB and through discussions we decided to investigate risk awareness when using one of their software project methods. That method was the Rational Unified Process. This report has not been conducted because Volvo IT considers this to be a problem that they wanted to investigate. Instead, we wanted to investigate this since we find the area of risk awareness among project team members interesting and we were able to do this with help from Volvo IT. Even though we mention the term ?project success? in this report, we will not investigate this in the report. Hypothesis: ?By using the Rational Unified Process, a higher awareness of the risks can be achieved by all team members of the project? Aim: The aim of this report is to investigate if risk awareness among project team members increases when software development projects make use of the Rational Unified Process. Method: We have used a web-based questionnaire to gather information. Four projects at Volvo Information Technology AB were contacted and asked to participate in the questionnaire. Two of these were using RUP and two did not use RUP. Personal e-mails were later sent out to each of the project managers with a description of the aim of our research and the way it would be carried out. The participants had a total of seven workdays to fill out the questionnaire. After seven days the site of the questionnaire were closed down. Conclusion: The differences in answers to certain questions have been rather significant between the two project methods. On the whole though, the answers have been positive for both project methods from a risk awareness point of view. Therefore, it seems to us that risk awareness is not dependent on the project method that is being used. We feel that we have not received enough convincing proof that members of RUP projects possess a higher awareness of project risks than non-RUP project members. Therefore we are of the opinion that we cannot verify our hypothesis.Introduktion till problem: Många av dagens mjukvaru-projekt har en tendens till att misslyckas på ett eller annat sätt. Även om de inte misslyckas helt, kan det hända att de slutförs med förseningar, stora kostnader utanför budgetens ramar eller med otillräcklig kvalitet som inte motsvarar kundernas krav. Anledningen till att ett projekt misslyckas på något sätt är att en eller flera projekt-risker har inträffat. Vår åsikt i detta ämne är att om projekt-medlemmarna har högre medvetenhet om sitt projekts risker kan detta leda till en ökad sannolikhet att projektet "lyckas". Vi ville därför undersöka området risk-medvetenhet närmare. Vi kontaktade Volvo Information Technology AB och genom diskussioner bestämde vi oss för att undersöka risk-medvetenhet vid användandet av en av deras mjukvaru-projekts metoder. Denna metod var The Rational Unified Process. Denna rapport har inte genomförts på grund av att Volvo IT anser detta vara ett problem som de ville ha undersökt. Istället ville vi själva undersöka detta eftersom vi tycker att risk-medvetenhet bland projektets medlemmar är ett intressant område som borde undersökas. Vi kunde genomföra detta tack vare hjälp från Volvo IT. Även om vi nämner begreppet "lyckade projekt" i rapporten, kommer vi i rapporten inte att undersöka detta. Hypotes: "Genom att använda sig av the Rational Unified Process, kan man uppnå en högre risk-medvetenhet bland projektets samtliga medlemmar" Syfte: Syftet med denna rapport är att undersöka om risk-medvetenheten bland projektets medlemmar ökar när mjukvaru-projekt använder sig av the Rational Unified Process. Metod: Vi har använt en web-baserad enkät för att samla information. Vi kontaktade fyra projekt på Volvo Information Technology AB och frågade om de ville medverka i vår enkät. Två av dessa projekt använde the Rational Unified Process och två gjorde det inte. Personliga e-mail skickades senare ut till varje projektledare med förklaring till syftet med undersökningen samt sättet den skulle genomföras på. Deltagarna hade totalt sju arbetsdagar att fylla i enkäten. Efter dessa sju dagar stängdes sidan med undersökningen. Slutsats: Skillnaden i svar på vissa av frågorna var ganska markanta mellan de två projekt metoderna. Dock, från ett risk-medvetenhets perspektiv, var svaren på det hela taget positiva för båda projekt metoderna. Därför verkar det som att risk-medvetenhet inte är beroende av vilken projekt-metod som används. Vi anser oss inte ha tillräckliga belägg för att medlemmar av projekt som använder the Rational Unified Process besitter en högre risk-medvetenhet än projekt som inte använder sig av denna metod. Vi anser därför att vi inte kan verifiera vår hypotes.
Sophie Eklund 0739-078698 Daniel Gunnarsson 0737-344243
40
Birkus, Kristián. "Systém pro podporu managementu rizik v IT projektech." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2009. http://www.nusl.cz/ntk/nusl-236705.
Full textAbstract:
This thesis presents a system designed to support risk management in IT projects. The presented system is based on an in depth analysis of project and risk management in the field of information Technologies. The implementation started only after the exhaustive analyzation process. The system was implemented in programming language C#. On the database level MS SQL server is used.
41
Lioupras, Ioannis, and Eleni Manthou. "Don’t let my Heart bleed! : An event study methodology in Heartbleed vulnerability case." Thesis, Umeå universitet, Institutionen för informatik, 2014. http://urn.kb.se/resolve?urn=urn:nbn:se:umu:diva-90126.
Full textAbstract:
Due to the rapid evolution of technology, IT software has become incredibly complex. However the human factor still has a very important role on the application of it, since people are responsible to create software. Consequently, software vulnerabilities represent inevitable drawbacks, found to cost extremely large amounts of money to the companies. “Heartbleed” is a recently discovered vulnerability with no prior investigation that answers questions about the impact it has to the companies affected. This paper focuses on the impact of it on the market value of the companies who participated in the vulnerability disclosure process with the help of an event study methodology. Furthermore our analysis investigates if there is a different affection to the value of the company based on the roles those companies had in the process. Our results suggest that the market did not punish the companies about the existence of vulnerability. However the general negative reaction of the market to the incident reflects the importance of a strategic vulnerability disclosure plan for such cases.
42
Masset, Benjamin, and Ismail Sekkat. "Implementation of Customer Relationship Management in the Cloud : The example of SMEs through a multiple case study analysis." Thesis, Högskolan i Halmstad, Sektionen för ekonomi och teknik (SET), 2011. http://urn.kb.se/resolve?urn=urn:nbn:se:hh:diva-15913.
Full textAbstract:
Purpose: The aim of this thesis is to build a practical guide to get a clear understanding about the implementation process of Customer Relationship Management in the cloud within Small. It also describes the different concepts that are Customer Relationship Management, Cloud computing and CRM in the cloud, especially related to the SMEs, in order to have a great insight that gives the opportunity to implement successfully this paradigm. Scientific method: The research lies in the interpretative field of inquiry. Abduction is used to combine empirical data with theoretical studies in orderto tryto investigate patterns that could give an understanding of the phenomena that is studied. Descriptive research approach using multiple-case study design is used. Theoretical frame of references: The first part of the theoretical frame of references explores existing theories. This leads to CRM and Cloud Computing. The second part explores different means of analysing our problematic. Empirical method: The chosen approach is qualitative. Interviews have been conducted for data collection. Documentsarehave beengathered and analysed to support the interviewguides. We also gathered a previous practical guide from Salesforce in order to compare our results. Analysis: Analysing hosted CRM implementation of three SMEs using Salesforce, it describes the key facts that have to be taken into account to implement the Salesforce CRM solution. Conclusion: The findings show how three companies can be analysed to draw conclusions about the implementation process. According to interviews, theories, documents from hosted CRM provider, some suggestions have been advised to avoid problems concerning the implementation in SMEs.
43
Flanagan, Raymond. "The impact of applying structured, object based software modelling techniques on the design and implementation of business processes, business perfomance management and business/operational risk management systems." Thesis, University of Strathclyde, 2006. http://oleg.lib.strath.ac.uk:80/R/?func=dbin-jump-full&object_id=21663.
Full textAbstract:
This thesis examines the implementation of a number of business change programmes completed within three specific organisations; PSNI (Police Service of Northern Ireland), BAA plc and Govan Initiative (Scottish Enterprise). Specifically the study focuses on the methods of implementation employed and the corresponding results. The study examines, on the basis of case study evidence, the impact of employing contrasting approaches to the documentation of business change programmes. The projects studied range in approach from those which employ manually documented methods to those which use structured software modelling technique for the design and implementation of business change programmes. The programmes considered fall into the areas of Business Processes, Business Performance Management and Risk Management. The study finds that there is a case for the use of structured, object based methods supported by modelling software, particularly in relation to the implementation of change programmes with a significant IT basis or where there is complex relationship between activities and supporting human resource interface. The study concludes that the use of a structured, software supported implementation methodology can be employed to improve the quality of implementation, mitigate risks of conflict and resistance, decrease the cost and effort associated with modification and re-engineering, and contribute significantly to the sustainability of the implementation objectives under certain circumstances.
44
Hošták, Martin. "Systém pro podporu managementu rizik." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2009. http://www.nusl.cz/ntk/nusl-236676.
Full textAbstract:
The thesis deals with project management body of knowledge with focus on a risk management. It explained the importance of risk management in software developing projects. Risk management cycle and used methodology is described. The core unit of second part is requirements analysis for risk management support system, description of the application via UML and implementation of application which was created in development environment NetBeans IDE 6.5 in Java language. Conclusion of my thesis contains a short summary and possible way of extension.
45
Blahušiaková, Barbora. "Návrh projektu vývoje nové verze softwaru s využitím metodiky projektového managementu." Master's thesis, Vysoké učení technické v Brně. Fakulta podnikatelská, 2019. http://www.nusl.cz/ntk/nusl-402004.
Full textAbstract:
The main object of this thesis is a design of the project with the utilization of project management principles in the chosen company. Company SynopsIS Technologies, a.s. is developing and selling a software solution for advocacy and law offices. The starting point of the entire process of designing is the strategic analysis of the current state of the company, analysis of the external environment and business field of the company. The main object is a designed project of the change, which will be used for project management in order to successfully reach set goals and minimize the risks of the project. A designed solution is using the support of Microsoft Project Professional 2016 software.
46
SILVA, Fabiana Leonel Ambrosio da. "Análise do Impacto do Gerenciamento de Riscos no Sucesso de Projetos: Um Estudo de Caso em uma Organização de Desenvolvimento de Software." Universidade Federal de Pernambuco, 2017. https://repositorio.ufpe.br/handle/123456789/19689.
Full textAbstract:
Submitted by Irene Nascimento (irene.kessia@ufpe.br) on 2017-07-14T18:38:48Z
No. of bitstreams: 2
license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5)
Dissertação_FabianaLeonelAmbrosioSilva.pdf: 3451937 bytes, checksum: cfeb3cbd7cc81a5e5e8b356ab0384e08 (MD5)Made available in DSpace on 2017-07-14T18:38:48Z (GMT). No. of bitstreams: 2 license_rdf: 811 bytes, checksum: e39d27027a6cc9cb039ad269a5db8e34 (MD5) Dissertação_FabianaLeonelAmbrosioSilva.pdf: 3451937 bytes, checksum: cfeb3cbd7cc81a5e5e8b356ab0384e08 (MD5) Previous issue date: 2017-02-28
A falha na condução dos projetos de software é um assunto que sempre foi uma preocupação para a engenharia de software. Muitas são as iniciativas em melhoria de processo no desenvolvimento de software e gerenciamento de projetos que buscam reduzir estas falhas. Os projetos de software são complexos por natureza e estão sujeitos a uma série de incertezas. Conhecer estas variáveis pode ajudar aos gestores a tomar decisões de forma eficaz e conduzir o projeto ao sucesso. Mesmo com todas as iniciativas para que os projetos tenham sucesso, as incertezas sempre existirão. Essa constatação faz com que a área de gerência de riscos tenha uma importância significativa. O objetivo deste trabalho foi realizar uma análise do impacto do gerenciamento dos riscos no sucesso de projetos de software. A implantação das melhorias no processo de gerenciamento de risco objetivaram também atender aos modelos de maturidade CMMI e MPS.BR. Para isso, foi realizado um estudo de caso em uma organização de desenvolvimento de software. Durante o estudo de caso, a criação de um repositório de riscos organizacionais foi realizada e alimentada com cinco projetos. Um dos desafios deste trabalho foi definir conceitos e medidas objetivas para avaliar os eventos associados com o gerenciamento de riscos e com o sucesso de projetos. Uma avaliação preliminar em 15 (quinze) projetos finalizados foi realizada para entender como o gerenciamento dos riscos de cada um desses projetos, impactou no seu sucesso.
The failure of conducting software projects is an issue that becomes a concern for Software Engineering. There are many initiatives to reach process improvement in software development that intend to reduce these failures. The software projects are complex by nature and are subject to a number of uncertainties. Knowing these variables can help managers take decisions to effectively lead the project to success. Even with all these initiatives for projects to succeed, uncertainties exist. This observation means risk management has significant importance. The goal of this work was to analyze the impact of risk management on the success of software projects. The implementation of improvements in the risk management process also aimed to meet the CMMI maturity models and MPS.BR. In this direction, a case study in a software development organization was conducted. During the case study, a repository with organizational risks was the created and fed with the risks from five projects. One of this work's challenges was to define concepts and accurate measures to assess the events associated with the risk management and project success. A preliminary assessment within fifteen (15) completed projects was performed in order to understand how risk management impact on their success
47
He, Ying. "Generic security templates for information system security arguments : mapping security arguments within healthcare systems." Thesis, University of Glasgow, 2014. http://theses.gla.ac.uk/5773/.
Full textAbstract:
Industry reports indicate that the number of security incidents happened in healthcare organisation is increasing. Lessons learned (i.e. the causes of a security incident and the recommendations intended to avoid any recurrence) from those security incidents should ideally inform information security management systems (ISMS). The sharing of the lessons learned is an essential activity in the “follow-up” phase of security incident response lifecycle, which has long been addressed but not given enough attention in academic and industry. This dissertation proposes a novel approach, the Generic Security Template (GST), aiming to feed back the lessons learned from real world security incidents to the ISMS. It adapts graphical Goal Structuring Notations (GSN), to present the lessons learned in a structured manner through mapping them to the security requirements of the ISMS. The suitability of the GST has been confirmed by demonstrating that instances of the GST can be produced from real world security incidents of different countries based on in-depth analysis of case studies. The usability of the GST has been evaluated using a series of empirical studies. The GST is empirically evaluated in terms of its given effectiveness in assisting the communication of the lessons learned from security incidents as compared to the traditional text based approach alone. The results show that the GST can help to improve the accuracy and reduce the mental efforts in assisting the identification of the lessons learned from security incidents and the results are statistically significant. The GST is further evaluated to determine whether users can apply the GST to structure insights derived from a specific security incident. The results show that students with a computer science background can create an instance of the GST. The acceptability of the GST is assessed in a healthcare organisation. Strengths and weaknesses are identified and the GST has been adjusted to fit into organisational needs. The GST is then further tested to examine its capability to feed back the security lessons to the ISMS. The results show that, by using the GST, lessons identified from security incidents from one healthcare organisation in a specific country can be transferred to another and can indeed inform the improvements of the ISMS. In summary, the GST provides a unified way to feed back the lessons learned to the ISMS. It fosters an environment where different stakeholders can speak the same language while exchanging the lessons learned from the security incidents around the world.
48
Neves, Sandra Miranda [UNESP]. "Gestão de riscos baseada no conhecimento: modelo conceitual para empresas de desenvolvimento de software." Universidade Estadual Paulista (UNESP), 2013. http://hdl.handle.net/11449/105353.
Full textAbstract:
Made available in DSpace on 2014-06-11T19:34:58Z (GMT). No. of bitstreams: 0
Previous issue date: 2013-12-05Bitstream added on 2014-06-13T19:44:43Z : No. of bitstreams: 1
000733708.pdf: 4977605 bytes, checksum: e61139ad46b778315339889ed5f570f7 (MD5)Uma GestãodeRiscos eficaz conduz os projetos de desenvolvimento de software ao sucesso e pode influenciaros resultados da organização. A Gestão do Conhecimento participa desseprocesso como forma de auxílioà tomada de decisão. O objetivo deste trabalho é,pois, estruturarum modeloconceitualpara o processo de Gestão de Riscos Baseada noConhecimento (GRBC) que seja aplicável a empresas de desenvolvimento de software incubadas. A pesquisa adota umaabordagem metodológicaqualiquantitativa. Assim, empregou-se o método de pesquisa da modelagem matemática pormeio da utilizaçãode métodos de tomada de decisão multicritério para a estruturação eordenaçãodos Fatores de Sucessoem iniciativas de Gestão do Conhecimento. Também foram avaliadas quais técnicas de Gestão do Conhecimento são utilizadas para a análise dos riscos de projetos de desenvolvimento desoftware. Osresultados serviram de base para compor o modelo conceitual para a GRBC. A utilização do Analytic Hierarchy Process(AHP) e do Decision MakingTrialEvaluation Laboratory (Dematel), determinou, em parte, que o trabalho atingisse o objetivo geralestabelecido tendo comobase umaabordagem estruturada
An effective Risk Managementleadsthe software development projects to success and caninfluencethe organizational results. The Knowledge Management participates as an aidto decision-making. Theaim of this paper is to outlinea conceptual model toward the Knowledge-Based Risk Management (KBRM) process, applicable at Incubated Software Development companies. The research adopts a quali-quantitative methodological approach. Thus, it hasbeen employedthe mathematical modeling researchmethod through theuse of multi-criteriadecision-making process for the structuring and coordinating the successes factor in Knowledge Management initiatives. They can alsoassess which Knowledge Management techniques are usedforthe software development risks projects analysis. The results formedthe basis for composingtheKBRM conceptual model. The use of Analytic Hierarchy Process (AHP) and of DecisionMaking Trial Evaluation Laboratory (Dematel) has determined, in part, the work to accomplish the overall established objectives, based on a structured approach
49
Neves, Sandra Miranda. "Gestão de riscos baseada no conhecimento : modelo conceitual para empresas de desenvolvimento de software /." Guaratinguetá, 2013. http://hdl.handle.net/11449/105353.
Full textAbstract:
Orientador: Carlos Eduardo Sanches da SilvaCoorientador: Valério Antonio Pamplona Salomon
Banca: Jorge Muniz Junior
Banca: Eduardo Gomes Salgado
Banca: David Noboru Narano
Banca: José Hamilton Chaves Gorgulho Junior
Resumo: Uma GestãodeRiscos eficaz conduz os projetos de desenvolvimento de software ao sucesso e pode influenciaros resultados da organização. A Gestão do Conhecimento participa desseprocesso como forma de auxílioà tomada de decisão. O objetivo deste trabalho é,pois, estruturarum modeloconceitualpara o processo de Gestão de Riscos Baseada noConhecimento (GRBC) que seja aplicável a empresas de desenvolvimento de software incubadas. A pesquisa adota umaabordagem metodológicaqualiquantitativa. Assim, empregou-se o método de pesquisa da modelagem matemática pormeio da utilizaçãode métodos de tomada de decisão multicritério para a estruturação eordenaçãodos Fatores de Sucessoem iniciativas de Gestão do Conhecimento. Também foram avaliadas quais técnicas de Gestão do Conhecimento são utilizadas para a análise dos riscos de projetos de desenvolvimento desoftware. Osresultados serviram de base para compor o modelo conceitual para a GRBC. A utilização do Analytic Hierarchy Process(AHP) e do Decision MakingTrialEvaluation Laboratory (Dematel), determinou, em parte, que o trabalho atingisse o objetivo geralestabelecido tendo comobase umaabordagem estruturada
Abstract: An effective Risk Managementleadsthe software development projects to success and caninfluencethe organizational results. The Knowledge Management participates as an aidto decision-making. Theaim of this paper is to outlinea conceptual model toward the Knowledge-Based Risk Management (KBRM) process, applicable at Incubated Software Development companies. The research adopts a quali-quantitative methodological approach. Thus, it hasbeen employedthe mathematical modeling researchmethod through theuse of multi-criteriadecision-making process for the structuring and coordinating the successes factor in Knowledge Management initiatives. They can alsoassess which Knowledge Management techniques are usedforthe software development risks projects analysis. The results formedthe basis for composingtheKBRM conceptual model. The use of Analytic Hierarchy Process (AHP) and of DecisionMaking Trial Evaluation Laboratory (Dematel) has determined, in part, the work to accomplish the overall established objectives, based on a structured approach
Doutor
50
Coelho, Alexandre Guilherme Nicco. "Uma infraestrutura de gerência de conhecimento em organizações de software aplicada à gestão de riscos." Universidade Federal do Espírito Santo, 2010. http://repositorio.ufes.br/handle/10/6397.
Full textAbstract:
Made available in DSpace on 2016-12-23T14:33:44Z (GMT). No. of bitstreams: 1
Alexendre Guilherme Nicco Coelho Parte 1.pdf: 1812241 bytes, checksum: afb64d5454a11b8ef31b520b50d80f3a (MD5)
Previous issue date: 2010-08-27Em uma organização, muitas pessoas começam a trabalhar, realizam suas atividades e vivenciam novas experiências. Como consequência disso, essas pessoas adquirem conhecimentos que podem ser utilizados em situações futuras. Porém, muitas vezes, o conhecimento adquirido fica mantido apenas nas mentes dessas pessoas e, quando elas saem da organização, o conhecimento organizacional também é perdido. Logo, pessoas novatas na organização correm o risco de repetir os mesmos erros que outras pessoas já cometeram, sendo que isso poderia ser evitado. O conhecimento organizacional tem se tornado cada vez mais importante. Gerenciar esse conhecimento não é uma tarefa simples, porém muitos benefícios podem ser alcançados quando isto é feito, em especial, a melhoria da realização das atividades do processo de negócio da organização. É importante que a organização defina estratégias de como capturar, armazenar, disponibilizar e utilizar esse conhecimento quando necessário. Mesmo quando não é possível documentar o conhecimento obtido pelos membros da organização, é importante que a organização conheça suas habilidades e competências para que, ao surgir problemas, pessoas mais indicadas possam ser localizadas para resolvê-los. Além disso, mecanismos de apoio à comunicação podem ser muito úteis para a interação entre os membros da organização, além de serem utilizados como ferramenta para o compartilhamento e geração de conhecimento. Dentre as atividades do processo de software, uma que se destaca é o gerenciamento de riscos. Gerenciar riscos em projetos de software não é uma tarefa fácil e requer conhecimento e experiência. Com isso, experiências adquiridas na execução de projetos passados podem ser muito úteis para a gestão de riscos de novos projetos. O objetivo principal deste trabalho é desenvolver uma infraestrutura de gerência de conhecimento a ser utilizada em organizações de software. Essa infraestrutura é usada no apoio às atividades de gerenciamento de riscos de projetos de software
In an organization, many people start to work, perform their activities and live new experiences. As a consequence of that, these people acquire knowledge that can be used in future situations. However, the acquired knowledge is maintained only in the minds of these people and when they leave the organization, organizational knowledge is also lost. Soon, newcomers in the organization can repeat the same mistakes that others have committed, and this could be avoided. Organizational knowledge has become increasingly important. Manage this knowledge is not a simple task, but many benefits can be achieved when this is done, in special, the improvement of the business process performance. It is important for the organization to define strategies to capture, store, deliver and use that knowledge when needed. Even when it is not possible to document the knowledge gained by members of the organization, it is important that the organization knows their abilities and skills so that, when problems arise, most suitable persons can be found to solve them. Moreover, communication support mechanisms can be very useful for interaction among members of the organization, besides being used as a tool for sharing and generation of knowledge. Among the activities of the software process, one that stands out is risk management. Managing risk in software projects is not an easy task and requires knowledge and experience. Thus, experience gained in past projects can be very useful for risk management of new projects. The main objective of this work is to develop a knowledge management infrastructure for software organizations. This infrastructure is used to support activities of risk management of software projects