1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN.

Slides:



Advertisements
Similar presentations
Chapter 7 Managing Risk.
Advertisements

Museum Presentation Intermuseum Conservation Association.
Control and Accounting Information Systems
Note: See the text itself for full citations. Information Technology Project Management, Seventh Edition.
Project Management Gaafar 2007 / 1 This Presentation is uses information from PMBOK Guide 2000 Project Management Risk Management* Dr. Lotfi Gaafar.
Risk Analysis & Management. Phases Initial Risk Assessment Risk Analysis Risk Management and Mitigation.
Chapter 7: Managing Risk
CST 481/598 Many thanks to Jeni Li.  Potential negative impact to an asset  Probability of a loss  A function of three variables  The probability.
Introducing Computer and Network Security
The Australian/New Zealand Standard on Risk Management
Risk Management Vs Risk avoidance William Gillette.
Project Risk Management Risk Mitigation. Risk Management  The prime objective of risk management is to minimize the impact and probability of the occurrence.
8 Managing Risk Teaching Strategies
Part II Project Planning © 2012 John Wiley & Sons Inc.
Introduction to Network Defense
SEC835 Database and Web application security Information Security Architecture.
Visual 3. 1 Lesson 3 Risk Assessment and Risk Mitigation.
PRM 702 Project Risk Management Lecture #28
Project Risk Management. The Importance of Project Risk Management Project risk management is the art and science of identifying, analyzing, and responding.
Overview Of Information Security Management By BM RAO Senior Technical Director National Informatics Centre Ministry of Communications and Information.
Chapter 11: Project Risk Management
Information Systems Security Computer System Life Cycle Security.
PROJECT RISK MANAGEMENT Presentation by: Jennifer Freeman & Carlee Rosenblatt
HIT241 - RISK MANAGEMENT Introduction
Introducing Computer and Network Security. Computer Security Basics What is computer security? –Answer depends on the perspective of the person you’re.
Risk management process
Risk planning & risk management (RM)
© 2015 Cengage Learning. All Rights Reserved. May not be scanned, copied or duplicated, or posted to a publicly accessible website, in whole or in part.
Risk Management Project Management Digital Media Department Unit Credit Value : 4 Essential Learning time : 120 hours.
Hartley, Project Management: Integrating Strategy, Operations and Change, 3e Tilde Publishing Chapter 10 Risk Management Proactively managing the positive.
Risk Assessment and Management. Objective To enable an organisation mission accomplishment, by better securing the IT systems that store, process, or.
1 Project Risk Management Project Risk Management Dr. Said Abu Jalala.
Chapter 11: Project Risk Management
Chapter 12 Project Risk Management
Software Project Management
Security Policies and Procedures. cs490ns-cotter2 Objectives Define the security policy cycle Explain risk identification Design a security policy –Define.
Ch 10 - Risk Management Learning Objectives You should be able to: List and describe risk management processes, inputs, outputs, and tools List and describe.
Question Four: Project Risk Management PMBOK definition of Project Risk Project risk management is the art and science of identifying, analyzing, and responding.
Alaa Mubaied Risk Management Alaa Mubaied
Risk Management CS5493. Risk Management The process of ● identifying, ● assessing, ● prioritizing, and ● mitigating risks.
Managing Risk CHAPTER SEVEN Student Version Copyright © 2011 by The McGraw-Hill Companies, Inc. All rights reserved. McGraw-Hill/Irwin.
IT Risks and Controls Revised on Content Internal Control  What is internal control?  Objectives of internal controls  Types of internal controls.
Project Risk Management Planning Stage
1 Figure 11-3: Risk Analysis Financially Sensible Protections  Risk analysis: Balance risks and countermeasture costs Enumeration of Assets  Assets:
Project & Risk Management
SecSDLC Chapter 2.
The Importance of Proper Controls. 5 Network Controls Developing a secure network means developing mechanisms that reduce or eliminate the threats.
Recall The Team Skills 1. Analyzing the Problem (with 5 steps) 2. Understanding User and Stakeholder Needs 3. Defining the System A Use Case Primer Organizing.
Introduction and Overview of Information Security and Policy By: Hashem Alaidaros 4/10/2015 Lecture 1 IS 332.
1 Project Management C53PM Session 4 Russell Taylor Staff Work-base – 1 st Floor
Information Security Governance and Risk Chapter 2 Part 2 Pages 69 to 100.
Erman Taşkın. Information security aspects of business continuity management Objective: To counteract interruptions to business activities and to protect.
Risk. Step 1-Risk identification Analyze the project to identify the source of risk Step 2-Risk Asessment Assess risk interms of Severity of impact Likely.
Dr. Mark Gaynor, Dr. Feliciano Yu, Bryan Duepner.
Computer Security: Principles and Practice First Edition by William Stallings and Lawrie Brown Lecture slides by Lawrie Brown Chapter 16 – IT Security.
RISK MANAGEMENT: CONTROLLING RISK IN INFORMATION SECURITY By Collin Donaldson.
Risk Controls in IA Zachary Rensko COSC 481. Outline Definition Risk Control Strategies Risk Control Categories The Human Firewall Project OCTAVE.
ON “SOFTWARE ENGINEERING” SUBJECT TOPIC “RISK ANALYSIS AND MANAGEMENT” MASTER OF COMPUTER APPLICATION (5th Semester) Presented by: ANOOP GANGWAR SRMSCET,
Computer Science / Risk Management and Risk Assessment Nathan Singleton.
Dr. Gerry Firmansyah CID Business Continuity and Disaster Recovery Planning for IT (W-XIV)
Managing Project Risk – A simplified approach Presented by : Damian Leonard.
Software Project Configuration Management
Risk Management.
8 Managing Risk (Premium).
Software Engineering B.Tech Ii csE Sem-II
Recognization and management of RISK in educational projects
Risk Management - Manage them or they will manage you...
Information Security Risks; All-in-One Terminology
Internal Control Internal control is the process designed and affected by owners, management, and other personnel. It is implemented to address business.
Presentation transcript:

1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN

2 The elements of risk 1) asset is anything within an environment that should be protectedasset 2) Threat: is any potential danger to information, or systems (e.g. fire)

3 The elements of risk 3) Vulnerability: is a software, hardware, or procedural weakness that may provide an attacker the open door to enter a system. 4) Exposure: It means that, if there is a vulnerability and a threat that can exploit it, there is the possibility that a threat event can occur.

4 The elements of risk 5) Risk: is the possibility that any specific threat will exploit a specific vulnerability to cause harm to an asset. risk = threat + vulnerability. 6) safeguard : or countermeasure, is anything that removes a vulnerability or protects against one or more specific threats.  Safeguards and counter-measures are the only means by which risk is mitigated or removed.mitigated

5 Sources of risk A) Internal: * Changes in budget * change of initial requirement * disruption to day to day operation of the organization * key staff leaving * equipment failure. B) External: * Hardware/software not delivered * supplier becomes insolvent * unauthorised access into systems * disruption through power/communication

6 Parts of risk Risk event: the adverse event that results in a risk. Risk probability: the likelihood or uncertainty of a risk to occur. Risk impact: the loss or extent of damage caused by a risk.

7 Types of risk 1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk

Types of risk 1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk (1)Do we really know what the problem is? (2) Is the problem solvable?

1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk * Schedule risk; * Financial risk; * Personnel risk; * Quality risk; Types of risk

1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk * Inadequate user education or training; * Software Misuse; * Inadequate maintenance of the product. Types of risk

1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk physical risks that may threaten a particular data center as: Fire, water Types of risk

1. Technical risk 2. Managerial risk 3. Operational risk 4. Environment risk 5. Testing risk The quality control practitioner plays a key role in addressing the testing of risk Types of risk

13 Risk Management is the process of controlling risk and monitoring the effectiveness of the control mechanisms. The goal of RM: is to preserve the quality and integrity of a project by reducing cost escalation and project slippage.

14 Risk management process 1) Identifying the risk; 2) Assessing the risk's magnitude; 3) Determining the response to the risk; 4) Planning for the addressing of, and reporting on, the risk if encountered

15 Risk assessment  The cost potential of the risk's occurrence;  The probability of the risk occurring;  The risk exposure;  The cost to respond to the risk.

16 Risk response 1) Elimination; 2) Avoidance; 3) Mitigation; 4) Acceptance.

17 Risk Analysis the process of identifying, estimating, and evaluating risk.

18 Risk Analysis Benefits of RA Ease of data comprehension. Identification and prioritization of critical activities and functions Identification of areas where policies and procedures need to be enhanced and implemented Justification of cost of implementation of measures Assessment of the preparedness of an organization with respect to the risks. Assessment of the security awareness among employees

19 Risk Analysis 1) Software Risk Analysis 2) Planning Risks and Contingencies The purpose of software risk analysis: to determine what to test, the testing priority, and the depth of testing.

20 Risk Analysis Who Should Do the Analysis? The risk analysis should be done by a team of experts from various groups within the organization include developers, testers, users, customers, marketers, and other interested, willing, and able contributors. When Should It Be Done? A risk analysis should be done as early as possible in the software lifecycle. A first cut at a risk analysis can usually be done as soon as the high-level requirements are known.

21 Software Risk Analysis Process How Should It Be Done Step 1: Form a Brainstorming Team Step 2: Compile a List of Features Step 3: Determine the Likelihood Step 4: Determine the Impact Step 5: Assign Numerical Values Step 6: Compute the Risk Priority Step 7: Review/Modify the Values Step 8: Prioritize the Features Step 9: Determine the "Cut Line“ Step 10: Consider Mitigation

22 Software Risk Analysis Process How Should It Be Done Step 1: Form a Brainstorming Team Include: users (such as business analysts) developers testers marketers customer service representatives support personnel and anyone else that has knowledge of the business and/or product, and is willing and able to participate.

23 Software Risk Analysis Process How Should It Be Done Step 2: Compile a List of Features Compile an inventory of features, attributes, or business functions for the entire system. Global attributes include: Accessibility, availability, compatibility, maintainability, performance, reliability, scalability, security, and usability.

24 Software Risk Analysis Process How Should It Be Done Step 3: Determine the Likelihood Assign an indicator for the relative likelihood of failure.

25 Table 2: Likelihood of Failure for ATM Features/Attributes LikelihoodATM Software AttributesFeatures HighWithdraw cash MediumDeposit cash LowCheck account balance MediumTransfer funds HighPurchase stamps LowMake a loan payment MediumUsability LowPerformance MediumSecurity

26 Software Risk Analysis Process How Should It Be Done Step 4: Determine the Impact What would be the impact on the user if this feature or attribute failed to operate correctly?

Table 3: Impact of Failure for ATM Features/Attributes ImpactLikelihoodATM Software AttributesFeatures High Withdraw cash HighMedium Deposit cash MediumLow Check account balance Medium Transfer funds LowHigh Purchase stamps MediumLow Make a loan payment HighMediumUsability MediumLowPerformance HighMediumSecurity

28 Software Risk Analysis Process How Should It Be Done Step 5: Assign Numerical Values Brainstorming team should assign numerical values for H, M, and L for both likelihood and impact. Usually assign a value of 3 for H, 2 for M, and 1 for L.

29 Software Risk Analysis Process How Should It Be Done Step 6: Compute the Risk Priority The values assigned to the likelihood of failure and the impact of failure should be added together.

30 Table 4: Summed Priorities for ATM Features/Attributes PriorityImpactLikelihoodATM Software AttributesFeatures 6High Withdraw cash 5HighMedium Deposit cash 3MediumLow Check account balance 4Medium Transfer funds 4LowHigh Purchase stamps 3MediumLow Make a loan payment 5HighMediumUsability 3MediumLowPerformance 5HighMediumSecurity

31 Software Risk Analysis Process How Should It Be Done Step 7: Review/Modify the Values Values of the likelihood of failure for each feature may be modified based on additional information or analyses that may be available.

32 Software Risk Analysis Process How Should It Be Done Step 8: Prioritize the Features The brainstorming team should reorganize their list of features and attributes in order of risk priority.

Table 5: Sorted Priorities for ATM Features/Attributes PriorityImpactLikelihoodATM Software AttributesFeatures 6High Withdraw cash 5HighMedium Deposit cash 5HighMediumUsability 5HighMediumSecurity 4Medium Transfer funds 4LowHigh Purchase stamps 3MediumLow Make a loan payment 3MediumLow Check account balance 3MediumLowPerformance

34 Software Risk Analysis Process How Should It Be Done Step 9: Determine the "Cut Line“ To indicate the line below which features will not be tested (if any) or tested less. In order to do that, it's necessary to estimate the amount of testing that is possible with the available time and resources.

35 Table 6 "Cut Line" for ATM Features/Attributes PriorityImpactLikelihoodATM Software AttributesFeatures To Be Tested6High Withdraw cash 5HighMedium Deposit cash 5HighMediumUsability 4Medium Transfer funds 4LowHigh Purchase stamps 4HighLowSecurity Not to Be Tested (or tested less) 3MediumLow Make a loan payment 3MediumLow Check account balance 3MediumLowPerformance

36 Software Risk Analysis Process How Should It Be Done Step 10: Consider Mitigation The mitigation activities may require action by developers, users, testers, or others. Risk mitigation helps reduce the likelihood of a failure, but does not affect the impact.

Table 7: Mitigated List of Priorities for ATM Features/Attributes MitigationPriorityImpactLikelihoodATM Software AttributesFeatures Code inspection6High Withdraw cash Early prototype5HighMedium Deposit cash Early user feedback 5HighMediumUsability 5HighMediumSecurity 4Medium Transfer funds 4LowHigh Purchase stamps 3MediumLow Make a loan payment 3MediumLow Check account balance 3MediumLowPerformance

38 2) Planning Risks and Contingencies Purpose:  To determine the best contingencies in the event that one of the planning risks occurs.  This is important because the scope and nature of a project almost always change as the project progresses.  The planning risks help us to do the "What if … " and develop contingencies.

39

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2024 SlidePlayer.com. Inc. All rights reserved.