Risk Management Framework

Although most programs and organizations use risk management when developing and operating software-reliant systems, preventable failures continue to occur at an alarming rate. In many instances, the root causes of these preventable failures can be traced to weaknesses in the risk management practic...

Full description

Saved in:
Bibliographic Details
Main Authors: Alberts, Christopher J, Dorofee, Audrey J
Format: Report
Language:English
Subjects:
Administration and Management
BEST PRACTICES
Computer Programming and Software
DECISION MAKING
DEPARTMENT OF DEFENSE
INFORMATION SECURITY
LIFE CYCLE MANAGEMENT
LOSSES
METHODOLOGY
MILITARY PROCUREMENT
Operations Research
ORGANIZATIONS
PROBABILITY
PROJECT MANAGEMENT
RISK ANALYSIS
RISK MANAGEMENT
RISK MANAGEMENT FRAMEWORK
SOFTWARE ENGINEERING
UNCERTAINTY
Online Access:Request full text
Tags: Add Tag
No Tags, Be the first to tag this record!
Description
Summary:Although most programs and organizations use risk management when developing and operating software-reliant systems, preventable failures continue to occur at an alarming rate. In many instances, the root causes of these preventable failures can be traced to weaknesses in the risk management practices employed by those programs and organizations. To help improve existing risk management practices, Carnegie Mellon University Software Engineering Institute (SEI) researchers undertook a project to define what constitutes best practice for risk management. The SEI has conducted research and development in the area of risk management since the early 1990s. Past SEI research has applied risk management methods, tools, and techniques across the life cycle (including acquisition, development, and operations) and has examined various types of risk, including software development risk, system acquisition risk, operational risk, mission risk, and information security risk, among others. In this technical report, SEI researchers have codified this experience and expertise by specifying the following: (1) a Risk Management Framework that documents accepted best practice for risk management, and (2) an approach for evaluating a program's or organization's risk management practice in relation to the framework. The original document contains color images.