Software Project Management

Software Project Management

Introduction

Risk management is the process that allows business managers to balance operational and economic costs of protective measures and achieve gains in mission capability by protecting business processes that support the business objectives or mission of the enterprise. Senior management must ensure that the enterprise has the capabilities needed to accomplish its mission. Most organizations have tight budgets for security. To get the best bang for the security buck, management needs a process to determine spending.

A risk analysis should be conducted whenever money or resources are to be spent. Before starting a task, project, or development cycle, an enterprise should conduct an analysis of the need for the project. Understanding the concepts of risk analysis and applying them to the business needs of the enterprise will ensure that only necessary spending is done.

Most risk analysis projects fail because the internal experts and subject matter experts are not included in the process. A process such as the Facilitated Risk Analysis Process (FRAP) takes advantage of the internal experts. No one knows your systems and applications better than the people that develop and run them.

It should be completed in days, not weeks or months. To meet the needs of an enterprise, the risk analysis process must be able to complete it quickly with a minimum of impact on the employees' already busy schedules.

Risk analysis can be used to review any task, project, or idea. By learning the basic concepts of risk analysis, the organization can then use it to determine if a project should be undertaken, if a specific product should be purchased, if a new control should be implemented, or if the enterprise is at risk from some threat.

The greatest benefit of a risk analysis is whether it is prudent to proceed. It allows management to examine all currently identified concerns, prioritize the level of vulnerability, and then to select an appropriate level of control or to accept the risk. The goal of risk analysis is not to eliminate all risk. It is a tool to be used by management to reduce risk to an acceptable level.

A risk analysis is rarely conducted without a senior management sponsor. The results are geared to provide management with the information they need to make informed business decisions. The results of a risk analysis are normally classified as confidential and are provided only to the sponsor and to those deemed appropriate by the sponsor.

How Is the Success of the Risk Analysis Measured?

The tangible way to measure success is to see a lower bottom line for cost. Risk analysis can assist in this process by identifying only those controls that need to be implemented. Another way that the success of a risk analysis is measured is if there is a time when management decisions are called into review. By having a formal process in place that demonstrates the due diligence of management in the decision-making process, this kind of inquiring will be dealt with quickly and successfully.

System Development Lifecycle

The typical SDLC has five ...