• Asia pacific journal of information systems
• /
• v.13 no.2
• /
• pp.199-217
• /
• 2003

Based on the IS literature on software project risk management, we developed an integrated model to investigate the risk factors and risk management factors in project development. We also analyzed the interrelation between project risk and project risk management. The questionaries are collected from 83 project leaders. We tested reliability and validity of the measure and analyzed the obtained data. The results support our risk-based hypothesis that shows the importance of risk management in reducing project risks and improving performance of project and process.

• The Journal of Information Systems
• /
• v.13 no.1
• /
• pp.1-20
• /
• 2004

Most of the software development projects bear risks that need analysis and management. Risk management plays a critical role for the success of software project management. In this study, we have used delphi method to delineate critical risk factors. The study pulls out 20 project risk factors from 21 project managers. It is certainly clear that certain features are more risky than others. Our study shows that unrealistic cost estimation and changes in scope and objective are more risky than other features.

• KIPS Transactions on Software and Data Engineering
• /
• v.6 no.12
• /
• pp.543-548
• /
• 2017

In recent years, the importance of the safety of medical device software has been emphasized because of the function and role of the software among components of the medical device, and because the operation of the medical device software is directly related to the life and safety of the user. To this end, various standards have been set up that provide activities that can effectively ensure the safety of medical devices and provide their respective requirements. The activities that standards provide to ensure the safety of medical device software are largely divided into the development life cycle of medical device software and the risk management process. These two activities should be concurrent with the development process, but there is a limitation that the risk management requirements to be performed at each stage of the medical device software development life cycle are not classified. As a result, developers must analyze the association of standards directly to develop risk management activities during the development of medical devices. Therefore, in this paper, we analyze the relationship between medical device software development life cycle and risk management process, and extract risk management requirement items. It enables efficient and systematic risk management during the development of medical device software by mapping the extracted risk management requirement items to the development life cycle based on the analyzed associations.

• Journal of Biomedical Engineering Research
• /
• v.44 no.2
• /
• pp.99-108
• /
• 2023

According to the COVID-19, development of various medical software based on IoT(Internet of Things) was accelerated. Especially, interest in a central software system that can remotely monitor and control ventilators is increasing to solve problems related to the continuous increase in severe COVID-19 patients. Since medical device software is closely related to human life, this study aims to develop central monitoring system that can remotely monitor and control multiple ventilators in compliance with medical device software development standards and to verify performance of system. In addition, to ensure the safety and reliability of this central monitoring system, this study also specifies risk management requirements that can identify hazardous situations and evaluate potential hazards and confirms the implementation of cybersecurity to protect against potential cyber threats, which can have serious consequences for patient safety. As a result, we obtained medical device software manufacturing certificates from MFDS(Ministry of Food and Drug Safety) through technical documents about performance verification, risk management and cybersecurity application.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2016.10a
• /
• pp.347-350
• /
• 2016

Analysis of vulnerability of the software for risk. The weakness of the software material, the importance of strengthening security in accordance with financial damage occurred is emerging. There is a potential risk factor not only from the case, the manufacturing to use the software company that appropriate to use a software business and personal risk of loss to size.In this paper due to diagnose and vulnerabilities in software, diagnosis, the curriculum and to cultivate a diagnostic guide, and security vulnerabilities in software.Proposal system for increased.

• Journal of the Korea Academia-Industrial cooperation Society
• /
• v.15 no.8
• /
• pp.5227-5232
• /
• 2014

Better quality software can be made by eliminating the software product risk in the early stages. To achieve this task, a risk analysis system that can effectively track and manage risks that have severe effects on software quality is needed. The existing risk analysis systems have some weaknesses as they are applied to organizations. The major problems of those systems are that they require organizations to collect as much risk data at a time without providing a proper explanation and even without the support of a risk management process. This paper resolves those problems by developing a risk analysis system that offers methods of managing risks. In addition, the system provides the guidelines of which risks should be gathered for each step. The system also has functions to generate a range of strategy and analysis information on risks.

• Nuclear Engineering and Technology
• /
• v.41 no.6
• /
• pp.849-858
• /
• 2009

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

• Journal of Multimedia Information System
• /
• v.4 no.2
• /
• pp.57-64
• /
• 2017

Numerous software vulnerabilities have been found in the popular operating systems. And recently, robust linear behaviors in software vulnerability discovery process have been noticeably observed among the many popular systems having multi-versions released. Software users need to estimate how much their software systems are risk enough so that they need to take an action before it is too late. Security vulnerabilities are discovered throughout the life of a software system by both the developers, and normal end-users. So far there have been several vulnerability discovery models are proposed to describe the vulnerability discovery pattern for determining readiness for patch release, optimal resource allocations or evaluating the risk of vulnerability exploitation. Here, we apply a linear vulnerability discovery model into Windows operating systems to see the linear discovery trends currently observed often. The applicability of the observation form the paper show that linear discovery model fits very well with aggregate version rather than each version.

• International Journal of Computer Science & Network Security
• /
• v.21 no.12spc
• /
• pp.586-596
• /
• 2021

Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level. The risks can be divided into three categories, including (i) development risks, (ii) organisations risks, and (iii) people-oriented risks. This paper deals with Development risks specifically. Several risks related to development are faced by people working in the industry while dealing with agile development. Their management among the industry is a big issue, so this paper emphasises ARMF based on development-related risks by following agile development. This research work will help software organisations to prevent different project-related risks during agile development. The risks are elicited at two-level, (i) literature-based and (ii) IT industry based. A systematic literature review was performed for eliciting the agile risks from the literature. Detailed case studies and survey research methods were applied for eliciting risks from IT industry. Finally, we merged the agile development risks from literature with standard industrial risks. Hence, we established an agile risk mitigation framework ARMF based on agile development and present a groundwork established in light of empirical examination for extending it in future research.

• Journal of Korea Society of Industrial Information Systems
• /
• v.14 no.5
• /
• pp.83-89
• /
• 2009

Management of risks is critical issue in the project management and it is important to ensure that risk management is done in a sensible way. Risk analysis is an activity geared towards risk mitigation in risk management technique. Many techniques to manage, analyze and reduce risks have been done previously but only few have addressed the design analysis to reduce risk and none have attempted to analyze architecture to manage risks. In this paper we try to find a solution through various analyzing various software architectural design concepts. We follow Pressman's method of analyzing architecture design, and then alter it to identify risks which are used in risk analysis process further in risk management process. The risks assessed are analyzed later in the risk management cycle.