• Journal of Information Technology Applications and Management
• /
• 제11권4호
• /
• pp.103-120
• /
• 2004

Identifying validated risk factors in software risk management is imperative for project managers. Although validated risk lists were provided by previous researchers, risk list associated with software project performance areas was not provided as yet. This paper represents a first step toward understanding risk lists by various project performance areas (time, cost, and quality) to help project managers alleviating the possibility of software project failure. Four simultaneous exploratory surveys were conducted with 29 experienced software project managers. Three different risk factor ranking sets for each project performance area were compared with, the risk ranking, which was provided without clarifying specific project performance areas. The risk lists and their corresponding perceived importance were different from previous research results. This implies that identifying risk factors for specific project performance areas can provide additional information for project managers. We concluded by discussing implications of our finds for both research and improving risk management practice.

• Journal of Information Technology Applications and Management
• /
• 제11권2호
• /
• pp.15-27
• /
• 2004

Most software projects inevitably involve various types and degrees of uncertainty. Without proper risk assessment and coordination, software projects can easily run out of control and consume significant additional resource. Thus, risk management techniques are critical issues to information system researchers. Previous empirical studies of U.S. software firms support the adoption of development standardization and user requirement analysis techniques in risk-based software project management. Using data collected from software projects developed in Korea during 1999-2000, we conduct a comparative study to determine how risk management strategies impact software product and process performance in countries with dissimilar IT capabilities. In addition, we offer an alternative conceptualization of residual performance risk. We show that the use of residual performance risk as an intervening variable is inappropriate in IT developing countries like Korea where the role of late stage risk control remedies are critical. A revised model is proposed that generates more reliable empirical implications for Korean software projects.

• 한국IT서비스학회지
• /
• 제14권3호
• /
• pp.67-84
• /
• 2015

Software is more diverse and complex and the level of importance for the maintenance of application software to securely operate software is also gradually increasing in proportion. The calculation method for maintenance cost of application software applied in Korea public enterprises is involved in the range of 10 to 15% of development cost, depending on the Software Project Cost Estimation Guide. Moreover, as most software maintenance cost estimation procedures do not take into consideration of the risk factors related of maintenance, it can be seen as a main cause for the occurrence of maintenance related accidents. This study proposes a maintenance cost estimate model that takes into consideration of the risks related to the software maintenance activities to improve and resolve issues arising from the estimation of maintenance cost. In doing so, maintenance risk factors are analyzed and a risk index is derived through the analysis of risk levels based on the risk factors. Based on such analysis, a maintenance cost estimate method which reflects the maintenance risk index was established.

• Journal of Construction Engineering and Project Management
• /
• 제1권2호
• /
• pp.28-36
• /
• 2011

Risk management is popularly and widely used in various industries to handle uncertainty that can negatively affect their businesses. While in the current Information-Technology oriented age, software packages are designed to assist in carrying out risk management processes, the construction industry does not seem to have software that is tuned to its specific characteristics and processes. Therefore, this study first explores the types of software that are commonly used for risk management in the Singapore construction industry. Also, using one-sample t-test, it is tested if the software programs used in the construction industry have effectively catered the needs of the users. For the analysis, a survey questionnaire was developed and the representatives from 34 companies participated in the survey. Furthermore, this study also makes use of the current risk management framework defined in ISO31000 to design a risk management software algorithm that can suit the needs for the Singapore construction industry. The results from this study will contribute to identifying strategic areas, in terms of use of risk management software, on which the industry needs to focus, ultimately enhancing their performance of risk management.

• 디지털산업정보학회논문지
• /
• 제5권2호
• /
• pp.133-140
• /
• 2009

In the paper, we proposed the systematical and quantitative software risk management methodology based on risk analysis model. A software risk management consists of the basic risk management method(BRIMM) and the detailed risk management method(DRIMM). BRIMM is applied to unimportant phases or the phase which also the risk factor does not heavily influence to project. DRIMM is used from the phase which influences highly in project success or the phase where the risk factor is many. Fulfilling risk management combined two methods, we can reduce project's budget, term and resource's usage, and prevent risk with the optimum measures obtained by the exact risk analysis.

• 한국정보시스템학회지:정보시스템연구
• /
• 제16권4호
• /
• pp.243-268
• /
• 2007

It is critical to manage risks to complete IS(Information Systems) projects successfully. Identifying risk factors would be the first step for the project risk management. Previous research has discussed the issue with various points of view, such as different risk factors based on project types and roles involved in their projects. This paper empirically explored how people perceive different risk factors by project development methodology, between self-developing IS using programming language like C, Visual Basic and adapting software package already developed by software venders like ERP, CRM packages. There are researches regarding project risk factors for project management in the several point of views. And there are also researches regarding comparison between self-developing and adapting software packages methodology in IS project. However, there are no study on project risk factors comparison between self-developing IS using programming language and adapting software packages already developed by software venders in IS project. This research can be differentiated from previous ones, because it was considered both point of project risk management and development methodology in IS project. This research results implied meaningful messages to enterprise company to be planned IS projects and people who involved in IS projects. They should consider and need to prepare differently according to each development methodology for preventing project risks. It makes them reduce project risks in each case and complete successfully IS projects. Especially, if they have no experiences for implementing software packages, they can forecast the project risks and prepare them in advance.

• Asia pacific journal of information systems
• /
• 제16권3호
• /
• pp.143-158
• /
• 2006

Identifying risk factors in software risk management is imperative for project managers. The purpose of this paper is to provide software project risk factors validated by statistical analysis, and thus to help project managers alleviating the possibility of software project failure. Factor analysis with data collected from 264 Korean project managers and consultants identified 12 categories and 46 risk factors. T-test results showed that project managers and participants had statistically different perception on 3 risk factors among those 46 risk factors. We concluded by discussing implications of our findings and future research directions.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2012년도 추계학술대회
• /
• pp.495-497
• /
• 2012

의료기기 소프트웨어 테스트 위험관리 적용 방안에 대해 연구하였다. 먼저 설문조사를 통해 의료기기 제조업체의 소프트웨어 밸리데이션 및 위험관리 현황을 분석하고 두 번째로 블랙박스 테스트와 화이트 박스 테스트를 비교하여 차이점을 분석하였다. 세 번째로 소프트웨어 분석 도구를 활용한 코드 분석 후 잠재적인 위해요인을 도출하고 이를 정량화 하였으며, 마지막으로 도출된 위해요인을 FMEA 기법을 이용하여 의료기기 위험관리 프로세스에 적용할 수 있도록 프레임워크를 구축하였다. 이를 통해 의료기기 품질관리(GMP) 업무 중 소프트웨어 밸리데이션 및 위험관리 프로세스를 구축하기 어려운 제조업체를 위한 업무 지원에 활용하고자 한다.

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• 제8권6호
• /
• pp.2118-2138
• /
• 2014

Risks are involved in all phases of the software life cycle, and due to these risks, software can face various problems that can cause different negative outcomes and sometimes, in extreme cases, the failure of the software. Most of these risks lie in the legacy software migration process. These risks can create many problems, and in the worst case they can lead to the failure of the migration project. This paper explores different types of risk analysis methods such as CRAMM, CORAS, OCTAVE and VECTOR. After comparing these methods, the two suitable methods were chosen, namely, OCTAVE and VECTOR. Based on the use of these two methods, the project suggests an enhanced EOV method for risk analysis in the migration of legacy software.

• Journal of Multimedia Information System
• /
• 제8권4호
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.