• Asia pacific journal of information systems
• /
• 제13권2호
• /
• pp.199-217
• /
• 2003

Based on the IS literature on software project risk management, we developed an integrated model to investigate the risk factors and risk management factors in project development. We also analyzed the interrelation between project risk and project risk management. The questionaries are collected from 83 project leaders. We tested reliability and validity of the measure and analyzed the obtained data. The results support our risk-based hypothesis that shows the importance of risk management in reducing project risks and improving performance of project and process.

• 한국정보시스템학회지:정보시스템연구
• /
• 제13권1호
• /
• pp.1-20
• /
• 2004

Most of the software development projects bear risks that need analysis and management. Risk management plays a critical role for the success of software project management. In this study, we have used delphi method to delineate critical risk factors. The study pulls out 20 project risk factors from 21 project managers. It is certainly clear that certain features are more risky than others. Our study shows that unrealistic cost estimation and changes in scope and objective are more risky than other features.

• 정보처리학회논문지:소프트웨어 및 데이터공학
• /
• 제6권12호
• /
• pp.543-548
• /
• 2017

최근에는 의료기기의 구성 요소 중 소프트웨어의 기능과 역할이 커지고, 의료기기 소프트웨어의 작동이 사용자의 생명과 안전에 직결되는 특성으로 인해 의료기기 소프트웨어의 안전성 보장에 대한 중요함은 더욱 강조되고 있다. 이를 위해 의료기기의 안전성을 효과적으로 보장할 수 있는 활동과 각각의 요구사항들을 제시하고 있는 여러 표준이 제정되었다. 표준들이 의료기기 소프트웨어의 안전성을 보장하기 위해 제시하는 활동으로는 크게 의료기기 소프트웨어의 개발생명주기와 위험관리 프로세스로 나뉜다. 이 두 활동은 개발 과정 중 동시에 진행되어야 하지만, 의료기기 소프트웨어 개발생명주기의 각 단계에서 수행되어야하는 위험관리 요구사항들은 분류되어있지 않다는 한계점이 있다. 이로 인해 개발자들은 의료기기 개발 중에 직접 표준들의 연관성을 분석하여 위험관리 활동을 수행해야한다. 따라서 본 논문에서는 의료기기 소프트웨어 개발생명주기와 위험관리 프로세스의 연관성을 분석하고, 위험관리 요구사항 항목들을 추출한다. 그리고 분석한 연관성을 토대로 추출된 위험관리 요구사항 항목을 개발생명주기에 대응시킴으로서, 의료기기 소프트웨어의 개발 중 효과적이고 체계적인 위험관리를 가능하게 한다.

• 대한의용생체공학회:의공학회지
• /
• 제44권2호
• /
• pp.99-108
• /
• 2023

According to the COVID-19, development of various medical software based on IoT(Internet of Things) was accelerated. Especially, interest in a central software system that can remotely monitor and control ventilators is increasing to solve problems related to the continuous increase in severe COVID-19 patients. Since medical device software is closely related to human life, this study aims to develop central monitoring system that can remotely monitor and control multiple ventilators in compliance with medical device software development standards and to verify performance of system. In addition, to ensure the safety and reliability of this central monitoring system, this study also specifies risk management requirements that can identify hazardous situations and evaluate potential hazards and confirms the implementation of cybersecurity to protect against potential cyber threats, which can have serious consequences for patient safety. As a result, we obtained medical device software manufacturing certificates from MFDS(Ministry of Food and Drug Safety) through technical documents about performance verification, risk management and cybersecurity application.

• 한국정보통신학회:학술대회논문집
• /
• 한국정보통신학회 2016년도 추계학술대회
• /
• pp.347-350
• /
• 2016

소프트웨어의 취약점분석에 대한 위험이 발생하고 있다. 소프트웨어의 취약점을 통해 물질적, 금전적인 피해가 발생함에 따라 보안강화의 중요성이 대두되고 있다. 위험잠재요소가 있는 소프트웨어를 사용하는 경우 제조한 기업뿐만이 아닌 해당 소프트웨어를 사용하는 기업 및 개인까지 손실의 위험이 크기 때문에 본 논문에서는 소프트웨어의 취약점을 진단하고, 진단원을 양성하는 교육과정과 진단가이드를 제시하며, 소프트웨어의 취약점 보안성 강화방식을 제안하고자 한다.

• 한국산학기술학회논문지
• /
• 제15권8호
• /
• pp.5227-5232
• /
• 2014

소프트웨어 제품 위험을 초기단계에서 제거함으로써 품질이 높은 소프트웨어를 개발 할 수 있다. 이를 위해 위험을 효과적으로 분석하고 관리하는 위험 분석 시스템의 도입이 필요하다. 제품 위험 분석 및 도구의 관심이 확대 되고 있으나 기존의 위험 관련 도구는 위험 추적 수준으로 개발되었으며 분석 및 전략 수립은 지원하지 않아 조직에서 제품 위험 관리에 많은 어려움을 격고 있다. 이에 본 논문에서는 조직에서 소프트웨어 개발과정에서 야기 될 수 있는 제품 위험의 문제점을 초기단계에서 해결하고 축적된 품질 위험 데이터를 통하여 정형화할 수 있는 소프트웨어 위험 분석 시스템을 제안하였다. 또한 어떤 제품 위험을 분석하고 관리해야 하는지에 대한 가이드라인을 제공하고자 한다. 위험 분석 협의과정을 통하여 도출된 위험 아이템에 대하여 위험 분석정보와 전략 등을 제공하는 위험 분석 시스템을 구현하고 활용방안을 제시하였다.

• Nuclear Engineering and Technology
• /
• 제41권6호
• /
• pp.849-858
• /
• 2009

Risk caused by safety-critical instrumentation and control (I&C) systems considerably affects overall plant risk. As digitalization of safety-critical systems in nuclear power plants progresses, a risk model of a digitalized safety system is required and must be included in a plant safety model in order to assess this risk effect on the plant. Unique features of a digital system cause some challenges in risk modeling. This article aims at providing an overview of the issues related to the development of a static fault-tree-based risk model. We categorize the complicated issues of digital system probabilistic risk assessment (PRA) into four groups based on their characteristics: hardware module issues, software issues, system issues, and safety function issues. Quantification of the effect of these issues dominates the quality of a developed risk model. Recent research activities for addressing various issues, such as the modeling framework of a software-based system, the software failure probability and the fault coverage of a self monitoring mechanism, are discussed. Although these issues are interrelated and affect each other, the categorized and systematic approach suggested here will provide a proper insight for analyzing risk from a digital system.

• Journal of Multimedia Information System
• /
• 제4권2호
• /
• pp.57-64
• /
• 2017

Numerous software vulnerabilities have been found in the popular operating systems. And recently, robust linear behaviors in software vulnerability discovery process have been noticeably observed among the many popular systems having multi-versions released. Software users need to estimate how much their software systems are risk enough so that they need to take an action before it is too late. Security vulnerabilities are discovered throughout the life of a software system by both the developers, and normal end-users. So far there have been several vulnerability discovery models are proposed to describe the vulnerability discovery pattern for determining readiness for patch release, optimal resource allocations or evaluating the risk of vulnerability exploitation. Here, we apply a linear vulnerability discovery model into Windows operating systems to see the linear discovery trends currently observed often. The applicability of the observation form the paper show that linear discovery model fits very well with aggregate version rather than each version.

• International Journal of Computer Science & Network Security
• /
• 제21권12spc호
• /
• pp.586-596
• /
• 2021

Software organisations follow different methodologies for the development of software. The software development methodologies are mainly divided into two categories, including plan-driven and agile development. To attain project success, it is very significant to consider risk management during whole project. Agile development is considered risk-driven, but many risks are unreported at the industrial level. The risks can be divided into three categories, including (i) development risks, (ii) organisations risks, and (iii) people-oriented risks. This paper deals with Development risks specifically. Several risks related to development are faced by people working in the industry while dealing with agile development. Their management among the industry is a big issue, so this paper emphasises ARMF based on development-related risks by following agile development. This research work will help software organisations to prevent different project-related risks during agile development. The risks are elicited at two-level, (i) literature-based and (ii) IT industry based. A systematic literature review was performed for eliciting the agile risks from the literature. Detailed case studies and survey research methods were applied for eliciting risks from IT industry. Finally, we merged the agile development risks from literature with standard industrial risks. Hence, we established an agile risk mitigation framework ARMF based on agile development and present a groundwork established in light of empirical examination for extending it in future research.

• 한국산업정보학회논문지
• /
• 제14권5호
• /
• pp.83-89
• /
• 2009

Management of risks is critical issue in the project management and it is important to ensure that risk management is done in a sensible way. Risk analysis is an activity geared towards risk mitigation in risk management technique. Many techniques to manage, analyze and reduce risks have been done previously but only few have addressed the design analysis to reduce risk and none have attempted to analyze architecture to manage risks. In this paper we try to find a solution through various analyzing various software architectural design concepts. We follow Pressman's method of analyzing architecture design, and then alter it to identify risks which are used in risk analysis process further in risk management process. The risks assessed are analyzed later in the risk management cycle.