An Advanced Risk Management Method - 1270 Words

Abstract This essay aims to debate an advanced Risk Management method while slightly in comparison to other advanced or not-so-advanced processes to deduct the importance on an effective mitigation phase. The Risk Management method that is examined in this essay will be used to compare and to make a conclusion on the mitigation’s effectiveness with the help of a detailed assessment phase. -- Introduction Terminologically, risk is known to be the possibility of an action having complications while it is being processed or afterwards. While some risks only contain a negligible outcome, in software industry, it is widely accepted that some risks can hold a devastating impact. Chowdhury and Arafeen (2011:49) assert that the risks that are†¦show more content†¦To briefly address the phases during Stoneburner, Goguen and Feringa’s Risk Management model; Risk Assessment System Characterization – This step is to provide the information on the system’s boundaries, resources and system constitutions. These attributes help setting an extent for the efforts throughout the assessment phase. Threat Identification – Identification of the threat consists of appointing the threat sources whether being exposed to internally or accidentally (e.g. a hacker being an external source while an employee with insufficient training being an internal threat source), and is crucial for identifying the likelihood of the threat. While another construct called ‘Risk Management Paradigm’ also shares the same mentality on identifying the threats before the management process, the methodology ‘Risk Taxonomy’ figures the identification process is carried out in an on-going manner, with the help of consistent questionnaires during the development phase. Hence resulting in risks being identified commonly by program members. (CMU-SEI, 1996) Vulnerability Identification – Gathering the system weaknesses that can be easily manipulated or exploited by the threat sources identified on threat identification step, provides with solid selection of responses. (A clear example from Stoneburner et al clarifies the step as follows: †¢ Vulnerability: Active system