• A
  • A
  • A
  • АБB
  • АБB
  • АБB
  • А
  • А
  • А
  • А
  • А
Обычная версия сайта
Магистратура 2020/2021

Управление программными рисками

Статус: Курс обязательный (Системная и программная инженерия)
Направление: 09.04.04. Программная инженерия
Когда читается: 2-й курс, 1, 2 модуль
Формат изучения: без онлайн-курса
Преподаватели: Песоцкая Елена Юрьевна
Прогр. обучения: Системная и программная инженерия
Язык: английский
Кредиты: 6
Контактные часы: 40

Course Syllabus

Abstract

The training course ‘Software Risk management’ is concerned with theories, methods and tools for professional risk management during software development process. It is based on the training and research materials of Software Engineering Institute (SEI), Guide to Software Engineering by IEEE (SWEBOK), PMBOK study by Project Management Institute (PMI), Microsoft Solution Framework (MSF) - Risk Management discipline for operations, which contains important background information for risk management usage in IT operations and process environment. Modern risk management concerns all aspects of software development: quality, team members, requirements and specification, contractors and 3rd parties, cost, resources. To be effective, team members need to understand the activities performed at each stage in the development cycle and apply appropriate risk management activities. In this course, students analyze, design, implement risk management tools and techniques that meet the software development objective through a simulated case study. They gain hands-on experience performing each role within the risk management process using all the core concepts and skills necessary to engineer and maintain a successful program with limited and predictable risks. Software development and technology projects continue to challenge IT – many projects are unsuccessful or squander precisions resources through poor quality results as a consequence of lack of risk management procedures. The course knowledge is applicable in nearly all software development and IT organizations and examples illustrate situations familiar to e-businesses, service providers, dot com and information technology companies. Initially the course is aimed at students taking undergraduate and graduate courses and at software engineers in commerce and industry. It may be used in general software engineering courses or in courses such as advanced programming, software specification, and software design or management. Also the course is based on the “Analysis and mitigation of risks in complex software programs” book and materials developed by Professor V.V. Lipaev and implemented into SU-HSE being a part of an innovative educational program. The course is compliant with ISO standards and CMM/CMMI standards for industrial software development. The training materials follow the Software Engineering Education Knowledge (SEEK) knowledge insights, described in Software Engineering paper book. The training structure meets the requirements of Russian and international standards of software development and the global professional standard ‘Guide to the Software Engineering Body of Knowledge (SWEBOK) ISO/IEC TR 19759 IEEE’. The course is aimed at studying the major current approaches to risk management in software engineering processes: identification, analysis and assessment, response planning, monitoring and control. It describes the methods, platforms, technologies and tools, which are applied for all stages of life cycle and covers software risk management at each stage.
Learning Objectives

Learning Objectives

  • The main objective of the training course is to examine and discuss with students fundamentals and principles of Risk Management (RM) during software development projects, get familiar with common methods and standards of RM, development and evolution of complex risk assessment and evaluation techniques, analyze trends in available risk management software based on its functionality.
Expected Learning Outcomes

Expected Learning Outcomes

  • Become familiar with the fundamentals of Risk Management in IT area, IT specifics and modern trends
  • Get acquainted with basic terminology and glossary
  • To be able to discuss the key challenges of IT area
  • Understand the necessity of using standards and gaps
  • Distinguish international and local standards in IT area and Risk Management
  • Become familiar with the key standards
  • Be able to analyze key problem areas for IT projects
  • Understand how to avoid problem areas and change focus to strengths
  • Learn different perspectives of IT project stakeholders and their viewpoints on success
  • Know the global IT project failure statistics, its methodology and root causes
  • Understand the necessitmy of using standards and gaps
  • Become familiar with some key standards
  • Understand the necessity of using classifications and basic principles based on risk causes and risk factors
  • Get familiar with Risk Taxonomy approach
  • Learn Risk Breakdown Structure principles – a graphical view of classification
  • To be able to identify risks for the given situation with different methods
  • To know how to structure identified risks in a risk register form
  • To distinguish various risk factors
  • To know how to define risk probability and risk impact
  • To be able to calculate risk exposure and rank risks according to their priorities.
  • To create Risk Severity Matrix
  • To perform quantitative risk analysis by using Decision Tree technique and calculating Estimated Monetary Value (EMV).
  • To know the basis of risk sensitivity analysis
  • To know the basis of risk scenario analysis
  • To be familiar with Monte Carlo Modeling principles
  • To get familiar with different response actions
  • To be able to choose the appropriate action
  • To define preventive and corrective actions
  • Understand the key outsourcing areat in IT projects and key risks in each area
  • To be able to apply management actions to main outsourcing risks
  • To understand the specifics of information security, key IT threats and vulnerabilities
  • To become familiar with main methodologies and key principles in Information Security
  • To distinguish key IT project stakeholders and their interests
  • To know the roles and responsibilities of Risk Manager and Risk owner/Risk Responsible
  • To be able to create risk reporting documentation with accordance to team needs - fulfill the risk report for the most priority risk
  • To understand the purpose and goals of IT audit
  • To know the process of IT audit, main steps and results in each stage
  • To get an overview of available CASE tools and applications for risk management
  • To know the key functional requirements to the software tool in Risk Management
Course Contents

Course Contents

  • Risk management fundamentals. Specifics of IT industry and projects
    Vocabulary, Why do we manage risks nowadays? Characteristics of Risk, Definition of RISK. Positive risks and negative risks, IT project specifics. Software projects risk failure, Lifecycle Planning and risk management.
  • Overview of the main standards and methodologies on RM: MSF, RUP, XP, PMBoK
    The need of methodology. Risk management as an integrated element of modern management. Problems with applying methodology benchmarking and best practices. CMMI Maturity Levels and Risk Management in the CMMI. Risk Management Principles
  • Key success factors and problem areas in IT
    The Triple Constraint framework. Risks associated with changes. Change management – guidance to avoid risks. What is the reason for IT project ? Difference between Buyer and end users. TOP-10 Implementation Failures. Information Technology Success Potential Scoring Sheet
  • Key risk factors: quality improvement and requirements tracking
    The quality in Software Engineering. Measures of Information System Input & Output. Total Quality Management key principles. Key CMMI principles. 6 SIGMA for eliminating defects (statistic measurement of quality). Quality management by the leading software developers. Tecniques for Defining Stable Requirements.
  • Risk Taxonomy/ classification. Risk factors
    Classification approach. SEI Risk Taxonomy and classification of software risks. Classification by core knowledge areas and by quality metrics. Sample Risk Breakdown Structure. Risk dependency, risk factors / sources of risks. Sources of software risk (systems context). The questions to identify potential risk. Cause-effect risk structure. Risk statement, risk owners, examples of Risks for software development.
  • Risk management process: Identification
    Introduction to the main risk processes stages. Stage 1: Risk management planning and topics addressed in a risk management plan. Risk Tolerance / Appetite. Contingency and Fallback Plans, Reserves. Stage 2: Risk Identification guidance. Tools and techniques for risk identification. Definition of risk attributes or characteristics.
  • Qualitative assessment
    Stage 3: Risk Qualitative assessment. Assessing the impact and likelihood of identified risks. Analyzing numerically the probability of each risk and its consequence on project objectives. Risk impact matrix: probability and impact. Calculating Risk Exposure. Problems of Measuring Risk.
  • Qualitative/mathematical assessment and modeling
    Application of methods for numerical analysis of cost and probability for the identified risks using special tools and software. When to perform quantitative assessment: drawbacks of quantitative assessment. Tools and methods of quantitative analysis. Scenario analysis, sensitivity analysis/tornado chart, Monte-Carlo simulation, Decision Tree framework.
  • Risk management process: risk response and control
    Stage 4: Risk response planning – how to translate the prioritized risk list into action plans with detailed definition of response strategy. Risk response plan structure. Contingency Planning Now or Emergency Relief Later. Risk response actions and Risk response strategy definition. General Risk Mitigation Strategies for Technical, Cost, and Schedule Risks (examples).
  • Risks in IT outsourcing
    What is IT outsourcing. IT outsourcing: statistics. Levels of IT outsourcing. Outsourcing trends and reasons of IT outsourcing. Global survey on Outsourcing drivers by Isaca. Key ingredients for successful IT outsourcing. Steps to help ensure successful execution of IT outsourcing. IT outsourcing agreements checklist.
  • Risks and information security
    Information security role in protecting the assets of an organization. ISO standards: information security. COBIT and information security. Main security characteristics: Confidentiality, integrity, availability. Key assets of information security, threats classification. Identification & Authentication controls. Information security risk management steps.
  • Organization of risk management. Team management
    IT and human factor, the specifics of IT project staffing. Organizational System: roles, norms, organizational culture. Recent trends affecting it people management. Human factors that will cause problems in implementation. How to prevent HR risks and project failure. Proper project team organization is one of the key constraints to project success. Risk manager role, other interested parties.
  • IT Risk management Audit
    Audit of information system: how to determine whether the IT system is maintaining data integrity and operating efficiently in order to meet the organization's goals. Classification of IT Audit. Scope of IT audit and objectives/ why we need IT audit? Audit process and explanation. Example of audit questionnaire to identify and avoid IT risks.
  • Software Tools in risk management
    System Selection Criteria, software development options. What to choose: packaged or custom IT solution? Localization of the information system. How to select a packaged software product. Request for Information Contents. Definition of requirements to software product. Risk management software vendors (leaders) and classification. Software risk management tools.
  • Preparation for final exam – course review and Q&A session
Assessment Elements

Assessment Elements

  • non-blocking Home assignment 1 (HA1)
    First module control point which controls the execution of the case-study given during 1st module.
  • non-blocking Home assignment 2 (HA2)
    Home assignment (HA) based on 12 home tasks (in accordance to lecture material)
  • non-blocking Final Exam (E)
    Concluding check: final exam (E) at the end of 2nd module (the last module of the course).
Interim Assessment

Interim Assessment

  • Interim assessment (2 module)
    0.6 * Final Exam (E) + 0.2 * Home assignment 1 (HA1) + 0.2 * Home assignment 2 (HA2)
Bibliography

Bibliography

Recommended Core Bibliography

  • Информатизация бизнеса. Управление рисками : учебник для вузов, Авдошин, С. М., 2011

Recommended Additional Bibliography

  • Tayntor, C. B. (2007). Six Sigma Software Development (Vol. Second edition). Boca Raton: Auerbach Publications. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsebk&AN=934768
  • Zykov, S. V. (2016). Crisis Management for Software Development and Knowledge Transfer. Switzerland: Springer. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=nlebk&AN=1261466
  • Методические основы управления ИТ - проектами : учебник для вузов, Грекул, В. И., 2011
  • Организация и технологии защиты информации : обнаружение и предотвращение информационных атак в автоматизированных системах предприятий: учеб. пособие, Сердюк, В. А., 2011