1 by the name of the god risk management dr. lo ’ ai tawalbeh done by: amna ismail rashan
TRANSCRIPT
![Page 1: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/1.jpg)
1
By the name of the godBy the name of the god
Risk management
Dr. Lo’ai TawalbehDr. Lo’ai Tawalbeh
DONE BY:AMNA ISMAIL RASHAN
![Page 2: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/2.jpg)
2
The elements of risk
1 )asset is anything within an environment that should be protected
2 )Threat: is any potential danger to information, or systems (e.g. fire)
![Page 3: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/3.jpg)
3
The elements of risk
3 )Vulnerability: is a software, hardware, or procedural weakness that may provide an attacker the open
door to enter a system .
4 )Exposure: It means that, if there is a vulnerability and a threat that can exploit it, there is the possibility that a threat event can occur.
![Page 4: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/4.jpg)
4
The elements of risk
5 )Risk: is the possibility that any specific threat will exploit a specific vulnerability to cause harm to an asset .risk = threat + vulnerability.
6 )safeguard: or countermeasure, is anything that removes a vulnerability or protects against one or more specific threats .
Safeguards and counter-measures are the only means by which risk is mitigated or removed.
![Page 5: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/5.jpg)
5
Sources of riskA) Internal:
*Changes in budget
*change of initial requirement
*disruption to day to day operation of the organization
*key staff leaving
*equipment failure.
B) External:
*Hardware/software not delivered
*supplier becomes insolvent
*unauthorised access into systems
*disruption through power/communication
![Page 6: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/6.jpg)
6
Parts of risk
Risk event: the adverse event that results in a risk .
Risk probability: the likelihood or uncertainty of a risk to occur .
Risk impact: the loss or extent of damage caused by a risk.
![Page 7: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/7.jpg)
7
Types of risk
1 .Technical risk
2 .Managerial risk
3 .Operational risk
4 .Environment risk
5 .Testing risk
![Page 8: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/8.jpg)
Types of risk
1 .Technical risk2 .Managerial risk3 .Operational risk4 .Environment risk
5 .Testing risk
(1)Do we really know what the problem is?
(2) Is the problem solvable?
![Page 9: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/9.jpg)
1 .Technical risk2 .Managerial risk3 .Operational risk4 .Environment risk
5 .Testing risk
*Schedule risk; *Financial risk;
*Personnel risk; *Quality risk;
Types of risk
![Page 10: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/10.jpg)
1 .Technical risk2 .Managerial risk3 .Operational risk4 .Environment risk
5 .Testing risk
*Inadequate user education or training; *Software Misuse;
*Inadequate maintenance of the product.
Types of risk
![Page 11: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/11.jpg)
1 .Technical risk2 .Managerial risk3 .Operational risk4 .Environment risk
5 .Testing risk
physical risks that may threaten a particular data center as: Fire, water
Types of risk
![Page 12: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/12.jpg)
1 .Technical risk2 .Managerial risk3 .Operational risk4 .Environment risk
5 .Testing risk
The quality control practitioner plays a key role in addressing the testing of risk
Types of risk
![Page 13: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/13.jpg)
13
Risk Managementis the process of controlling risk and monitoring the effectiveness of the control mechanisms.
The goal of RM:
is to preserve the quality and integrity of a project by reducing cost escalation and project slippage.
![Page 14: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/14.jpg)
14
Risk management process
1 )Identifying the risk;
2 )Assessing the risk's magnitude;
3 )Determining the response to the risk;
4 )Planning for the addressing of, and reporting on, the risk if encountered
![Page 15: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/15.jpg)
15
Risk assessment
The cost potential of the risk's occurrence;
The probability of the risk occurring;
The risk exposure; The cost to respond to the
risk.
![Page 16: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/16.jpg)
16
Risk response
1 )Elimination;
2 )Avoidance;
3 )Mitigation;
4 )Acceptance.
![Page 17: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/17.jpg)
17
Risk Analysis
the process of identifying, estimating, and evaluating risk.
![Page 18: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/18.jpg)
18
Risk AnalysisRisk Analysis
Benefits of RA • Ease of data comprehension. • Identification and prioritization of critical
activities and functions• Identification of areas where policies and
procedures need to be enhanced and implemented Justification of cost of implementation of measures
• Assessment of the preparedness of an organization with respect to the risks.
• Assessment of the security awareness among employees
![Page 19: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/19.jpg)
19
Risk Analysis
1) Software Risk Analysis
2 )Planning Risks and Contingencies
The purpose of software risk analysis: to determine what to test, the testing priority, and
the depth of testing.
![Page 20: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/20.jpg)
20
Risk Analysis Who Should Do the Analysis?
The risk analysis should be done by a team of experts from various groups within the organization include developers, testers, users, customers, marketers, and other interested, willing, and able contributors.
When Should It Be Done?
A risk analysis should be done as early as possible in the software lifecycle. A first cut at a risk analysis can usually be done as soon as the high-level requirements are known.
![Page 21: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/21.jpg)
21
Software Risk Analysis Process
How Should It Be Done Step 1: Form a Brainstorming Team
Step 2: Compile a List of Features
Step 3: Determine the Likelihood
Step 4: Determine the Impact
Step 5: Assign Numerical Values
Step 6: Compute the Risk Priority
Step 7: Review/Modify the Values
Step 8: Prioritize the Features
Step 9: Determine the "Cut Line“
Step 10: Consider Mitigation
![Page 22: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/22.jpg)
22
Software Risk Analysis ProcessHow Should It Be Done Step 1: Form a Brainstorming TeamInclude:
users )such as business analysts) developers testers marketers customer service representatives support personnel and anyone else that has knowledge of the business and/or
product, and is willing and able to participate.
![Page 23: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/23.jpg)
23
Software Risk Analysis ProcessHow Should It Be Done Step 2: Compile a List of Features
Compile an inventory of features, attributes, or business functions for the entire system .
Global attributes include:
Accessibility, availability, compatibility, maintainability, performance, reliability ,
scalability, security, and usability.
![Page 24: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/24.jpg)
24
Software Risk Analysis ProcessHow Should It Be Done Step 3: Determine the Likelihood
Assign an indicator for the relative likelihood of failure.
![Page 25: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/25.jpg)
25
Table 2: Likelihood of Failure for ATM Features/Attributes
ATM SoftwareLikelihood
FeaturesAttributes
Withdraw cashHigh
Deposit cashMedium
Check account balanceLow
Transfer fundsMedium
Purchase stampsHigh
Make a loan paymentLow
UsabilityMedium
PerformanceLow
SecurityMedium
![Page 26: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/26.jpg)
26
Software Risk Analysis ProcessHow Should It Be Done Step 4: Determine the Impact
What would be the impact on the user if this feature or attribute failed to
operate correctly?
![Page 27: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/27.jpg)
Table 3: Impact of Failure for ATM Features/Attributes
ATM Software Likelihood Impact
Features Attributes
Withdraw cash HighHigh
Deposit cash MediumHigh
Check account balance LowMedium
Transfer funds MediumMedium
Purchase stamps HighLow
Make a loan payment LowMedium
UsabilityMediumHigh
PerformanceLowMedium
SecurityMediumHigh
![Page 28: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/28.jpg)
28
Software Risk Analysis ProcessHow Should It Be Done Step 5: Assign Numerical Values
Brainstorming team should assign numerical values for H, M, and L for both likelihood and impact.
Usually assign a value of 3 for H, 2 for
M, and 1 for L.
![Page 29: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/29.jpg)
29
Software Risk Analysis ProcessHow Should It Be Done Step 6: Compute the Risk Priority
The values assigned to the likelihood of failure and the impact of failure should be added together.
![Page 30: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/30.jpg)
30
Table 4: Summed Priorities for ATM Features/Attributes
ATM Software Likelihood Impact Priority
Features Attributes
Withdraw cash HighHigh6
Deposit cash MediumHigh5
Check account balance
LowMedium3
Transfer funds MediumMedium4
Purchase stamps HighLow4
Make a loan payment LowMedium3
UsabilityMediumHigh5
PerformanceLowMedium3
SecurityMediumHigh5
![Page 31: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/31.jpg)
31
Software Risk Analysis ProcessHow Should It Be Done
Step 7: Review/Modify the Values
Values of the likelihood of failure for each feature may be modified based on additional information or analyses that may be available .
![Page 32: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/32.jpg)
32
Software Risk Analysis ProcessHow Should It Be Done
Step 8: Prioritize the Features
The brainstorming team should reorganize their list of features and attributes in order of risk priority.
![Page 33: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/33.jpg)
Table 5: Sorted Priorities for ATM Features/Attributes
ATM Software Likelihood Impact Priority
Features Attributes
Withdraw cash HighHigh6
Deposit cash MediumHigh5
UsabilityMediumHigh5
SecurityMediumHigh5
Transfer funds MediumMedium4
Purchase stamps
HighLow4
Make a loan payment
LowMedium3
Check account balance
LowMedium3
PerformanceLowMedium3
![Page 34: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/34.jpg)
34
Software Risk Analysis ProcessHow Should It Be Done
Step 9: Determine the "Cut Line“
To indicate the line below which features will not be tested )if any) or tested less .
In order to do that, it's necessary to estimate the amount of testing that is possible with
the available time and resources.
![Page 35: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/35.jpg)
35
Table 6 "Cut Line" for ATM Features/Attributes
ATM Software Likelihood Impact Priority
Features Attributes
Withdraw cash HighHigh6To Be Tested
Deposit cash MediumHigh5
UsabilityMediumHigh5
Transfer funds MediumMedium4
Purchase stamps HighLow4
SecurityLowHigh4
Make a loan payment
LowMedium3Not to Be Tested (or tested less)
Check account balance
LowMedium3
PerformanceLowMedium3
![Page 36: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/36.jpg)
36
Software Risk Analysis ProcessHow Should It Be Done Step 10: Consider Mitigation
The mitigation activities may require action by developers, users, testers, or others.
Risk mitigation helps reduce the likelihood of a failure, but does not affect the impact.
![Page 37: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/37.jpg)
Table 7: Mitigated List of Priorities for ATM Features/Attributes
ATM Software Likelihood Impact Priority Mitigation
Features Attributes
Withdraw cash HighHigh6Code inspection
Deposit cash MediumHigh5Early prototype
UsabilityMediumHigh5Early user feedback
SecurityMediumHigh5
Transfer funds MediumMedium4
Purchase stamps HighLow4
Make a loan payment
LowMedium3
Check account balance
LowMedium3
PerformanceLowMedium3
![Page 38: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/38.jpg)
38
22 ) )Planning Risks and Planning Risks and ContingenciesContingencies
Purpose: To determine the best contingencies in
the event that one of the planning risks occurs.
This is important because the scope and nature of a project almost always change as the project progresses.
The planning risks help us to do the "What if…" and develop contingencies.
![Page 39: 1 By the name of the god Risk management Dr. Lo ’ ai Tawalbeh DONE BY: AMNA ISMAIL RASHAN](https://reader035.vdocuments.site/reader035/viewer/2022062714/56649d0f5503460f949e573f/html5/thumbnails/39.jpg)
3939