Software Risk Management

Risk management defines a systematic approach for minimizing
exposure to potential losses. It includes the following three core
assess risk—transform the concerns people have into distinct,
tangible risks that are explicitly documented and analyzed
plan for controlling risk—determine an approach for addressing
each risk; produce a plan for implementing the approach
control risk—deal with each risk by implementing its defined
control plan and tracking the plan to completion
Reference: Page 63

Two distinct risk analysis approaches can be used when evaluating systems
1. Tactical risk analysis
2. Mission risk analysis
Reference: Page 13

From the tactical perspective, risk is defined as the probability that an event will lead to a negative consequence or loss.
Reference: Page 14

From the mission perspective, risk is defined as the probability of mission failure (i.e., not achieving key objectives).
Reference: Page 15


Author(s): Christopher J. Alberts, Audrey J. Dorofee
Publish Date: February 2012
Publisher: Software Engineering Institute
SEI Identifier: CMU/SEI-2012-TN-005
Type: Technical Note
Topics: Cybersecurity Engineering, Measurement and Analysis
Description: In this report, the authors describe the Mission Risk Diagnostic (MRD) method, which is used to assess risk in systems across the lifecycle and supply chain.

Note to Management:
Risk Management doesn’t mean just filling excel templates with some numbers.
Assessor need to have complete depth of knowledge in Risk Management and need to work with respective stock holders. Then only we can protect systems properly by mitigating Risk.

Risk Assessment Template



Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s