• Journal of Information Technology Applications and Management
• /
• v.11 no.4
• /
• pp.103-120
• /
• 2004

Identifying validated risk factors in software risk management is imperative for project managers. Although validated risk lists were provided by previous researchers, risk list associated with software project performance areas was not provided as yet. This paper represents a first step toward understanding risk lists by various project performance areas (time, cost, and quality) to help project managers alleviating the possibility of software project failure. Four simultaneous exploratory surveys were conducted with 29 experienced software project managers. Three different risk factor ranking sets for each project performance area were compared with, the risk ranking, which was provided without clarifying specific project performance areas. The risk lists and their corresponding perceived importance were different from previous research results. This implies that identifying risk factors for specific project performance areas can provide additional information for project managers. We concluded by discussing implications of our finds for both research and improving risk management practice.

• Journal of Information Technology Applications and Management
• /
• v.11 no.2
• /
• pp.15-27
• /
• 2004

Most software projects inevitably involve various types and degrees of uncertainty. Without proper risk assessment and coordination, software projects can easily run out of control and consume significant additional resource. Thus, risk management techniques are critical issues to information system researchers. Previous empirical studies of U.S. software firms support the adoption of development standardization and user requirement analysis techniques in risk-based software project management. Using data collected from software projects developed in Korea during 1999-2000, we conduct a comparative study to determine how risk management strategies impact software product and process performance in countries with dissimilar IT capabilities. In addition, we offer an alternative conceptualization of residual performance risk. We show that the use of residual performance risk as an intervening variable is inappropriate in IT developing countries like Korea where the role of late stage risk control remedies are critical. A revised model is proposed that generates more reliable empirical implications for Korean software projects.

• Journal of Information Technology Services
• /
• v.14 no.3
• /
• pp.67-84
• /
• 2015

Software is more diverse and complex and the level of importance for the maintenance of application software to securely operate software is also gradually increasing in proportion. The calculation method for maintenance cost of application software applied in Korea public enterprises is involved in the range of 10 to 15% of development cost, depending on the Software Project Cost Estimation Guide. Moreover, as most software maintenance cost estimation procedures do not take into consideration of the risk factors related of maintenance, it can be seen as a main cause for the occurrence of maintenance related accidents. This study proposes a maintenance cost estimate model that takes into consideration of the risks related to the software maintenance activities to improve and resolve issues arising from the estimation of maintenance cost. In doing so, maintenance risk factors are analyzed and a risk index is derived through the analysis of risk levels based on the risk factors. Based on such analysis, a maintenance cost estimate method which reflects the maintenance risk index was established.

• Journal of Construction Engineering and Project Management
• /
• v.1 no.2
• /
• pp.28-36
• /
• 2011

Risk management is popularly and widely used in various industries to handle uncertainty that can negatively affect their businesses. While in the current Information-Technology oriented age, software packages are designed to assist in carrying out risk management processes, the construction industry does not seem to have software that is tuned to its specific characteristics and processes. Therefore, this study first explores the types of software that are commonly used for risk management in the Singapore construction industry. Also, using one-sample t-test, it is tested if the software programs used in the construction industry have effectively catered the needs of the users. For the analysis, a survey questionnaire was developed and the representatives from 34 companies participated in the survey. Furthermore, this study also makes use of the current risk management framework defined in ISO31000 to design a risk management software algorithm that can suit the needs for the Singapore construction industry. The results from this study will contribute to identifying strategic areas, in terms of use of risk management software, on which the industry needs to focus, ultimately enhancing their performance of risk management.

• Journal of Korea Society of Digital Industry and Information Management
• /
• v.5 no.2
• /
• pp.133-140
• /
• 2009

In the paper, we proposed the systematical and quantitative software risk management methodology based on risk analysis model. A software risk management consists of the basic risk management method(BRIMM) and the detailed risk management method(DRIMM). BRIMM is applied to unimportant phases or the phase which also the risk factor does not heavily influence to project. DRIMM is used from the phase which influences highly in project success or the phase where the risk factor is many. Fulfilling risk management combined two methods, we can reduce project's budget, term and resource's usage, and prevent risk with the optimum measures obtained by the exact risk analysis.

• The Journal of Information Systems
• /
• v.16 no.4
• /
• pp.243-268
• /
• 2007

It is critical to manage risks to complete IS(Information Systems) projects successfully. Identifying risk factors would be the first step for the project risk management. Previous research has discussed the issue with various points of view, such as different risk factors based on project types and roles involved in their projects. This paper empirically explored how people perceive different risk factors by project development methodology, between self-developing IS using programming language like C, Visual Basic and adapting software package already developed by software venders like ERP, CRM packages. There are researches regarding project risk factors for project management in the several point of views. And there are also researches regarding comparison between self-developing and adapting software packages methodology in IS project. However, there are no study on project risk factors comparison between self-developing IS using programming language and adapting software packages already developed by software venders in IS project. This research can be differentiated from previous ones, because it was considered both point of project risk management and development methodology in IS project. This research results implied meaningful messages to enterprise company to be planned IS projects and people who involved in IS projects. They should consider and need to prepare differently according to each development methodology for preventing project risks. It makes them reduce project risks in each case and complete successfully IS projects. Especially, if they have no experiences for implementing software packages, they can forecast the project risks and prepare them in advance.

• Asia pacific journal of information systems
• /
• v.16 no.3
• /
• pp.143-158
• /
• 2006

Identifying risk factors in software risk management is imperative for project managers. The purpose of this paper is to provide software project risk factors validated by statistical analysis, and thus to help project managers alleviating the possibility of software project failure. Factor analysis with data collected from 264 Korean project managers and consultants identified 12 categories and 46 risk factors. T-test results showed that project managers and participants had statistically different perception on 3 risk factors among those 46 risk factors. We concluded by discussing implications of our findings and future research directions.

• Proceedings of the Korean Institute of Information and Commucation Sciences Conference
• /
• 2012.10a
• /
• pp.495-497
• /
• 2012

Development of application risk management for medical device software test. First, Through questionnaires, Medical device manufacturers, Analysis of software validation and risk management status. Second, Analyzed by comparing the difference between black box testing and white box testing. Third, After analyzing the potential for software analysis tools using code derived factors were quantified, Finally, Medical device risk management process so that it can be applied to build the framework by FMEA(Failure Mode and Effect Analysis) technique. Through this Difficult to build software validation and risk management processes for manufacturers to take advantage of support in medical device GMP(Good Manufacture Practice).

• KSII Transactions on Internet and Information Systems (TIIS)
• /
• v.8 no.6
• /
• pp.2118-2138
• /
• 2014

Risks are involved in all phases of the software life cycle, and due to these risks, software can face various problems that can cause different negative outcomes and sometimes, in extreme cases, the failure of the software. Most of these risks lie in the legacy software migration process. These risks can create many problems, and in the worst case they can lead to the failure of the migration project. This paper explores different types of risk analysis methods such as CRAMM, CORAS, OCTAVE and VECTOR. After comparing these methods, the two suitable methods were chosen, namely, OCTAVE and VECTOR. Based on the use of these two methods, the project suggests an enhanced EOV method for risk analysis in the migration of legacy software.

• Journal of Multimedia Information System
• /
• v.8 no.4
• /
• pp.259-266
• /
• 2021

Security vulnerabilities have been reported in major design software systems such as Adobe Photoshop and Illustrator, which are recognized as de facto standard design tools in most of the design industries. Companies need to evaluate and manage their risk levels posed by those vulnerabilities, so that they could mitigate the potential security bridges in advance. In general, security vulnerabilities are discovered throughout their life cycles repeatedly if software systems are continually used. Hence, in this study, we empirically analyze risk levels for the three major graphical design software systems, namely Photoshop, Illustrator and GIMP with respect to a software vulnerability discovery model. The analysis reveals that the Alhazmi-Malaiya Logistic model tends to describe the vulnerability discovery patterns significantly. This indicates that the vulnerability discovery model makes it possible to predict vulnerability discovery in advance for the software systems. Also, we found that none of the examined vulnerabilities requires even a single authentication step for successful attacks, which suggests that adding an authentication process in software systems dramatically reduce the probability of exploitations. The analysis also discloses that, for all the three software systems, the predictions with evenly distributed and daily based datasets perform better than the estimations with the datasets of vulnerability reporting dates only. The observed outcome from the analysis allows software development managers to prepare proactively for a hostile environment by deploying necessary resources before the expected time of vulnerability discovery. In addition, it can periodically remind designers who use the software systems to be aware of security risk, related to their digital work environments.