Risk Management Framework

[Pages:72]Risk Management Framework

Christopher J. Alberts Audrey J. Dorofee

August 2010 TECHNICAL REPORT CMU/SEI-2010-TR-017 ESC-TR-2010-017 Acquisition Support Program

Unlimited distribution subject to the copyright.



This report was prepared for the

SEI Administrative Agent ESC/XPK 5 Eglin Street Hanscom AFB, MA 01731-2100

The ideas and findings in this report should not be construed as an official DoD position. It is published in the interest of scientific and technical information exchange.

This work is sponsored by the U.S. Department of Defense. The Software Engineering Institute is a federally funded research and development center sponsored by the U.S. Department of Defense.

Copyright 2010 Carnegie Mellon University.

NO WARRANTY

THIS CARNEGIE MELLON UNIVERSITY AND SOFTWARE ENGINEERING INSTITUTE MATERIAL IS FURNISHED ON AN "AS-IS" BASIS. CARNEGIE MELLON UNIVERSITY MAKES NO WARRANTIES OF ANY KIND, EITHER EXPRESSED OR IMPLIED, AS TO ANY MATTER INCLUDING, BUT NOT LIMITED TO, WARRANTY OF FITNESS FOR PURPOSE OR MERCHANTABILITY, EXCLUSIVITY, OR RESULTS OBTAINED FROM USE OF THE MATERIAL. CARNEGIE MELLON UNIVERSITY DOES NOT MAKE ANY WARRANTY OF ANY KIND WITH RESPECT TO FREEDOM FROM PATENT, TRADEMARK, OR COPYRIGHT INFRINGEMENT.

Use of any trademarks in this report is not intended in any way to infringe on the rights of the trademark holder.

Internal use. Permission to reproduce this document and to prepare derivative works from this document for internal use is granted, provided the copyright and "No Warranty" statements are included with all reproductions and derivative works.

External use. This document may be reproduced in its entirety, without modification, and freely distributed in written or electronic form without requesting formal permission. Permission is required for any other external and/or commercial use. Requests for permission should be directed to the Software Engineering Institute at permission@sei.cmu.edu.

This work was created in the performance of Federal Government Contract Number FA8721-05-C-0003 with Carnegie Mellon University for the operation of the Software Engineering Institute, a federally funded research and development center. The Government of the United States has a royalty-free government-purpose license to use, duplicate, or disclose the work, in whole or in part and in any manner, and to have or permit others to do so, for government purposes pursuant to the copyright license under the clause at 252.227-7013.

For information about SEI publications, please visit the library on the SEI website (sei.cmu.edu/library).

Table of Contents

Acknowledgments

v

Abstract

vii

1 Introduction

1

2 Risk Management Concepts

5

3 Framework Overview

9

4 Prepare for Risk Management (Phase 1)

15

5 Perform Risk Management Activities (Phase 2)

19

5.1 Assess Risk (Activity 2.1)

24

5.2 Plan for Risk Mitigation (Activity 2.2)

27

5.3 Mitigate Risk (Activity 2.3)

31

6 Sustain and Improve Risk Management (Phase 3)

35

7 Framework Requirements

39

Appendix: Evaluating a Risk Management Practice

45

References/Bibliography

59

i | CMU/SEI-2010-TR-017

ii | CMU/SEI-2010-TR-017

List of Figures

Figure 1: Components of Risk

6

Figure 2: Risk Management Activities

7

Figure 3: Framework Structure

9

Figure 4: Structure of Dataflow Diagrams

11

Figure 5: Dataflow for Phase 1

15

Figure 6: Dataflow for Phase 2

19

Figure 7: Dataflow for Activity 2.1

24

Figure 8: Dataflow for Activity 2.2

27

Figure 9: Dataflow for Activity 2.3

31

Figure 10: Dataflow for Phase 3

35

iii | CMU/SEI-2010-TR-017

iv | CMU/SEI-2010-TR-017

Acknowledgments

The authors would like to thank the Army Strategic Software Improvement Program (ASSIP) for piloting a workshop that resulted in significant improvements to the framework. The authors also wish to acknowledge the contributions of the reviewers, Carol Woody, Julie Cohen, and Tricia Oberndorf, and the editor of this technical report, Barbara White.

v | CMU/SEI-2010-TR-017

vi | CMU/SEI-2010-TR-017

 ................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download