A Goal Driven Risk Management Approach to Support Security and Privacy Analysis of Cloud Based System

S. Islam, H. Mouratidis, E. Weippl:
"A Goal Driven Risk Management Approach to Support Security and Privacy Analysis of Cloud Based System";
Security Engineering for Cloud Computing: Approaches and Tools,1(2013).

[ Publication Database ]


Context: Building a quality software product in the shortest possible time to satisfy the global
market demand gives an enterprise a competitive advantage. However, uncertainties and
risks exist at every stage of a software development project. These can have an extremely
high influence on the success of the final software product. Early risk management practice
is effective to manage such risks and contributes effectively towards the project success.
Objective: Despite risk management approaches, a detailed guideline that explains where
to integrate risk management activities into the project is still missing. Little effort has been
directed towards the evaluation of the overall impact of a risk management method. We
present a Goal-driven Software Development Risk Management Model (GSRM) and its explicit
integration into the requirements engineering phase and an empirical investigation result
of applying GSRM into a project.
Method: We combine the case study method with action research so that the results from
the case study directly contribute to manage the studied project risks and to identify ways to
improve the proposed methodology. The data is collected from multiple sources and analysed
both in a qualitative and quantitative way.
Results: When risk factors are beyond the control of the project manager and project environment,
it is difficult to control these risks. The project scope affects all the dimensions of
risk. GSRM is a reasonable risk management method that can be employed in an industrial
context. The study results have been compared against other study results in order to generalize
findings and identify contextual factors.
Conclusion: A formal early stage risk management practice provides early warning related
to the problems that exists in a project, and it contributes to the overall project success. It
is not necessary to always consider budget and schedule constraints as top priority. There
exist issues such as requirements, change management, and user satisfaction which can
influence these constraints.