Master
2023/2024
Software Risk Management
Type:
Compulsory course (System and Software Engineering)
Area of studies:
Software Engineering
Delivered by:
School of Software Engineering
Where:
Faculty of Computer Science
When:
2 year, 1, 2 module
Mode of studies:
offline
Open to:
students of all HSE University campuses
Instructors:
Волков Денис Владимирович
Master’s programme:
Software and Systems Engineering
Language:
English
ECTS credits:
6
Contact hours:
40
Course Syllabus
Abstract
The training course ‘Software Risk management’ is concerned with theories, methods and tools for professional risk management during software development process. It is based on the training and research materials of Software Engineering Institute (SEI), Guide to Software Engineering by IEEE (SWEBOK), PMBOK study by Project Management Institute (PMI), Microsoft Solution Framework (MSF) - Risk Management discipline for operations, which contains important background information for risk management usage in IT operations and process environment. Modern risk management concerns all aspects of software development: quality, team members, requirements and specification, contractors and 3rd parties, cost, resources. To be effective, team members need to understand the activities performed at each stage in the development cycle and apply appropriate risk management activities. In this course, students analyze, design, implement risk management tools and techniques that meet the software development objective through a simulated case study. They gain hands-on experience performing each role within the risk management process using all the core concepts and skills necessary to engineer and maintain a successful program with limited and predictable risks. Software development and technology projects continue to challenge IT – many projects are unsuccessful or squander precisions resources through poor quality results as a consequence of lack of risk management procedures. The course knowledge is applicable in nearly all software development and IT organizations and examples illustrate situations familiar to e-businesses, service providers, dot com and information technology companies. Initially the course is aimed at students taking undergraduate and graduate courses and at software engineers in commerce and industry. It may be used in general software engineering courses or in courses such as advanced programming, software specification, and software design or management. Also the course is based on the “Analysis and mitigation of risks in complex software programs” book and materials developed by Professor V.V. Lipaev and implemented into SU-HSE being a part of an innovative educational program. The course is compliant with ISO standards and CMM/CMMI standards for industrial software development. The training materials follow the Software Engineering Education Knowledge (SEEK) knowledge insights, described in Software Engineering paper book. The training structure meets the requirements of Russian and international standards of software development and the global professional standard ‘Guide to the Software Engineering Body of Knowledge (SWEBOK) ISO/IEC TR 19759 IEEE’. The course is aimed at studying the major current approaches to risk management in software engineering processes: identification, analysis and assessment, response planning, monitoring and control. It describes the methods, platforms, technologies and tools, which are applied for all stages of life cycle and covers software risk management at each stage.
Learning Objectives
- The main objective of the training course is to examine and discuss with students fundamentals and principles of Risk Management (RM) during software development projects, get familiar with common methods and standards of RM, development and evolution of complex risk assessment and evaluation techniques, analyze trends in available risk management software based on its functionality.
Expected Learning Outcomes
- Be able to analyze key problem areas for IT projects
- Become familiar with some key standards
- Become familiar with the fundamentals of Risk Management in IT area, IT specifics and modern trends
- Become familiar with the key standards
- Distinguish international and local standards in IT area and Risk Management
- Distinguish international and local standards in IT area and Risk Management
- Get acquainted with basic terminology and glossary
- Get familiar with Risk Taxonomy approach
- Know the global IT project failure statistics, its methodology and root causes
- Learn different perspectives of IT project stakeholders and their viewpoints on success
- Learn Risk Breakdown Structure principles – a graphical view of classification
- To be able to apply management actions to main outsourcing risks
- To be able to calculate risk exposure and rank risks according to their priorities.
- To be able to choose the appropriate action
- To be able to create risk reporting documentation with accordance to team needs - fulfill the risk report for the most priority risk
- To be able to discuss the key challenges of IT area
- To be able to identify risks for the given situation with different methods
- To be familiar with Monte Carlo Modeling principles
- To become familiar with main methodologies and key principles in Information Security
- To create Risk Severity Matrix
- To define preventive and corrective actions
- To distinguish key IT project stakeholders and their interests
- To distinguish various risk factors
- To get an overview of available CASE tools and applications for risk management
- To get familiar with different response actions
- To know how to define risk probability and risk impact
- To know how to structure identified risks in a risk register form
- To know the basis of risk scenario analysis
- To know the basis of risk sensitivity analysis
- To know the key functional requirements to the software tool in Risk Management
- To know the process of IT audit, main steps and results in each stage
- To know the roles and responsibilities of Risk Manager and Risk owner/Risk Responsible
- To perform quantitative risk analysis by using Decision Tree technique and calculating Estimated Monetary Value (EMV).
- To understand the purpose and goals of IT audit
- To understand the specifics of information security, key IT threats and vulnerabilities
- Understand how to avoid problem areas and change focus to strengths
- Understand the key outsourcing areat in IT projects and key risks in each area
- Understand the necessitmy of using standards and gaps
- Understand the necessity of using classifications and basic principles based on risk causes and risk factors
- Understand the necessity of using standards and gaps
Course Contents
- Risk management fundamentals. Specifics of IT industry and projects
- Overview of the main standards and methodologies on RM: MSF, RUP, XP, PMBoK
- Key success factors and problem areas in IT
- Key risk factors: quality improvement and requirements tracking
- Risk Taxonomy/ classification. Risk factors
- Risk management process: Identification
- Qualitative assessment
- Qualitative/mathematical assessment and modeling
- Risk management process: risk response and control
- Risks in IT outsourcing
- Risks and information security
- Organization of risk management. Team management
- IT Risk management Audit
- Software Tools in risk management
- Preparation for final exam – course review and Q&A session
Interim Assessment
- 2023/2024 2nd module0.6 * Final Exam (E) + 0.2 * Home assignment 1 (HA1) + 0.2 * Home assignment 2 (HA2)
Bibliography
Recommended Core Bibliography
- Информатизация бизнеса. Управление рисками : учебник для вузов, Авдошин, С. М., 2011
Recommended Additional Bibliography
- 9783319429663 - Zykov, Sergey V. - Crisis Management for Software Development and Knowledge Transfer - 2016 - Springer International Publishing - https://search.ebscohost.com/login.aspx?direct=true&db=nlebk&AN=1261466 - nlebk - 1261466
- Tayntor, C. B. (2007). Six Sigma Software Development (Vol. Second edition). Boca Raton: Auerbach Publications. Retrieved from http://search.ebscohost.com/login.aspx?direct=true&site=eds-live&db=edsebk&AN=934768
- Методические основы управления ИТ - проектами : учебник для вузов, Грекул, В. И., 2011
- Организация и технологии защиты информации : обнаружение и предотвращение информационных атак в автоматизированных системах предприятий: учеб. пособие, Сердюк, В. А., 2011