Software risk management is a proactive decision-making practice with processes, methods, and tools for managing risks in a software project. Many existing techniques for software project risk management are textual documentation with varying perspectives that are nonreusable and cannot be shared. In this paper, a life-cycle approach to ontology-based risk management framework for software projects is presented. A dataset from literature, domain experts, and practitioners is used. The identified risks are refined by 19 software experts; risks are conceptualized, modeled, and developed using Protégé. The risks are qualitatively analyzed and prioritized, and aversion methods are provided. The framework is adopted in real-life software projects. Precision recall and F-measure metrics are used to validate the performance of the extraction tool while performance and perception evaluation are carried out using the performance appraisal form and technology acceptance model, respectively. Mean scores from performance and perception evaluation are compared with evaluation concept scale. Results showed that cost is reduced, high-quality projects are delivered on time, and software developers found this framework a potent tool needed for their day-today activities in software development. K E Y W O R D S hierarchical risk classification breakdown structure (HBRS), performance appraisal form (PAF), software development life cycle (SDLC), software ontology-based risk management (SORM), software risk ontology (SRO), technology acceptance model (TAM) 1 | INTRODUCTION A software project is a process involving many activities such as domain analysis, requirement specification, communication with developers and end users, designing and production of various artifacts, evaluating and testing of software products, and installation and maintenance of application at the end user's site. 1 The demands on software development are increasing daily due to an increase in knowledge of information technology. More people are aware of the importance of information systems and how tasks can be carried out easily by adopting them. Also, the consideration of the world as a global village is one of the major quests for information technology, which has led to a global increase in the demand for information systems. With the increase in demand for information systems, it is important to know that software development is a complex task due to various artifacts and the phases involved in its implementation. Although software projects management is gaining more recognition from industry, military, finance, and academia, yet many projects are uncompleted and could not be delivered because of its failure to meet up with the initial requirements. Some projects that are delivered failed to meet up with the scheduled time, which invariably leads to an
Despite the attractive benefits of cloud-based business processes, security issues, cloud attacks, and privacy are some of the challenges that prevent many organizations from using this technology. This review seeks to know the level of integration of security risk management process at each phase of the Business Process Life Cycle (BPLC) for securing cloud-based business processes; usage of an existing risk analysis technique as the basis of risk assessment model, usage of security risk standard, and the classification of cloud security risks in a cloud-based business process. In light of these objectives, this study presented an exhaustive review of the current state-of-the-art methodology for managing cloud-based business process security risk. Eleven electronic databases (ACM, IEEE, Science Direct, Google Scholar, Springer, Wiley, Taylor and Francis, IEEE cloud computing Conference, ICSE conference, COMPSAC conference, ICCSA conference, Computer Standards and Interfaces Journal) were used for the selected publications. A total of 1243 articles were found. After using the selection criteria, 93 articles were selected, while 17 articles were found eligible for in-depth evaluation. For the results of the business process lifecycle evaluation, 17% of the approaches integrated security risk management into one of the phases of the business process, while others did not. For the influence of the results of the domain assessment of risk management, three key indicators (domain applicability, use of existing risk management techniques, and integration of risk standards) were used to substantiate our findings. The evaluation result of domain applicability showed that 53% of the approaches had been testing run in real-time, thereby making these works reusable. The result of the usage of existing risk analysis showed that 52.9% of the authors implemented their work using existing risk analysis techniques while 29.4% of the authors partially integrated security risk standards into their work. Based on these findings and results, security risk management, the usage of existing security risk management techniques, and security risk standards should be integrated with business process phases to protect against security issues in cloud services.
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
hi@scite.ai
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.