Computer-generated comprehensive risk assessment for IT project management

Wickboldt, Juliano Araújo; Bianchin, Luís Armando; Lunardi, Roben Castagna; Andreis, Fabricio Girardi; Santos, Ricardo Luis dos; Dalmazo, Bruno L.; Cordeiro, Weverton; Sousa, Abraham L. R. de; Granville, Lisandro Zambenedetti; Gaspary, Luciano Paschoal; Bartolini, Claudio

doi:10.1109/noms.2010.5488498

Cited by 3 publications

(4 citation statements)

References 10 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…The RS cares about results in risk assessment, such as risk information [6]. It also cares about the results in risk control, such as time, cost, scope, goal and communication of planning & control [28].…”

Section: Risk Summarizationmentioning

confidence: 99%

“…The RS gives a profound summarization to the assessment step and its summary gives us a better understanding to the risk management and presents useful references for future management actions. We do not mean to summarize risk information as [6]; we would present measurable reference results for the assessment. These summarized measurable results are indices for the management and we name them as summarization indices in section three.…”

Section: Risk Summarizationmentioning

confidence: 99%

“…This study does not focus on a simple summarization of risk information as in [6]. This study does not focus on a summarization of risk assessment as in [7] either.…”

Section: Introductionmentioning

confidence: 99%

See 2 more Smart Citations

Risk Summarization

Wang

Tuo

2011

2011 International Conference on Computational and Information Sciences

View full text Add to dashboard Cite

Risk management includes phases such as risk identification, risk assessment and risk control. Little work has focused on risk summarization, which is a useful phase of risk management. Risk summarization means a list of occurred risks; risk summarization can also means relative documentation for risk management actions. This study presents summarization indices to evaluate the risk management efficiency. The indices include expected success rate, risk identification ratio, actual key risk ratio, actual key risk identification ratio, etc. The study aims at helping to fill a vacancy of risk summarization in risk management domain.

show abstract

Section: Risk Summarizationmentioning

confidence: 99%

Section: Risk Summarizationmentioning

confidence: 99%

See 1 more Smart Citation

Risk Summarization

Wang

Tuo

2011

2011 International Conference on Computational and Information Sciences

View full text Add to dashboard Cite

show abstract

“…Existing work related to risk treatments permit to eliminate risks (risk avoidance) by applying best practices, to reduce and mitigate them (risk optimization) by deploying protection and prevention systems [15], to ensure against them (risk transfer) by subscribing an insurance contract or to accept them (risk retention) [16]. Work on IT change management such as [17], [18] are considered as out of our security-oriented scope.…”

Section: Related Workmentioning

confidence: 99%

Risk management in VoIP infrastructures using support vector machines

Nassar

Dabbebi

Badonnel

et al. 2010

2010 International Conference on Network and Service Management

View full text Add to dashboard Cite

Abstract-Telephony over IP is exposed to multiple security threats. Conventional protection mechanisms do not fit into the highly dynamic, open and large-scale settings of VoIP infrastructures, and may significantly impact on the performance of such a critical service. We propose in this paper a runtime risk management strategy based on anomaly detection techniques for continuously adapting the VoIP service exposure. This solution relies on support vector machines (SVM) and exploits dynamic security safeguards to reduce risks in a progressive manner. We describe how SVM parameters can be integrated into a runtime risk model, and show how this framework can be deployed into an Asterisk VoIP server. We evaluate the benefits and limits of our solution through a prototype and an extensive set of experimental results.

show abstract

A framework for risk assessment based on analysis of historical information of workflow execution in IT systems

et al. 2011

Self Cite

View full text Add to dashboard Cite

Products and services provided by modern organizations are usually designed, deployed, and supported by large-scale Information Technology (IT) infrastructures. In order to obtain the best performance out of provided products and services, it is essential that these organizations enforce rational practices for the management of resources that compose their infrastructures. For this purpose, in recent years a few standards and libraries of best practices for IT infrastructures and services management have been proposed. Among the most widely accepted proposals, in both academy and industry, is worth mentioning the Information Technology Infrastructure Library (ITIL). A common point in most of those standards and libraries is the explicit concern with the risks related to IT activities. Proactively dealing with adverse and favorable events that may arise during everyday operations might prevent, for example: delay on deployment of services, cost overrun in activities, predictable failures of handled resources, and, consequently waste of money. Although important, risk management in practice usually lacks in automation and standardization in IT environments. Generally, it is performed by stakeholders in interviews and brainstorms, which may be a very time/resource-consuming task and sometimes too imprecise to guide risk related decisions. Therefore, in this dissertation, a framework to support the automation of some key phases of risk management is proposed, aiming to make it simpler, faster, and more accurate. The proposed framework is targeted to workow-based IT management systems. The main approach is to learn from problems reported in the history of previously conducted workows in order to estimate risks for future executions. Furthermore, comprehensive and interactive risk reports are proposed aiming to ease the analysis of assessed risks by involved humans. The proposed framework had its applicability evaluated in two case studies both in IT related areas, namely: IT Change Management and IT Project Management. The results show how the framework is not only useful to speed up the risk assessment process, but also to assist the decision making of project managers and IT operators by organizing risk detailed information in a comprehensive way. In addition, the modular approach employed in the design of the proposed framework allows it to be generic enough to t in dierent contexts (changes and projects) and still customizable to adapt to more specic requirements.

show abstract

Computer-generated comprehensive risk assessment for IT project management

Cited by 3 publications

References 10 publications

Risk Summarization

Risk Summarization

Risk management in VoIP infrastructures using support vector machines

A framework for risk assessment based on analysis of historical information of workflow execution in IT systems

Contact Info

Product

Resources

About