The Infona portal uses cookies, i.e. strings of text saved by a browser on the user's device. The portal can access those files and use them to remember the user's data, such as their chosen settings (screen view, interface language, etc.), or their login data. By using the Infona portal the user accepts automatic saving and using this information for portal operation purposes. More information on the subject can be found in the Privacy Policy and Terms of Service. By closing this window the user confirms that they have read the information on cookie usage, and they accept the privacy policy and the way cookies are used by the portal. You can change the cookie settings in your browser.
Currently, because of the exponential growth of vulnerabilities, one of the most essential requirements for IT managers is to improve network security by eliminating vulnerabilities that are most hazardous. Achieving this goal requires ranking vulnerabilities based on their peril to the network. Today, this target has become possible by introducing open standards such as Common Vulnerability Scoring...
There exist various software development methodologies under agile software development method. Extreme programming (XP) is known as one of the agile development methods that has gained popularity in the recent past. Waterfall model which is termed as linear sequential development model has been the traditional model of development. Both extreme programming and waterfall focus on different aspects...
Individuals requiring goods and services essential to their mode of living, are increasingly vulnerable to failures of the complex, interlinked, and inhomogeneous technological systems that supply those needs. Extant analysis techniques do not adequately quantify, from an end-user's perspective, the vulnerability that is contributed by such technological systems. This study explores the significance...
This article introduces a framework for assessing IT integration risk in acquisitions. We illustrate the framework's merits for the management of high-risk acquisitions and identification of low-risk acquisitions with the experience of Trelleborg AB, a global industrial company with acquisitions as integrated components of its corporate strategy. Based on the insights gained from Trelleborg, we provide...
The globalization of today's supply chains (e.g., information and communication technologies, military systems, etc.) has created an emerging security threat that could degrade the integrity and availability of sensitive and critical government data, control systems, and infrastructures. Commercial-off-the-shelf (COTS) and even government-off-the-self (GOTS) products often are designed, developed,...
There are large, medium, and small enterprises which develop software projects that can be influenced by a risk. Identifying risk is first step of perfectly assessing and controlling risks in a project. In the literature, a lot of researchers identified risk factors in software projects but none of these can be generalized as base of risk factors in the software projects as they differ in time, culture,...
Many IT change initiatives involving the development of software fail, and the scale of the failures can be large. We believe that the traditional contract model for software development is generally responsible for these failures. Even if an IT project is resourced internally, the organisation applies similar management practices to the IT project as if it were outsourced to a third party supplier...
In this paper we aim to gain insight into the relationship between user participation modes and project risk factors, and then we construct a model that can be used to determine how user participation can be successfully applied in ISD projects with a given set of risk factors. We perform an in-depth literature review, which aims to clarify the concept of user participation as part of risk management...
The issues, opportunities and challenges of effectively governing an organisation's Information Technology (IT) demands and resources have become a major concern of the Board and executive management in many organisations today. The Swiss health care is currently searching for methods and practices for the solution of operational planning and optimisation of IT processes. To make sure that the corporate...
With the increasingly security problems in networks and systems, the evolution of development models that underlie current tools and techniques is all that is required to produce a model of self-defense where all the components are self-protected. The great extension of current models recommends a reasonable transition fundamentally based on the family of standards ISO/IEC 31000, where the selection...
The pattern of IRC is different from traditional industries. There are many unpredictable risks during the period of technology innovation and technical transfer. This article takes the stage of IRC service project as the main research line and identifies the risk factors in the IRC service project. The risk factors are divided into 5 first-level systems and 15 second-level subsystems through the...
A quantitative risk evaluation method for network security is proposed based on analyzing the process that attackers intrude network. The analysis depends on modeling attack activities and attack processes by tracking the transferring of safety states. Three key factors of risk evaluation about assets, threats and vulnerabilities are identified and quantified. Especially the attack probability indexes...
Testing is inherently incomplete; no test suite will ever be able to test all possible usage scenarios of a system. It is therefore vital to assess the implication of a system passing a test suite. This paper quantifies that implication by means of two distinct, but related, measures: the risk quantifies the confidence in a system after it passes a test suite, i.e., the number of faults still expected...
Most of us recognize that when society's collective trends expose us to disasters which may threaten our survival, some rather radical, i.e., fundamental, actions may be necessary to forestall such untoward events. Yet, what signals might trigger such action? Pronouncements that the ldquoend is nearrdquo have not proven to be very effective, and rightfully so. We suggest rather that the impetus for...
The term Hazard/Risk Evaluation is misunderstood. Some believe the procedures they have in place make up a hazard/risk evaluation. A Hazard/Risk Evaluation is a thought process. Many have struggled with how to address the requirement for an evaluation contained in NFPAreg 70E [1]. Many believe that Risk Management meets this requirement. This paper will provide one definition for what a Hazard/Risk...
Set the date range to filter the displayed results. You can set a starting date, ending date or both. You can enter the dates manually or choose them from the calendar.