A Framework for Categorizing Key Drivers of Risk
• Technical Report
Publisher
Software Engineering Institute
CMU/SEI Report Number
CMU/SEI-2009-TR-007DOI (Digital Object Identifier)
10.1184/R1/6571661.v1Abstract
In today's business and operational environments, multiple organizations routinely work collaboratively in pursuit of a common mission, creating a degree of programmatic complexity that is difficult to manage effectively. Success in these distributed environments demands collaborative management that effectively coordinates task execution and risk management activities among all participating groups. Approaches for managing program risk have traditionally relied on tactical, bottom-up analysis, which does not readily scale to distributed environments. Systemic risk management is an alternative approach that is being developed by the Software Engineering Institute (SEI). A systemic approach for managing risk starts at the top-with the identification of a program's key objectives. Once the key objectives are known, the next step is to identify a set of critical factors, called drivers, that influence whether or not the key objectives will be achieved. The set of drivers also forms the basis for subsequent risk analysis. This technical report describes a driver-based approach for managing systemic risk in programs that acquire or develop software-intensive systems and systems of systems. It features a framework for categorizing drivers and also provides a starter set of drivers that can be tailored to the unique requirements of each program.
Part of a Collection
Cybersecurity Engineering Research: Security Engineering Risk Analysis (SERA) Collection
Cite This Technical Report
Alberts, C., & Dorofee, A. (2009, April 1). A Framework for Categorizing Key Drivers of Risk. (Technical Report CMU/SEI-2009-TR-007). Retrieved September 8, 2024, from https://doi.org/10.1184/R1/6571661.v1.
@techreport{alberts_2009,
author={Alberts, Christopher and Dorofee, Audrey},
title={A Framework for Categorizing Key Drivers of Risk},
month={Apr},
year={2009},
number={CMU/SEI-2009-TR-007},
howpublished={Carnegie Mellon University, Software Engineering Institute's Digital Library},
url={https://doi.org/10.1184/R1/6571661.v1},
note={Accessed: 2024-Sep-8}
}
Alberts, Christopher, and Audrey Dorofee. "A Framework for Categorizing Key Drivers of Risk." (CMU/SEI-2009-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, April 1, 2009. https://doi.org/10.1184/R1/6571661.v1.
C. Alberts, and A. Dorofee, "A Framework for Categorizing Key Drivers of Risk," Carnegie Mellon University, Software Engineering Institute's Digital Library. Software Engineering Institute, Technical Report CMU/SEI-2009-TR-007, 1-Apr-2009 [Online]. Available: https://doi.org/10.1184/R1/6571661.v1. [Accessed: 8-Sep-2024].
Alberts, Christopher, and Audrey Dorofee. "A Framework for Categorizing Key Drivers of Risk." (Technical Report CMU/SEI-2009-TR-007). Carnegie Mellon University, Software Engineering Institute's Digital Library, Software Engineering Institute, 1 Apr. 2009. https://doi.org/10.1184/R1/6571661.v1. Accessed 8 Sep. 2024.
Alberts, Christopher; & Dorofee, Audrey. A Framework for Categorizing Key Drivers of Risk. CMU/SEI-2009-TR-007. Software Engineering Institute. 2009. https://doi.org/10.1184/R1/6571661.v1