pply RMF on the software product of a hypothetical company. The textbook page 48 to page 70 shows an example how RMF is applied to KillerAppCos iWare 1.0 server product. This is a team project. Your team will hypothesize a company and a product of the company. Plant a few reasonable technical risks. It could be based on your past software development experiences, could be based on a software you have built, or some open source or commercial software application.
This project will be done as three person teams. Each member is an analyst. One member also plays the role of a manager and another one also plays the role of a software developer/tester.
Stage 1 Understand Business Context
o Have a discussion as a group on the name/nature of the software product and the company.
o Analyst extracts business goals, priorities (at least 3 goals)
o Analyst summarizes the system in text or diagram
o Analyst determine any technical, management, and operational controls that the project currently as in place to detect or prevent software risk
Stage 2 Identify Business and Technical Risks
o Analysts develop a list of questions related to business risks, project risk, product risks, refers the textbook or presentation for details.
o Interview the manager and software developer of the RMF team.
o List and rank the business goals using table 2-1
o Describe business risks using table like table 2-3
o For each business risk. find the business risk indicators and likelihood of occurrence, estimate the cost and severity. Record the result in a table similar to Table 2-9.
o Analyze Software Artifacts. Identify technical risks (at least 3). Categorize likelihood of occurrence, and business impact. Record the result in a table similar to Table 2-12.
Stage 3: Synthesize and Rank Risks
o Create goal-to-risk relationship, produce a table similar to Table2-13.
o Assess technical risks severity and present the result in a table similar to Table 2-14.
Stage 4: Define Risk Mitigation Strategy
o Define risk mitigation strategy. Weigh risk mitigation methods against effectiveness/cost/risk coverage/impact.
o Generate recommended Risk Mitigation Methods, document results in a table similar to Table 2-15.
o Generate a complete validation plan.