The construction of large software systems is one of the most hazardous activities of the business world. The failure or cancellation rate of large software systems is over 35%. Of the large systems that are completed, about two thirds experience schedule delays and cost overruns. Yet some large systems are finished early, meet their budgets, and have few if any quality problems. How do successful projects differ from projects that fail? Better project management and better quality control are the most important differences between success and failure in the software world. Thus excellence in software project management has a very favorable return on investment (ROI) due to cost avoidance. Continue reading
Category Archives: Software@Risk™
#63 – CYBER SECURITY CONTROL EFFECTIVENESS – MARK BERNARD
CyberSecurity requires the effective identification of risks and efficient implementation of controls designed to mitigate those risks. The efficient design and architecture of integrated control frameworks is crucial to limiting the potential negative impact on agility and competitiveness of many organizations. Continue reading
#58 – ENTERPRISE ARCHITECTURE AND BUSINESS RISK MANAGEMENT – HOWARD WIENER
Enterprise Architecture (EA) is a discipline focused on aligning an Enterprise’s execution capabilities with its strategy. In this article, I show how the EA function is actually a tool for risk management at the Enterprise level. Continue reading
#57 – HOW TO ASSESS CONTROL EFFECTIVENESS IN ISO 27001 – MARK BERNARD
Control Effectiveness is measured by looking at the maturity of the process. Most people agree that mature processes are documented. Why? Continue reading
#54 – DESIGNING A QUALITY MANAGEMENT APPROACH FOR CYBERSECURITY – MARK BERNARD
How do you use quality management systems (QMS) thinking to design an information systems management system (ISMS)? There are a lot similarities. Read on:
IMHO it starts with two sets of security standards, (a) the manufacturer and (b) the organization. Continue reading