Systematizing IT Risks

IT Risks

“Risk management” is a common phrase when managing information, used by everyone from the chief information security officer to the programmer to explain how we identify, assess, and prioritize risks. It thus reflects how we manage uncertainty as we attempt to control the probability and effect of unfortunate events. Depending on your IT-related experience and area of work, your view of risks w...

Quantifying IT estimation risks

A statistical method is proposed for quantifying the impact of factors that influence the quality of the estimation of costs for IT-enabled business projects. We call these factors risk drivers as they influence the risk of the misestimation of project costs. The method can effortlessly be transposed for usage on other important IT key performance indicators (KPIs), such as schedule misestimati...

Systematizing medical alerts

The current Swedish regulations for medical alerts in health records were designed for paper records. Suggestions for computerized systems are now being investigated. A proposed model using three alert categories, graphically represented using three directions, probably combined with three severity levels is presented here. Up represents hypersensitivities, left/back represents alerting diagnos...

Systematizing Insider Threat mitigation

Systematizing requirements elicitation technique selection

Context: This research deals with requirements elicitation technique selection for software product requirements and the overselection of open interviews. Objectives: This paper proposes and validates a framework to help requirements engineers select the most adequate elicitation techniques at any time. Method: We have explored both the existing underlying theory and the results of empirical re...