A Common Terminology for Software Risk Management

ACM Transactions on Software Engineering and Methodology (TOSEM) Pub Date : 2022-02-12 DOI:10.1145/3498539

J. Masso, F. García, César J. Pardo, F. Pino, M. Piattini

{"title":"A Common Terminology for Software Risk Management","authors":"J. Masso, F. García, César J. Pardo, F. Pino, M. Piattini","doi":"10.1145/3498539","DOIUrl":null,"url":null,"abstract":"In order to improve and sustain their competitiveness over time, organisations nowadays need to undertake different initiatives to adopt frameworks, models and standards that will allow them to align and improve their business processes. In spite of these efforts, organisations may still encounter governance and management problems. This is where Risk Management (RM) can play a major role, since its purpose is to contribute to the creation and preservation of value in the context of the organisation's processes. RM is a complex and subjective activity that requires experience and a high level of knowledge about risks, and it is for this reason that standardisation institutions and researchers have made great efforts to define initiatives to overcome these challenges. However, the RM field nevertheless presents a lack of uniformity in its terms and concepts, due to the different contexts and scopes of application, a situation that can generate ambiguities and misunderstandings. To address these issues, this paper aims to present an ontology called SRMO (Software Risk Management Ontology), which seeks to unify the terms and concepts associated with RM and provide an integrated and holistic view of risk. In doing so, the Pipeline framework has been applied in order to assure and verify the quality of the proposed ontology, and it has been implemented in Protégé and validated by means of competency questions. Three application scenarios of this ontology demonstrating their usefulness in the software engineering field are presented in this paper. We believe that this ontology can be useful for organisations that are interested in: (i) establishing an RM strategy from an integrated approach, (ii) defining the elements that help to identify risks and the criteria that support decision-making in risk assessment, and (iii) helping the involved stakeholders during the process of risk management.","PeriodicalId":7398,"journal":{"name":"ACM Transactions on Software Engineering and Methodology (TOSEM)","volume":"23 1","pages":"1 - 47"},"PeriodicalIF":0.0000,"publicationDate":"2022-02-12","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"2","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"ACM Transactions on Software Engineering and Methodology (TOSEM)","FirstCategoryId":"1085","ListUrlMain":"https://doi.org/10.1145/3498539","RegionNum":0,"RegionCategory":null,"ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"","JCRName":"","Score":null,"Total":0}

引用次数: 2

Abstract

In order to improve and sustain their competitiveness over time, organisations nowadays need to undertake different initiatives to adopt frameworks, models and standards that will allow them to align and improve their business processes. In spite of these efforts, organisations may still encounter governance and management problems. This is where Risk Management (RM) can play a major role, since its purpose is to contribute to the creation and preservation of value in the context of the organisation's processes. RM is a complex and subjective activity that requires experience and a high level of knowledge about risks, and it is for this reason that standardisation institutions and researchers have made great efforts to define initiatives to overcome these challenges. However, the RM field nevertheless presents a lack of uniformity in its terms and concepts, due to the different contexts and scopes of application, a situation that can generate ambiguities and misunderstandings. To address these issues, this paper aims to present an ontology called SRMO (Software Risk Management Ontology), which seeks to unify the terms and concepts associated with RM and provide an integrated and holistic view of risk. In doing so, the Pipeline framework has been applied in order to assure and verify the quality of the proposed ontology, and it has been implemented in Protégé and validated by means of competency questions. Three application scenarios of this ontology demonstrating their usefulness in the software engineering field are presented in this paper. We believe that this ontology can be useful for organisations that are interested in: (i) establishing an RM strategy from an integrated approach, (ii) defining the elements that help to identify risks and the criteria that support decision-making in risk assessment, and (iii) helping the involved stakeholders during the process of risk management.

查看原文本刊更多论文

软件风险管理的通用术语

为了提高和维持他们的竞争力，现在的组织需要采取不同的举措来采用框架、模型和标准，使他们能够协调和改进他们的业务流程。尽管做出了这些努力，组织仍然可能遇到治理和管理问题。这就是风险管理(RM)可以发挥主要作用的地方，因为它的目的是在组织过程的背景下促进价值的创造和保存。RM是一项复杂而主观的活动，需要经验和对风险的高水平知识，正是由于这个原因，标准化机构和研究人员已经做出了巨大的努力来定义克服这些挑战的举措。然而，由于不同的上下文和应用范围，RM领域在术语和概念上缺乏一致性，这种情况可能会产生歧义和误解。为了解决这些问题，本文旨在提出一个名为SRMO(软件风险管理本体)的本体，它试图统一与风险管理相关的术语和概念，并提供一个集成的、整体的风险视图。在这样做的过程中，为了保证和验证提出的本体的质量，已经应用了Pipeline框架，并且它已经在protgase中实现，并通过能力问题进行验证。文中给出了该本体的三种应用场景，说明了该本体在软件工程领域的实用性。我们相信，这个本体论对于以下方面感兴趣的组织是有用的:(i)通过综合方法建立风险管理战略，(ii)定义有助于识别风险的元素和支持风险评估决策的标准，以及(iii)在风险管理过程中帮助相关的利益相关者。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

ACM Transactions on Software Engineering and Methodology (TOSEM)

自引率

0.00%

发文量