Activity planning in software project management pdf

Identification of threats and valuation of their impact on assets impact valuation. Identification and assessment of vulnerabilities to threats. Risk assessment. Risk Analysis — Defining the Scope. Draw a context diagram.

Decide on the boundary. It will rarely be the computer! Make explicit assumptions about the security of neighbouring domains. Verify them! Risk Analysis - Identification of Assets. Types of asset. Software: purchased or developed programs. People: who run the system. Documentation: manuals, administrative procedures, etc. Supplies: paper forms, magnetic media, printer liquid, etc. Risk Analysis — Impact Valuation. Identification and valuation of threats - for each group of assets.

Identify threats, e. Loss of confidentiality. Loss of integrity. Loss of completeness. Loss of availability Denial of Service.

For many asset types the only threat is loss of availability. Assess impact of threat. Assess in levels, e. This gives the valuation of the asset in the face of the threat. Risk Analysis — Vulnerabilities. For risk analysis of an existing system. Windows NT. BS recommendations of good practice. For each threat.

Identify vulnerabilities. How to exploit a threat successfully;. Assess levels of likelihood - High, Medium, Low. Of attempt. Expensive attacks are less likely e. Successful exploitation of vulnerability;. Combine them. Risk Assessment. Assess risk.

If we had accurate probabilities and values, risk would be. Impact valuation x probability of threat x probability of exploitation. Plus a correction factor for risk aversion.

Since we haven't, we construct matrices such as. Responses to risk. Avoid it completely by withdrawing from an activity. Accept it and do nothing. Reduce it with security measures. Risk management. Risk management is concerned with identifying risks and drawing up plans to minimisetheir effect on a project. A risk is a probability that some adverse circumstance will occur. Project risks affect schedule or resources;.

Product risks affect the quality or performance of the software being developed; Business risks affect the organisation developing or procuring the software. The risk management process. Risk identification. Identify project, product and business risks;.

Risk analysis. Assess the likelihood and consequences of these risks;. Risk planning. Draw up plans to avoid or minimise the effects of the risk;. Risk monitoring.

Monitor the risks throughout the project;. Systematic Processes. What Constitutes a Hazard? A real or potential condition that, when activated, can transform into a series of interrelated events that result in damage to equipment or property and or injury to people. Safety Managers View. An implied threat or danger, a potential condition waiting to become a loss. Required to initiate action from potential to kinetic. May be a:. Component out of tolerance.

Maintenance failure. Operator failure. Any combination of other events and conditions. When Do We Look for Hazards? Conceptual - Research.

Operational Deployment. Hazard Severity. A key factor in establishing a common understanding of a safety programs goal. Cat 1: Catastrophic. Cat 2: Critical. Cat 3: Marginal. Cat 4: Negligible. Hazard Analysis Methods. Systematic look at hardware piece by piece.

Review of how each component could fail. Considers how a failure effects other components, sub-systems and systems as a whole. Detailed review of a specific undesirable event. Deductive in nature. Top-down effort. Normally reserved for critical failures or mishaps. May be qualitative or quantitative. Integrates people and procedures into the system. Diagrams the flow or sequence of events. Risk Management is the process of identifying, assessing, responding.

Appropriate protective measures must be taken to safeguard sensitive IT system or application weaknesses or vulnerabilities from unauthorized disclosure. For each major risk, one of the following approaches will be selected to address it:. Avoid — Eliminate the threat or condition or to protect the project objectives from its impact by eliminating the cause. Mitigate — Identify ways to reduce the probability or the impact of the risk. Accept — Nothing will be done.

Contingency —Define actions to be taken in response to risks. Transfer — Shift the consequence of a risk to a third party together with ownership of the response by making another party responsible for the risk buy insurance, outsourcing, etc. The level of risk on a project will be tracked, monitored and controlled and reported. Risks will be assigned a risk owner s who will track, monitor and control and report on the status and effectiveness of each risk response action to the Project Manager and Risk.

All project change requests will be analyzed for their possible impact to the project risks. As Risk Events occur, the list will be re-prioritized during weekly reviews and risk. Notes by Adil Aslam 35 Notes by Adil Aslam 37 Notes by Adil Aslam 39 Notes by Adil Aslam 44 Example Notes by Adil Aslam 47 Notes by Adil Aslam 48 This is 0 for an activity with no predecessors. At a given node, j, consider all activities ending at node j.

For node N, this is the project completion time. Notes by Adil Aslam 58 Notes by Adil Aslam 62 Another Example Notes by Adil Aslam 63 Draw a Network Notes by Adil Aslam 64 Check in Previous Network Diagram. Notes by Adil Aslam 66 Notes by Adil Aslam 67 The optimal answer to planning and scheduling lies somewhere in between.

A structured approach is useful here. In Table 1 the systems analyst beginning a project has broken the process into three major phases: analysis, design, and implementation. Then the analysis phase is further broken down into data gathering, data flow and decision analysis, and proposal preparation. Design is broken down into data entry design, input and output design, and data organization. The implementation phase is divided into implementation and evaluation.

Table 1 — Beginning to plan a project by breaking it into three major activities. In subsequent steps the systems analyst needs to consider each of these tasks and break them down further so that planning and scheduling can take place. Table 2 shows how the analysis phase is described in more detail. For example, data gathering is broken down into five activities, from conducting interviews to observing reactions to the prototype.

This activity plan is generated by Steps 4 and 5 of Step Wise. On a large project, detailed plans for the later stages will be delayed until information about the work required has emerged from the earlier stages. The ideal activity plan will then be the subject of an activity risk analysis, aimed at identifying potential problems.

This might suggest alterations to the ideal activity plan and will almost certainly have implications for resource allocation. The third step is resource allocation. The expected availability of resources might place constraints on when certain activities can be carried out, and our ideal plan might need to be adapted to take account of this.

The final step is schedule production. Once resources have been allocated to each activity, we will be in a position to draw up and publish a project schedule, which indicates planned start and completion dates and a resource requirements statement for each activity.

Continue reading here: Sequencing and scheduling activities. Grist Project Management Motivational current. Goalsontrack Smart Goal Setting Software.