Дисертації з теми "Software risk assessment"
Щоб переглянути інші типи публікацій з цієї теми, перейдіть за посиланням: Software risk assessment.
Оформте джерело за APA, MLA, Chicago, Harvard та іншими стилями
Ознайомтеся з топ-48 дисертацій для дослідження на тему "Software risk assessment".
Біля кожної праці в переліку літератури доступна кнопка «Додати до бібліографії». Скористайтеся нею – і ми автоматично оформимо бібліографічне посилання на обрану працю в потрібному вам стилі цитування: APA, MLA, «Гарвард», «Чикаго», «Ванкувер» тощо.
Також ви можете завантажити повний текст наукової публікації у форматі «.pdf» та прочитати онлайн анотацію до роботи, якщо відповідні параметри наявні в метаданих.
Переглядайте дисертації для різних дисциплін та оформлюйте правильно вашу бібліографію.
1
Matsuo, Eric K. "Risk assessment in incremental software development." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 1999. http://handle.dtic.mil/100.2/ADA374495.
Повний текст джерела
2
Alexander, Byron Vernon Terry. "Legacy system upgrade for software risk assessment." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA401409.
Повний текст джерелаАнотація:
Thesis (M.S in Computer Science) Naval Postgtaduate School, December 2001.Thesis Advisor(s): Berzins, Valdis ; Murrah, Michael. "December 2001." Includes bibliographical references (p. 91). Also available online.
3
Zhu, Dongfeng. "Integrating software behavior into dynamic probabilistic risk assessment." College Park, Md. : University of Maryland, 2005. http://hdl.handle.net/1903/3305.
Повний текст джерелаАнотація:
Thesis (Ph. D.) -- University of Maryland, College Park, 2005.Thesis research directed by: Reliability Engineering. Title from t.p. of PDF. Includes bibliographical references. Published by UMI Dissertation Services, Ann Arbor, Mich. Also available in paper.
4
Radlinski, Lukasz. "Improved Software Project Risk Assessment Using Bayesian Nets." Thesis, Queen Mary, University of London, 2008. http://ethos.bl.uk/OrderDetails.do?uin=uk.bl.ethos.509672.
Повний текст джерела
5
Nogueira, Juan Carlos. "A formal model for risk assessment in software projects." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2000. http://handle.dtic.mil/100.2/ADA382304.
Повний текст джерелаАнотація:
Thesis (M.S. in Information Technology Management) Naval Postgraduate School, Sept. 2000.Thesis advisor(s): Jones, Carl R.; Brady, Terrance. "September 2000." Includes bibliographical references (p. 149-160). Also available in print.
6
Nogueira, de Leon Juan Carlos. "A formal model for risk assessment in software projects." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2000. http://handle.dtic.mil/100.2/ADA382304.
Повний текст джерелаАнотація:
Dissertation (Ph.D. Software Engineering) Naval Postgraduate School, Sept. 2000.Dissertation supervisor, LuQi. DTIC descriptor(s): Software Engineering, Rule Based Systems, Risk Analysis, Data Management, Computer Aided Design, Cost Analysis, Theses, Computer Program Reliability, Technology Assessment, Risk Management. DTIC Identifier(s): Caps (Computer Aided Prototyping System), Case (Computer Aided Software Engineering). Author(s): subject terms: Risk Assessment, Formal Models, Software Estimation Models, Software Metrics, Project Management. Includes bibliographical references (p. 233-246). Also available online.
7
Silva, Liliane Sheyla da. "A Risk Identification Technique for Requirements Assessment." Universidade Federal de Pernambuco, 2012. https://repositorio.ufpe.br/handle/123456789/10903.
Повний текст джерелаАнотація:
Submitted by Pedro Henrique Rodrigues (pedro.henriquer@ufpe.br) on 2015-03-05T18:53:32Z
No. of bitstreams: 2
Dissertacao_Liliane.pdf: 2808869 bytes, checksum: 6681e2b17bafbf1b2fb94a8f0d2ad701 (MD5)
license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5)Made available in DSpace on 2015-03-05T18:53:32Z (GMT). No. of bitstreams: 2 Dissertacao_Liliane.pdf: 2808869 bytes, checksum: 6681e2b17bafbf1b2fb94a8f0d2ad701 (MD5) license_rdf: 1232 bytes, checksum: 66e71c371cc565284e70f40736c94386 (MD5) Previous issue date: 2012-03-01
CAPES, CNPQ
One recurrent issue in software development is the effective creation of testcases from requirements. Several techniques and methods are applied to minimize the risks associated with test cases building, aiming to meet the requirements specified correctly. Risks identification for requirements assessment is essential to tests cases generation. However, test engineers still face difficulties to apply it in practice due to the lack of solid knowledge about Risk Management activities and tool support for such activities. This work proposes a technique that helps test engineers in risk identification from requirements for software testing. From studies that used the similarity concept to compare software projects in order to reuse previously identified risks, the developed technique uses the same assertion applied to requirements. Within this context, this work aims to: (i) to define a technique based on analogies by categorizing requirements, thus being able to identify risks through a database of similar requirements, and (ii) to reuse risks previously identified at requirements for the evaluation of new requirements.
8
Mkpong-Ruffin, Idongesit Okon Umphress David A. Hamilton John A. "Quantitative risk assessment model for software security in the design phase of software development." Auburn, Ala., 2009. http://hdl.handle.net/10415/1584.
Повний текст джерела
9
ESPINHA, RAFAEL DE SOUZA LIMA. "A COMPLIANCE AND RISK-BASED SOFTWARE DEVELOPMENT PROCESS ASSESSMENT APPROACH." PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIRO, 2007. http://www.maxwell.vrac.puc-rio.br/Busca_etds.php?strSecao=resultado&nrSeq=10205@1.
Повний текст джерелаАнотація:
PONTIFÍCIA UNIVERSIDADE CATÓLICA DO RIO DE JANEIROCOORDENAÇÃO DE APERFEIÇOAMENTO DO PESSOAL DE ENSINO SUPERIOR
CONSELHO NACIONAL DE DESENVOLVIMENTO CIENTÍFICO E TECNOLÓGICO
Atualmente, um dos principais requisitos de um projeto de desenvolvimento de software é a entrega de um produto de qualidade que obedeça ao prazo e orçamento estipulados e atenda às necessidades do cliente. Utilizando a premissa de que a qualidade do produto desenvolvido está intimamente relacionada à qualidade dos processos utilizados no seu desenvolvimento, muitas organizações investem em programas de melhoria contínua de processos, onde estes processos são constantemente avaliados e melhorados. Este trabalho propõe uma abordagem para a avaliação de processos baseada em análise do risco e da conformidade em processos de desenvolvimento. Esta abordagem é constituída por um método de avaliação em duas etapas e por uma ferramenta de apoio. Na primeira fase do método, uma avaliação em abrangência é realizada para identificar em que áreas se encontram os maiores problemas nos processos. Na segunda fase, uma avaliação mais elaborada e criteriosa é realizada apenas nas áreas críticas, diminuindo o custo e aumentando a eficiência do investimento em melhoria. A ferramenta utiliza um mecanismo de questionários e checklists para verificar o risco e a conformidade dos processos da organização. Estes questionários e checklists estão associados a uma base de conhecimento organizada segundo um modelo de maturidade ou norma de qualidade de referência. Ao final de uma avaliação são gerados relatórios, tabelas e gráficos que apóiam a tomada de decisão e orientam a elaboração de um plano de ação para a melhoria dos processos. A abordagem foi utilizada em três experimentos controlados.
Nowadays, one of the main requirements of a software development project is the delivery of a quality product that conforms to the expected schedule and budget and satisfies customer needs. Using the hypothesis that the quality of the developed product is closely related to the quality of the processes used in its development, many organizations invest in process improvement programs, where the processes are continuously assessed and improved. In this work we propose an approach for process assessment based on risk and process compliance analysis. This approach is composed of a two-step appraisal method and a supporting tool. In the first step of the method, a quick analysis is executed to identify the most problematic areas. In the second one, a more elaborated analysis is performed only in the critical areas, reducing the costs and increasing the effectiveness of the appraisal. The tool uses a mechanism of surveys and checklists to verify the risk and the compliance of the process of the organization. A knowledge base is organized in accordance to a reference quality norm or maturity model. At the end of an assessment, reports, tables and charts support the decision-taking, and they can be used to guide an improvement program. The approach has been used in three case studies.
10
Shook, Alexis M. "User's Manual for Tardigrade Risk Assessment." ScholarWorks@UNO, 2018. https://scholarworks.uno.edu/td/2492.
Повний текст джерелаАнотація:
This user-guide provides instructions for operating Tardigrade 1.1.3, a cybersecurity software for Nollysoft, LLC. This guide instructs users step-by-step on how to set security controls, risk assessments, and administrative maintenance. Tardigrade 1.1.3 is a Risk Assessment Enterprise that evaluates the risk level of corporations and offers solutions to any security gaps within an organization. Tardigrade 1.1.3 is a role-based software that operates through three modules, Cybersecurity Assessment, Internal Control, and Security Requirement Traceability Matrix.
11
Murrah, Michael R. "Enhancements and extensions of formal models for risk sssessment in software projects /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FMurrah.pdf.
Повний текст джерела
12
Murrah, Michael R. "Proposal to develop enhancements and extensions of formal models for risk assessment in software projects." Thesis, Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2002. http://library.nps.navy.mil/uhtbin/hyperion-image/02sep%5FMurrah.pdf.
Повний текст джерела
13
Williamson, Christopher Loyal. "A formal application of safety and risk assessmen in software systems." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2004. http://library.nps.navy.mil/uhtbin/hyperion/04Sep%5FWilliamson%5FPhD.pdf.
Повний текст джерела
14
Johnson, Craig S. Piirainen Robert A. "Application of the Nogueira risk assessment model to real-time embedded software projects /." Monterey, Calif. : Springfield, Va. : Naval Postgraduate School ; Available from National Technical Information Service, 2001. http://handle.dtic.mil/100.2/ADA396225.
Повний текст джерела
15
Zhang, Su. "Quantitative risk assessment under multi-context environments." Diss., Kansas State University, 2014. http://hdl.handle.net/2097/18634.
Повний текст джерелаАнотація:
Doctor of PhilosophyDepartment of Computing and Information Sciences
Xinming Ou
If you cannot measure it, you cannot improve it. Quantifying security with metrics is important not only because we want to have a scoring system to track our efforts in hardening cyber environments, but also because current labor resources cannot administrate the exponentially enlarged network without a feasible risk prioritization methodology. Unlike height, weight or temperature, risk from vulnerabilities is sophisticated to assess and the assessment is heavily context-dependent. Existing vulnerability assessment methodologies (e.g. CVSS scoring system, etc) mainly focus on the evaluation over intrinsic risk of individual vulnerabilities without taking their contexts into consideration. Vulnerability assessment over network usually output one aggregated metric indicating the security level of each host. However, none of these work captures the severity change of each individual vulnerabilities under different contexts. I have captured a number of such contexts for vulnerability assessment. For example, the correlation of vulnerabilities belonging to the same application should be considered while aggregating their risk scores. At system level, a vulnerability detected on a highly depended library code should be assigned with a higher risk metric than a vulnerability on a rarely used client side application, even when the two have the same intrinsic risk. Similarly at cloud environment, vulnerabilities with higher prevalences deserve more attention. Besides, zero-day vulnerabilities are largely utilized by attackers therefore should not be ignored while assessing the risks. Historical vulnerability information at application level can be used to predict underground risks. To assess vulnerability with a higher accuracy, feasibility, scalability and efficiency, I developed a systematic vulnerability assessment approach under each of these contexts.
16
Guillaume, Fumeaux. "Public Software as a Service a Business-Driven Guidance for Risk Control." Thesis, Linnéuniversitetet, Institutionen för datavetenskap (DV), 2017. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-60510.
Повний текст джерелаАнотація:
Because cloud computing adoption grows day-by-day, it is essential for theexecutives of a company to be able to rely on a risks management guidanceto fully grasp all the aspects concerning cloud computing security.The concerns of the industry, the security standards, the official guidelines,and the European laws about the security when using cloud serviceshave been analyzed. The risks, the measures, and the obligations have beengathered. This paper, with all these information collected, describes how torun a risk management for public SaaS security keeping a business-drivenmindset. While running the risk assessment, the management should look atthe impact a threat may have on company activities, image, and finances. Itwill decide on the measures that should be implemented by the administrationor the IT.Following this guidance should minimize the risk of using public SaaScloud computing and allowing a company to align its security goals with itsbusiness goals.
17
Kucukcoban, Sezgin. "Development Of A Software For Seismic Damage Estimation: Case Studies." Master's thesis, METU, 2004. http://etd.lib.metu.edu.tr/upload/12605087/index.pdf.
Повний текст джерелаАнотація:
The occurrence of two recent major earthquakes, 17 August 1999 Mw = 7.4 Izmit and 12 November 1999 Mw = 7.1 Düzce, in Turkey prompted seismologists and geologists to conduct studies to predict magnitude and location of a potential earthquake that can cause substantial damage in Istanbul. Many scenarios are available about the extent and size of the earthquake. Moreover, studies have recommended rough estimates of risk areas throughout the city to trigger responsible authorities to take precautions to reduce the casualties and loss for the earthquake expected. Most of these studies, however, adopt available procedure by modifying them for the building stock peculiar to Turkey. The assumptions and modifications made are too crude and thus are believed to introduce significant deviations from the actual case. To minimize these errors and use specific damage functions and capacity curves that reflect the practice in Turkey, a study was undertaken to predict damage pattern and distribution in Istanbul for a scenario earthquake proposed by Japan International Cooperation Agency (JICA). The success of these studies strongly depends on the quality and validity of building inventory and site property data. Building damage functions and capacity curves developed from the studies conducted in Middle East Technical University are used. A number of proper attenuation relations are employed. The study focuses mainly on developing a software to carry out all computations and present results. The results of this study reveal a more reliable picture of the physical seismic damage distribution expected in Istanbul.
18
Hansen, Christian [Verfasser]. "Software Assistance for Preoperative Risk Assessment and Intraoperative Support in Liver Resection Surgery / Christian Hansen. Fraunhofer Mevis." Bremen : IRC-Library, Information Resource Center der Jacobs University Bremen, 2012. http://d-nb.info/103526336X/34.
Повний текст джерела
19
Zhou, Luyuan. "Security Risk Analysis based on Data Criticality." Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2020. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-93055.
Повний текст джерелаАнотація:
Nowadays, security risk assessment has become an integral part of network security as everyday life has become interconnected with and dependent on computer networks. There are various types of data in the network, often with different criticality in terms of availability or confidentiality or integrity of information. Critical data is riskier when it is exploited. Data criticality has an impact on network security risks. The challenge of diminishing security risks in a specific network is how to conduct network security risk analysis based on data criticality. An interesting aspect of the challenge is how to integrate the security metric and the threat modeling, and how to consider and combine the various elements that affect network security during security risk analysis. To the best of our knowledge, there exist no security risk analysis techniques based on threat modeling that consider the criticality of data. By extending the security risk analysis with data criticality, we consider its impact on the network in security risk assessment. To acquire the corresponding security risk value, a method for integrating data criticality into graphical attack models via using relevant metrics is needed. In this thesis, an approach for calculating the security risk value considering data criticality is proposed. Our solution integrates the impact of data criticality in the network by extending the attack graph with data criticality. There are vulnerabilities in the network that have potential threats to the network. First, the combination of these vulnerabilities and data criticality is identified and precisely described. Thereafter the interaction between the vulnerabilities through the attack graph is taken into account and the final security metric is calculated and analyzed. The new security metric can be used by network security analysts to rank security levels of objects in the network. By doing this, they can find objects that need to be given additional attention in their daily network protection work. The security metric could also be used to help them prioritize vulnerabilities that need to be fixed when the network is under attack. In general, network security analysts can find effective ways to resolve exploits in the network based on the value of the security metric.
20
Yassin, Areej M. "Organizational Information Markets: Conceptual Foundation and an Approach for Software Project Risk Management." Scholar Commons, 2010. http://scholarcommons.usf.edu/etd/3500.
Повний текст джерелаАнотація:
This dissertation employs both design science and behavioral science research paradigms to investigate an emerging form of technology-enabled human collective intelligence known as information markets. This work establishes a conceptual foundation for the study of organizational information markets and the design and use processes of information markets inside organizations.
This research conceptualizes markets from an information systems perspective and presents an information systems research framework for organizational information markets. This work develops a systems theory of information markets to facilitate investigation of the relationships and interactions between markets as systems and their context of use. It proposes a structuration model for design and use of IT artifacts in organizations and applies it to the study of information markets. A framework of market users is developed to guide market design to satisfy the different motivational and informational needs of market users. A design based solution is proposed to an important open question in the information markets literature; how to generate sufficient uninformed trades. This research extends structuration theory by developing the structuration model of technology-induced organization development.
A well-designed information market can generate several benefits to organizations that contribute to their growth and development. Due to the importance of software in everyday life, and the high costs and percentages of failure in software projects, this dissertation proposes an information market solution to help organizations better manage the risks facing software projects. It also develops a theoretical framework for the determinants of software project risk assessment accuracy and evaluates the market‘s efficacy in improving assessment accuracy via the use of controlled laboratory experiments.
The results of the experiments demonstrate the market‘s efficacy in improving assessment accuracy by increasing the currency, accuracy and completeness of reported status information about project main objectives such as cost, schedule, performance and functionality. The results also demonstrate the market‘s efficacy in increasing individual willingness to report negative status information by decreasing their perception of information asymmetry between them and management/clients, and by increasing their perception of both the anonymity of the reporting mechanism and their perceived self-interest in reporting negative status information.
21
Goosen, Ryno Johannes. "Sense, signal and software : a sensemaking analysis of meaning in early warning systems." Thesis, Stellenbosch : Stellenbosch University, 2014. http://hdl.handle.net/10019.1/96132.
Повний текст джерелаАнотація:
Thesis (MPhil)--Stellenbosch University, 2014.ENGLISH ABSTRACT: This thesis considers the contribution that Karl Weick’s notion of sensemaking can make to an improved understanding of weak signals, cues, warning analysis, and software within early warning systems. Weick’s sensemaking provides a framework through which the above mentioned concepts are discussed and analysed. The concepts of weak signals, early warning systems, and Visual Analytics are investigated from within current business and formal intelligence viewpoints. Intelligence failure has been a characteristic of events such as 9/11, the recent financial crisis triggered by the collapse of Lehman Brothers, and the so-called Arab Spring. Popular methodologies such as early warning analysis, weak signal analysis and environmental scanning employed within both the business and government sphere failed to provide adequate early warning in many of these events. These failures warrant renewed attention as to what improvements can be made and how new technology can enhance early warning analysis. Chapter One is introductory and states the research question, methodology, and delimits the thesis. Chapter Two sets the scene by investigating current conceptions of the main constructs. Chapter Three explores Weick’s theory of sensemaking, and provides the analytical framework against which these concepts are then analysed in Chapter Four. The emphasis is directed towards the extent of integration of frames within the analysis phase of early warning systems and how frames may be incorporated within the theoretical foundation of Visual Analytics to enhance warning systems. The findings of this thesis suggest that Weick’s conceptualisation of sensemaking provide conceptual clarity to weak signal analysis in that Weick’s “seed” metaphor, representing the embellishment and elaboration of cues, epitomizes the progressive nature of weak signals. The importance of Weick’s notion of belief driven sensemaking, in specific the role of expectation in the elaboration of frames, and discussed and confirmed by various researchers in different study areas, is a core feature underlined in this thesis. The centrality of the act of noticing and the effect that framing and re-framing has thereon is highlighted as a primary notion in the process of not only making sense of warning signals but identifying them in the first place. This ties in to the valuable contribution Weick’s sensemaking makes to understanding the effect that a specification has on identifying transients and signals in the resulting visualization in Visual Analytic software.
AFRIKAANSE OPSOMMING: Hierdie tesis ondersoek hoe Karl Weick se konsep van singewing ons insig teenoor swak seine, tekens, waarskuwingsanalise en sagteware binne vroeë waarskuwingstelsels verbeter. Weick se bydrae verskaf ‘n raamwerk waarbinne hierdie konsepte geanaliseer en ondersoek kan word. Die konsep van swak seine, vroeë-waarskuwing en visuele analise word binne huidige besigheidsuitgangspunte, en die formele intelligensie arena ondersoek. Die mislukking van intelligensie is kenmerkend van gebeure soos 9/11, die onlangse finansiёle krisis wat deur die ondergang van Lehman Brothers ingelei is, en die sogenaamde “Arab Spring”. Hierdie gebeure het ‘n wêreldwye opskudding op ekonomiese en politiese vlak veroorsaak. Moderne metodologieё soos vroeë waarskuwingsanalise, swaksein-analise en omgewingsaanskouing binne regerings- en besigheidsverband het duidelik in hul doelstelling misluk om voortydig te waarsku oor hierdie gebeurtenisse. Dit is juis hierdie mislukkings wat dit noodsaaklik maak om meer aandag te skenk aan hierdie konsepte, asook nuwe tegnologie wat dit kan verbeter. Hoofstuk Een is inleidend en stel die navorsingsvraagstuk, doelwitte en afbakkening. Hoofstuk Twee lê die fondasie van die tesis deur ‘n ondersoek van die hoof konsepte. Hoofstuk Drie verskaf die teoretiese raamwerk, die van Weick se singewingsteorie, waarteen die hoof konsepte in Hoofstuk Twee ondersoek word in Hoofstuk Vier. Klem word gelê op die diepte van integrasie en die toepassing van raamwerke in die analisefase van vroeё waarskuwingstelsels en hoe dit binne die teoretiese beginsels van visuele analise geïnkorporeer word. Die bevindinge van hierdie tesis spreek die feit aan dat Weick se konsepsualisering van singewing konseptuele helderheid rakende die begrip “swakseine” verskaf. In hierdie verband verteenwoordig Weick se “saad”- metafoor die samewerking en uitbouing van seine en “padpredikante” wat die progressiewe aard van swakseine weerspieёl. Die kernbeskouing van hierdie tesis is die belangrikheid van Weick se geloofsgedrewesingewing, veral die uitkoms van die bou van raamwerke asook die bespreking hiervan deur verskeie navorsers. Die belangrikheid van die aksie om seine op te merk, en die effek wat dit op die herbeskouing van raamwerke het, asook die raaksien daarvan in die eerste plek word beklemtoon. Laasgenoemde dui ook aan tot watter mate Weick se singewingsteorie ‘n bydrae maak tot visuele analise veral in ons begrip van die gevolg wat data of inligtingspesifikasie het op die identifisering van seine en onsinnighede in visualisering binne visuele analise-sagteware.
22
Motii, Anas. "Engineering secure software architectures : patterns, models and analysis." Thesis, Toulouse 3, 2017. http://www.theses.fr/2017TOU30274/document.
Повний текст джерелаАнотація:
De nos jours la plupart des organisations pour ne pas dire toutes, dépendent des technologies de l'information et de la communication (TIC) pour supporter plusieurs tâches et processus (quelquefois critiques). Cependant, dans la plupart des cas, les organisations et en particulier les petites entreprises accordent une importance limitée à l'information et à sa sécurité. En outre, sécuriser de tels systèmes est une tâche difficile en raison de la complexité et de la connectivité croissante du matériel et du logiciel dans le développement des TICs. Cet aspect doit alors être pris en compte dès les premières phases de conception. Dans ce travail, nous proposons une approche basée sur les modèles permettant de sécuriser des architectures logicielles en utilisant des patrons. Les contributions de ce travail sont : (1) un cadre de conception intégré pour la spécification et l'analyse d'architectures logicielles sécurisées, (2) une nouvelle méthodologie à base de modèles et de patrons et (3) une suite d'outils. Le fondement de l'approche associe un environnement basé sur des langages de modélisation pour la spécification et l'analyse des modèles d'architectures sécurisées et un dépôt à base de modèles d'artéfacts dédiés à la sécurité (modèle de patrons de sécurité, menaces et propriétés de sécurités) permettant la réutilisation de savoir-faire et de connaissances capitalisées. Pour cela on utilise des langages de modélisation pour la spécification et l'analyse de l'architecture. Le processus associé est constitué des activités suivantes : (a) analyse de risques à base de modèle appliquée à l'architecture du système pour identifier des menaces, (b) sélection et importation de modèles de patrons de sécurité, afin d'arrêter ou de mitiger les menaces identifiées, vers l'environnement de modélisation cible, (c) intégration de modèles de patrons dans le modèle d'architecture, (d) analyse de l'architecture obtenue par rapports aux exigences non-fonctionnelles et aux menaces résiduelles. Dans ce cadre, on s'est focalisé sur la vérification du maintien du respect des contraintes temporelles après application des patrons. La recherche de menaces résiduelles est réalisée à l'aide de techniques de vérification exploitant une représentation formelle des scénarios de menaces issus du modèle STRIDE et basés sur des référentiels de menaces existants (ex., CAPEC). Dans le cadre de l'assistance pour le développement des architectures sécurisées, nous avons implémenté une suite structurée d'outils autour du framework SEMCO et de la plateforme Eclipse Papyrus pour supporter les différentes activités basées sur un ensemble de langages de modélisation conforme à des standards OMG (UML et ses profils). Les solutions proposées ont été évaluées à travers l'utilisation d'un cas d'étude autour des systèmes SCADA (systèmes de contrôle et d'acquisition de données)Nowadays most organizations depend on Information and Communication Technologies (ICT) to perform their daily tasks (sometimes highly critical). However, in most cases, organizations and particularly small ones place limited value on information and its security. In the same time, achieving security in such systems is a difficult task because of the increasing complexity and connectivity in ICT development. In addition, security has impacts on many attributes such as openness, safety and usability. Thus, security becomes a very important aspect that should be considered in early phases of development. In this work, we propose an approach in order to secure ICT software architectures during their development by considering the aforementioned issues. The contributions of this work are threefold: (1) an integrated design framework for the specification and analysis of secure software architectures, (2) a novel model- and pattern-based methodology and (3) a set of supporting tools. The approach associates a modeling environment based on a set of modeling languages for specifying and analyzing architecture models and a reuse model repository of modeling artifacts (security pattern, threat and security property models) which allows reuse of capitalized security related know-how. The approach consists of the following steps: (a) model-based risk assessment performed on the architecture to identify threats, (b) selection and instantiation of security pattern models towards the modeling environment for stopping or mitigating the identified threats, (c) integration of security pattern models into the architecture model, (d) analysis of the produced architecture model with regards to other non-functional requirements and residual threats. In this context, we focus on real-time constraints satisfaction preservation after application of security patterns. Enumerating the residual threats is done by checking techniques over the architecture against formalized threat scenarios from the STRIDE model and based on existing threat references (e.g., CAPEC). As part of the assistance for the development of secure architectures, we have implemented a tool chain based on SEMCO and Eclipse Papyrus to support the different activities based on a set of modeling languages compliant with OMG standards (UML and its profiles). The assessment of our work is presented via a SCADA system (Supervisory Control And Data Acquisition) case study
23
Diakostefanis, Michail. "Internet operation of aero gas turbines." Thesis, Cranfield University, 2014. http://dspace.lib.cranfield.ac.uk/handle/1826/9248.
Повний текст джерелаАнотація:
Internet applications have been extended to various aspects of everyday life and offer
services of high reliability and security. In the Academia, Internet applications offer
useful tools for the remote creation of simulation models and real-time conduction of
control experiments. The aim of this study was the design of a reliable, safe and secure
software system for real time operation of a remote aero gas turbine, with the use of
standard Internet technology at very low cost.
The gas turbine used in this application was an AMT Netherlands Olympus micro gas
turbine. The project presented three prototypes: operation from an adjacent
computer station, operation within the Local Area Netwok (LAN) of Cranfield
University and finally, remotely through the Internet. The gas turbine is a safety critical
component, thus the project was driven by risk assessment at all the stages of the
software process, which adhered to the Spiral Model. Elements of safety critical
systems design were applied, with risk assessment present in every round of the
software process.
For the implementation, various software tools were used, with the majority to be
open source API’s. LabVIEW with compatible hardware from National Instruments was
used to interface the gas turbine with an adjacent computer work station. The main
interaction has been established between the computer and the ECU of the engine,
with additional instrumentation installed, wherever required. The Internet user
interface web page implements AJAX technology in order to facilitate asynchronous
update of the individual fields that present the indications of the operating gas turbine.
The parameters of the gas turbine were acquired with high accuracy, with most
attention given to the most critical indications, exhaust gas temperature (EGT) and
rotational speed (RPM). These are provided to a designed real-time monitoring
application, which automatically triggers actions when necessary.
The acceptance validation was accomplished with a formal validation method – Model
Checking. The final web application was inspired by the RESTful architecture and
allows the user to operate the remote gas turbine through a standard browser,
without requiring any additional downloading or local data processing.
The web application was designed with provisions for generic applications. It can be
configured to function with multiple different gas turbines and also integrated with
external performance simulation or diagnostics Internet platforms. Also, an analytical
proposal is presented, to integrate this application with the TURBOMATCH WebEngine
web application, for gas turbine performance simulation, developed by Cranfield
University.
24
Wagner, Laurent. "KARTOTRAK, integrated software solution for contaminated site characterization." Technische Universitaet Bergakademie Freiberg Universitaetsbibliothek "Georgius Agricola", 2015. http://nbn-resolving.de/urn:nbn:de:bsz:105-qucosa-181693.
Повний текст джерелаАнотація:
Kartotrak software allows optimal waste classification and avoids unnecessary remediation. It has been designed for those - site owners, safety authorities or contractors, involved in environmental site characterization projects - who need to locate and estimate contaminated soil volumes confidently.
25
Lovelace, Temple Sharese Ph D. BCBA. "The Effects of Explicit Phonological Awareness Instruction on the Prereading Skills of Preschool Children At Risk for Reading Failure: Comparing Single and Multiple Skill Instructional Strategies." The Ohio State University, 2008. http://rave.ohiolink.edu/etdc/view?acc_num=osu1217621704.
Повний текст джерела
26
Ranjeet, Tirtha. "Coevolutionary algorithms for the optimization of strategies for red teaming applications." Thesis, Edith Cowan University, Research Online, Perth, Western Australia, 2012. https://ro.ecu.edu.au/theses/558.
Повний текст джерелаАнотація:
Red teaming (RT) is a process that assists an organization in finding vulnerabilities in a system whereby the organization itself takes on the role of an “attacker” to test the system. It is used in various domains including military operations. Traditionally, it is a manual process with some obvious weaknesses: it is expensive, time-consuming, and limited from the perspective of humans “thinking inside the box”. Automated RT is an approach that has the potential to overcome these weaknesses. In this approach both the red team (enemy forces) and blue team (friendly forces) are modelled as intelligent agents in a multi-agent system and the idea is to run many computer simulations, pitting the plan of the red team against the plan of blue team.
This research project investigated techniques that can support automated red teaming by conducting a systematic study involving a genetic algorithm (GA), a basic coevolutionary algorithm and three variants of the coevolutionary algorithm. An initial pilot study involving the GA showed some limitations, as GAs only support the optimization of a single population at a time against a fixed strategy. However, in red teaming it is not sufficient to consider just one, or even a few, opponent‟s strategies as, in reality, each team needs to adjust their strategy to account for different strategies that competing teams may utilize at different points. Coevolutionary algorithms (CEAs) were identified as suitable algorithms which were capable of optimizing two teams simultaneously for red teaming. The subsequent investigation of CEAs examined their performance in addressing the characteristics of red teaming problems, such as intransitivity relationships and multimodality, before employing them to optimize two red teaming scenarios. A number of measures were used to evaluate the performance of CEAs and in terms of multimodality, this study introduced a novel n-peak problem and a new performance measure based on the Circular Earth Movers‟ Distance.
Results from the investigations involving an intransitive number problem, multimodal problem and two red teaming scenarios showed that in terms of the performance measures used, there is not a single algorithm that consistently outperforms the others across the four test problems. Applications of CEAs on the red teaming scenarios showed that all four variants produced interesting evolved strategies at the end of the optimization process, as well as providing evidence of the potential of CEAs in their future application in red teaming.
The developed techniques can potentially be used for red teaming in military operations or analysis for protection of critical infrastructure. The benefits include the modelling of more realistic interactions between the teams, the ability to anticipate and to counteract potentially new types of attacks as well as providing a cost effective solution.
27
Frankeline, Tanyi. "Attack Modeling and Risk Assessments in Software Defined networking (SDN)". Thesis, Linnéuniversitetet, Institutionen för datavetenskap och medieteknik (DM), 2019. http://urn.kb.se/resolve?urn=urn:nbn:se:lnu:diva-88806.
Повний текст джерелаАнотація:
Software Defined Networking (SDN) is a technology which provides a network architecture with three distinct layers that is, the application layer which is made up of SDN applications, the control layer which is made up of the controller and the data plane layer which is made up of switches. However, the exits different types of SDN architectures some of which are interconnected with the physical network. At the core of SDN, the control plane is physically and logically separated from the data plane. The controller is connected to the application layer through an interface known as the northbound interface and to the data plane through another interface known as the southbound interface. The centralized control plane uses APIs to communicate through the northbound and southbound interface with the application layer and the data plane layer respectively. By default, these APIs such as Restful and OpenFlow APIs do not implement security mechanisms like data encryption and authentication thus, this introduces new network security threats to the SDN architecture. This report presents a technique known as threat modeling in SDN. To achieve this technique, attack scenarios are created based on the OpenFlow SDN vulnerabilities. After which these vulnerabilities are defined as predicates or facts and rules, a framework known as multihost multistage vulnerability analysis (MulVAL) then takes these predicates and rules to produce a threat model known as attack graph. The attack graph is further used to performed quantitative risk analysis using a metric to depict the risks associated to the OpenFlow SDN model
28
Ozeroglu, Muhammed A. "Verification of Caregraph® peak skin dose data using radiochromic film /." Download the thesis in PDF, 2005. http://www.lrc.usuhs.mil/dissertations/pdf/Ozeroglu2005.pdf.
Повний текст джерела
29
Garcia, Vinícius Cardoso. "RiSE reference model for software reuse adoption in brazilian companies." Universidade Federal de Pernambuco, 2010. https://repositorio.ufpe.br/handle/123456789/1729.
Повний текст джерелаАнотація:
Made available in DSpace on 2014-06-12T15:52:04Z (GMT). No. of bitstreams: 2
arquivo3101_1.pdf: 6739331 bytes, checksum: b2ce7e13223b4c79b74bfc1a7d45bf1c (MD5)
license.txt: 1748 bytes, checksum: 8a4605be74aa9ea9d79846c1fba20a33 (MD5)
Previous issue date: 2010Fundação de Amparo a Pesquisa do Estado da Bahia
Muitas organizações estão planejando investir ou já investiram dinheiro, tempo e recursos no reúso de software. Com esse investimento, essas organizações esperam melhorar a sua competitividade no mercado por meio da redução de custos e esforço, aumento da produtividade e melhoria da qualidade e da confiabilidade dos produtos de software desenvolvidos. Um problema comum é que as abordagens de reúso nas organizações são consideradas, normalmente, como um problema de adoção tecnológica (ambientes e ferramentas) e de processos, que focam nos aspectos técnicos do reúso. Neste cenário, processos de adoção de reúso - ou estratégias, modelos ou programas - têm se destacado na área como um facilitador para obter os benefícios associados ao reúso de software. No entanto, os processos existentes apresentam alguns problemas cruciais, como, por exemplo, serem fortemente relacionados a tecnologias específicas; demandarem um alto investimento inicial; além de não definirem de forma sistemática e suficientemente detalhada as atividades, papéis, entradas e as saídas de todo o processo. Assim, este trabalho propõe um modelo de referência de reuso de software para auxiliar nos processos de adoção e avaliação da capacidade de reúso nas organizações, baseado no estado da arte e da prática da área. Essa definição foi embasada por estudos detalhados sobre processos de adoção de reúso, modelos de referência de reúso e métodos de avaliação de capacidade em reutilização, envolvendo pesquisas informais, estudos empíricos e relatos de empresas. Com esta tese, pretende-se demonstrar que é possível estabelecer, para as empresas que desejam adotar reúso, um caminho mais seguro e com menores riscos e custos do que uma estratégia de reúso ad-hoc. Neste cenário, espera-se alcançar os seguintes objetivos: (i) aperfeiçoar o desempenho de alguns aspectos do desenvolvimento por meio de práticas de reúso (custo, qualidade, produtividade, competitividade da organização, entre outros); e (ii) redução dos riscos na adoção e/ou aperfeiçoamento de um programa de reúso, dando suporte a um processo incremental
30
Wagner, Laurent. "MINESTIS, the route to resource estimates." Technische Universitaet Bergakademie Freiberg Universitaetsbibliothek "Georgius Agricola", 2015. http://nbn-resolving.de/urn:nbn:de:bsz:105-qucosa-181676.
Повний текст джерелаАнотація:
Minestis software allows geological domain modeling and resource estimation through an efficient and simplified geostatistics-based workflow. It has been designed for all those, geologists, mining engineers or auditors, for whom quick production of quality models is at the heart of their concerns.
31
Manco, Lopez Oscar Oswaldo. "Applied modelization of electricity markets as a financially unstable complex system." Thesis, Paris Est, 2016. http://www.theses.fr/2016PESC0055.
Повний текст джерелаАнотація:
Les défis auxquels sont confrontés les différents secteurs de l’économie, répondent à l'évolution et à la spécialisation des consommateurs et des producteurs, dont les besoins sont de plus en plus complexes. À cet égard, au cours des 5 dernières années, les marchés de l'électricité ont subi un processus évolutif qui vise à répondre aux besoins de tous les intervenants dans des scénarios de développement durable.Aussi les agents impliqués dans les marchés de l'électricité, exposés à des risques opérationnels, juridiques, éthiques, financiers, entre autres, doivent‐ils se spécialiser pour s'approprier notamment de nouvelles technologies. Cette recherche porte principalement sur l'étude du risque financier tout à s'attachant à prendre en compte les nombreuses spécificités des marchés de l'électricité dans le but d'assurer le bon fonctionnement du marché et de ses participants.Dans les développements antérieurs, certains modèles se sont concentrés sur les phénomènes de pannes de courant électrique, d'instabilité du réseau, de variations de puissance, de réseaux intelligents, entre autres. D'autres études ont abordé la question de la prédiction de variables comme le prix et la stratégie d'entreprise, dans le but d'accroître les profits des participants. Ce projet de thèse propose un modèle financier complexe, qui se traduit par le calcul d'un équilibre de marché à partir des conditions initiales et des contraintes de risque. En utilisant la théorie des jeux, nous expliquons l'instabilité de l’équilibre. Nous montrons, en dépit de la complexité, qu'il est possible de trouver un scénario optimal en termes de rentabilité pour le système et les agents.Ce travail est structuré de la façon suivante. Dans le premier chapitre, une revue des études antérieures est présentée afin d’établir le contexte de la recherche. Le chapitre 2 décrit le marché de l'électricité colombienne avec ses particularités. Dans le chapitre 3, les indicateurs de risque (KRI) sont définis. Ils constitueront une partie fondamentale du modèle complet présenté dans le chapitre 4. Enfin, le chapitre 5, d'une part, présente les résultats obtenus et, d'autre part, discute de différentes voies d'approfondissementThe challenges faced by different sectors of the economy, respond to the evolution and specialization of consumers and producers, where the needs are becoming more complex. In this sense, during the last 5 years the electricity markets have undergone an evolutionary pro- cess that aims to meet the needs of all stakeholders in the midst of sustainability scenarios.Thus, the agents involved in the electricity market, present a num- ber of exhibitions of operational nature, legal, ethical, financial, among others, which require a specialization allowing the entry of new tech- nologies. This research project focuses on the study of financial risk, which despite being so specific, consider many elements with the aim of ensuring the functioning of the market and its participants.In previous studies, some models have concentrated on the in- vestigation of blackouts phenomena, the stability of the network, the dynamic power system, and Smart grids, among others. Mean- while other investigations have addressed the problem of forecasting different variables like the spot price and corporate strategy, with the aim of increasing the profitability of the participants. Now, this project presents the proposal of a complex financial model, which results in calculating a market equilibrium considering initial condi- tions and risk constraints. Using game theory it demonstrates equi- librium instability and that through complexity it is possible to find an optimal scenario in terms of profitability for the system and the agents.In chapter 1 it carried out a review of previous studies in order to justify the investigation, then Chapter 2 includes a description of the Colombian electricity market, with different specifications. In chap- ter 3 the KRI are defined, and they will be integrated in Chapter 4 as a fundamental part of the comprehensive model. Finally, Chapter 5 includes the results of the study ending with some possible further studies and additional considerations
32
Plíšek, Martin. "Nástroj pro podporu analýzy rizik v informační bezpečnosti." Master's thesis, Vysoké učení technické v Brně. Fakulta informačních technologií, 2012. http://www.nusl.cz/ntk/nusl-236450.
Повний текст джерелаАнотація:
The master thesis deals with the development of the tool for risk analysis support in information security. At first we perform a theoretical basis for security development of lifecycle process (SDL). Afterwards the theory of risk analysis based on fault tree analysis is described. Considering this knowledge base system was designed and implemented. Next chapter describes the best practice refer to the typical example of use and presents the potencial using of this tool in practice. Final chapter deals with the possibility of future expansion of this application.
33
林傑毅. "Integrate Risk Assessment into Software Project Estimation Model." Thesis, 2002. http://ndltd.ncl.edu.tw/handle/82885617804732953294.
Повний текст джерелаАнотація:
碩士國立臺灣科技大學
資訊管理系
90
For the managers of the software development project, it is one of the essential abilities that accurately estimating the software development effort and duration at the early stages of the software development life cycle. Normally the software effort drivers have the properties of uncertainty and fuzziness. One of the reasons is that estimating the values of those software effort drivers cannot avoid the certain degree of errors. The other one is that it will cause the problem of estimating errors when transforming the measures of those software effort drivers into the ordinal scale type. Therefore, it is obvious that software project estimation models cannot avoid the problem of estimation errors. However, existing software project estimation models in literature only give one point of the estimation value and do not explicitly express the degree of estimation errors. In this thesis, we propose a software project estimation model integrating the risk assessment by using the classification method of fuzzy decision tree of the data mining techniques. By using an empirical study, our proposed model cannot only give the estimation value, but also the degree of estimation errors. Meanwhile, comparing with existing software effort estimation models, the proposed model has also the higher degree of estimating accuracy after the defuzzification process of the model''s estimative result.
34
Wei-ZheKuo and 郭維哲. "An empirical study of software cost estimation model with risk assessment." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/95035649804371870066.
Повний текст джерелаАнотація:
碩士國立成功大學
工程科學系碩博士班
99
In this research, we propose a refined software cost prediction model based on the experiences of the department of medical informatics of a medical center in southern Taiwan. The model is an extension of COCOMO II. Firstly, we analyze 25 completed projects. We find that the single regression model is not good enough to interpret the measured data. We then introduce the multi-variable regression model. After deriving the cost model, we introduce the risk factor by the help of four senior staffs to define the risk levels of the projects. We divide the risk factor into 5 levels. Currently, related researches fine tune the results using decision tree and neural network approaches. We propose to use association rules (of data mining). We use 11 newly developed projects to evaluate the proposed approach.The results show that association rules and neural network approaches would improve the accuracy of estimation model and they are better then the decision tree approach. The association rules approach shows 13% improvement of MMRE(Mean Magnitude of Relative Error), 35% improvement of PRED(Prediction level)(25%), while the neural network approach shows 14% improvement of MMRE, 31% improvement of PRED(25%). In comparison, association rules approach is better than neural network. Hence, we suggest to use the association rules approach in the future.
35
Kuo, Tsunghsun, and 郭宗勳. "Development and Application of an Integrated Software Project Risk Assessment Model." Thesis, 2013. http://ndltd.ncl.edu.tw/handle/17235177660302192939.
Повний текст джерелаАнотація:
碩士國立屏東科技大學
資訊管理系所
101
In recent years, the uncertainty of a software project has been increasing due to the increases of project sizes, complexities of communication between project team members, and technology innovation, etc. Therefore, how to manage the software project risk becomes a key for the success of software project management. In this research, we summarize the factors of risk assessment from the past literature reviews and develop a software project risk assessment model based on the types of project control and sources of risk coming from the internal and external business. An integrated software project risk assessment model is proposed to solve the issue mentioned above. Fuzzy AHP is used to compute the weight of risk assessment during the process of software project risk assessment. In addition, we develop a software project risk assessment system according to proposed model to support decision makers on the aspect of risk assessment. An integrated model of developing 59 risk assessment factors concerning the needs of project control and sources of risk coming from the internal and external business is developed. A simulation study was conducted in a software project management center of a university of science and technology in Taiwan to examine the feasibility and applicability of the developing software project risk assessment system. Therefore, risk assessment of software projects can be carried out according to the requirements of different industries. The operational quality and the performance of risk assessment of software projects can be effectively improved due to the transparency of risk assessment process, objective and quantitative approach. For instance, the times spent on the computation of risk assessment of software projects can be reduced about 58 percentages when the numbers of software projects arrives to 1000. Findings of our empirical study indicate that a software project risk assessment system can effectively reduce the risk of a software project and improve decision making on the project investment for a software project manager.
36
Yang, Bomin, and 楊博閔. "Construction of Risk Assessment Mechanism in Secure Software Development Life Cycle." Thesis, 2011. http://ndltd.ncl.edu.tw/handle/26527441867726536419.
Повний текст джерелаАнотація:
碩士國防大學管理學院
資訊管理學系
99
In recent years, as a result of rapid development of the World Wide Web and programming languages, we have made tremendous progress in the development of web applications. However, many of the causes of information security incidents are due to the absence of the concept of security and risk checking mechanism, in traditional software development life cycle(SDLC), leading to Web application risk exposure. According to the survey of Gartner Group, almost 75% of the internet attack events are related to web applications. The result reveals that web applications have already become the targets of hackers and cyber criminals. By exploiting the vulnerabilities of web applications, attackers make the public authorities and business organizations suffer huge losses. For the reason mentioned above, we propose using the threat modeling construction methods to help design web application framework at the design stage of secure software development life cycle (SSDLC). Threat modeling is a kind of analysis method focusing on security. It is used to help both developers to analyze the risk source of web applications and hackers and cyber criminals to launch attacks. By using threat modeling, developers not only find out the vulnerabilities of web applications, but also repair the defects immediately. In this thesis, we build risk assessment mechanism based on threat modeling through the process of risk management and implementation in the design stage of SSDLC. Finally we make experiments to verify the risk assessment mechanism can reduce the security incidents of the web applications. Moreover, it can ensure that the web applications achieve information security objectives.
37
Huang, Li-Jen, and 黃儷人. "Risk Assessment of Business Application Software - A Case Study of Inventory Information System." Thesis, 2001. http://ndltd.ncl.edu.tw/handle/79027958050530536643.
Повний текст джерелаАнотація:
碩士中國文化大學
資訊管理研究所
89
A software company could use two strategies of sales. One is to support the standard software package to the user, and the other is to support the promotion of the standard software package to the user. The company needs not only to consider the normal cost but also the software development cost of quality. The extra cost which includes the normal cost and the cost of quality will be given attention when doing the promotion. This paper includes three parts. Firstly, we will give the ‘definitions of policy of different objective marketing ’ under the promotion cases. external failure costs will be discussed. Secondly, Markov Chains Probability Matrix will be dis-cussed in considering product cost. I will build software risk Assessment model in his research, and it includes the analysis control and the making decision. Thirdly, a case study will be discussed. not only the analysis and discussion but also the ex-tended and future development will be given. To do the data analysis result by three parts, we got a small groceries store in Taiwan, which uses the software designed by the company as the example. We fund that it helps software company doing cost valuation when using risk Assessment model. The research findings suggest a buyer to take the value creation as well as risk consideration simultaneously into account before pursuing activities.
38
Johnson, Craig S., and Robert A. Piirainen. "Application of the Nogueira risk assessment model to real-time embedded software projects." Thesis, 2001. http://hdl.handle.net/10945/10967.
Повний текст джерелаАнотація:
This Thesis addresses the application of a formal model for risk assessment to real-time embedded software development projects. It specifically targets the use of existing military and defense software development projects as a way to validate, or refine the formal model. In this case the Nogueira model. Data will be gathered from real projects and analyze through use of the Nogueira model. Selected projects were based on specific criteria, listed later in this Thesis. This is, in essence, a "post mortem" of these projects. It gives the ability to compare the model's predictions against what the real data collected from the projects indicated. Results will be reported with our conclusions as to the model's viability for use in determining risk as to probability of completion given the time allowed for the projects. These are data points in the validation of the model and the results, good or bad, cannot be used as a definitive substantiation of the model's fitness for use on other real projects.
39
YEH,SU-JUNG and 葉蘇蓉. "DEVELOPING A RISK ASSESSMENT MODEL FOR THE SOFTWARE PROJECT : ADD ORGANIZATIONAL INERTIA FACTOR." Thesis, 1999. http://ndltd.ncl.edu.tw/handle/03844509892007335196.
Повний текст джерелаАнотація:
碩士國立暨南國際大學
資訊管理學系
87
THESIS ABSTRACT GRADUATE INSTITUTE OF INFORMATION MANAGEMENT NATIONAL CHI NAN UNIVERSITY NAME:YEH,SU-JUNGMONTH/YEAR:JUNE,1999 ADVISER:HSIEH,CHING-CHA DEVELOPING A RISK ASSESSMENT MODEL FOR THE SOFTWARE PROJECT : ADD ORGANIZATIONAL INERTIA FACTOR Followed by the rapid evolution of information technology (IT) and global competition , the enterprises in the 1990s have faced a turbulent environment . In order to obtain a competitive advantage , enterprises have used IT in the early 1970s , but computerization projects could not guarantee success . Due to the high uncertainty and high variety of software development projects , risk management software development projects become very important . To assess the degree of the risk is the basic problem for risk management . Past research considered factors related only to the project itself , not including the organizational inertia factors of the project . But this study tries to also include organizational inertia factors into risk assessment that will therefore improve the predictability of the model . Through literature review , this paper will obtain a complete factors analysis on both the project itself and on the inertia.This information will then be compiled into a questionnaire which will be used to collect data from five different software development companies . Then , using the Discriminant Analysis Method , a risk discriminant function will be developed for judging the success of a project in advance . This study finds that both organization standardization and organization size of the organization inertia factors are distinct in affecting the project''s success . The predictability of the project risk assessment model is higher after adding these factors .
40
Fan, Chi-I., and 范績宜. "Risk Assessment of the Taiwan Medical Information Software Enterprise Investment in Mainland China." Thesis, 2008. http://ndltd.ncl.edu.tw/handle/68244956239552829490.
Повний текст джерелаАнотація:
碩士元智大學
資訊管理學系
96
Health insurance has gone through reformation many times. It leads the utility rate of health information system to increase in medical organization. Dealer in software industry accumulates a huge mass of knowledge and technique from that experience. It is useful to improve competition among the same trade. Unfortunately, they are hard to operate a business because of high utility rate and low economical prosperity. This research attempts to establish a basic assessment about investment in China. This study begins with the interviews with experts to find out possible factors, and then examines the effectiveness by Delphi Method. The last we compute the weight with AHP. The risk assessment is based on the result. This study finds the risk priority is economy, politics, copyright, market and culture. The result of weights analysis is, to invest in right time, to cooperate with sincere company, peace is needed, to upgrade your domain know how and to observe the policy of health insurance. This reference is important to invest in China for Taiwanese medical information software enterprise.
41
Lin, Yung-I., and 林永裔. "Applying Fuzzy Set Theory to Technical Risk Assessment in Requirement Analysis of the Large Scale Software Development Project." Thesis, 2001. http://ndltd.ncl.edu.tw/handle/99532972473427996085.
Повний текст джерелаАнотація:
碩士逢甲大學
工業工程學系
89
It is difficult to evaluate project risks at the early stage of software development, since the information collected is imprecise and incomplete. This research is to develop a risk assessment model based on fuzzy set theory to identify potential project risks in the requirement analysis stage of software development. The developed model can reduce the possibility of the project of being failure and improve the software quality.
42
Hsieh, Hsin-Ying, and 謝欣穎. "Using RAMMS software to evaluate the risk assessment of debris flow: A case study of Feng-Chiou torrent." Thesis, 2019. http://ndltd.ncl.edu.tw/cgi-bin/gs32/gsweb.cgi/login?o=dnclcdr&s=id=%22107NCHU5080029%22.&searchmode=basic.
Повний текст джерелаАнотація:
碩士國立中興大學
水土保持學系所
107
Taiwan is at the junction of the seismic belt, and the relief is steep. Because of the excessive use of land, the frequency of debris flow disaster increased in recent years. The debris flow disasters also resulted in the loss of life and property. In this study, we used three-dimensional debris flow runout model, RAMMS, to simulate landslide of Feng-Chiou torrent in Feng-Chiou Village, Xinyi Township, Nantou County. According to the submerged area and the submerged depth from the simulation results, we conducted a risk analysis on protected targets to reduce disaster loss. We conducted sensitivity analysis on the four parameter factors, turbulent friction coefficient ξ, dry-Coulomb friction coefficient μ, stopping mechanism and Max. erosion depth, to discuss the influences of the parameters on the simulation results. We used RAMMS to simulate the typhoon Hebert event and calibrate the parameter range. Then we used the above parameter range to simulate the heavy rain event (2012/05/04) and get the optimal parameters. Then we simulated small, medium, and large-scale events from upstream, middle reach, and downstream to observe the changes of the submerged area. According to submerged depth, we delimited red and yellow hazard zones. The land-use layer divided into house, road, farmland, forestland, bridge and no-direct-loss, six types of elements at risk, and conduct vulnerability analysis to obtain unit area value. Based on the above, we combined red and yellow hazard zones with the unit area value of elements at risk for risk analysis. The results of using the parameters of typhoon Hebert show that the large-scale events collapsed in the upstream, the risk loss is the largest, reaching about NTD 260 million. The small-scale events collapsed in the downstream, the risk loss is the smallest, about NTD 65 million. The results of using the parameters of the heavy rain event (2012/05/04) show that the large-scale events collapsed in the upstream, the risk loss amount is the largest, reaching about NTD 190 million. The small-scale events collapsed in the downstream, the risk loss is the smallest, about NTD 33 million.
43
Attarian, Ioanna Maria. "An Analysis and Reasoning Framework for Project Data Software Repositories." Thesis, 2012. http://hdl.handle.net/10012/6659.
Повний текст джерелаАнотація:
As the requirements for software systems increase, their size, complexity and functionality consequently increases as well. This has a direct impact on the complexity of numerous artifacts related to the system such as specification, design, implementation and, testing models. Furthermore, as the software market becomes more and more competitive, the need for software products that are of high quality and require the least monetary, time and human resources for their development and maintenance becomes evident. Therefore, it is important that project managers and software engineers are given the necessary tools to obtain a more holistic and accurate perspective of the status of their projects in order to early identify potential risks, flaws, and quality issues that may arise during each stage of the software project life cycle. In this respect, practitioners and academics alike have recognized the significance of investigating new methods for supporting software management operations with respect to large software projects. The main target of this M.A.Sc. thesis is the design of a framework in terms of, first, a reference architecture for mining and analyzing of software project data repositories according to specific objectives and analytic knowledge, second, the techniques to model such analytic knowledge and, third, a reasoning methodology for verifying or denying hypotheses related to analysis objectives. Such a framework could assist project managers, team leaders and development teams towards more accurate prediction of project traits such as quality analysis, risk assessment, cost estimation and progress evaluation. More specifically, the framework utilizes goal models to specify analysis objectives as well as, possible ways by which these objectives can be achieved. Examples of such analysis objectives for a project could be to yield, high code quality, achieve low production cost or, cope with tight delivery deadlines. Such goal models are consequently transformed into collections of Markov Logic Network rules which are then applied to the repository data in order to verify or deny with a degree of probability, whether the particular project objectives can be met as the project evolves. The proposed framework has been applied, as a proof of concept, on a repository pertaining to three industrial projects with more that one hundred development tasks.
44
Schwartz, Stefan. "Quality Assurance of Exposure Models for Environmental Risk Assessment of Substances." Doctoral thesis, 2000. https://repositorium.ub.uni-osnabrueck.de/handle/urn:nbn:de:gbv:700-2000090413.
Повний текст джерелаАнотація:
Environmental risk assessment of chemical substances in the European Union is based on a harmonised scheme. The required models and parameters are
laid down in the Technical Guidance Document (TGD) and are implemented in the EUSES software. An evaluation study of the TGD exposure models was
carried out. In particular, the models for estimating chemical intake by humans were investigated. The objective of this study was two-fold: firstly, to
develop an evaluation methodology, since no appropriate approach is available in the scientific literature. Secondly, to elaborate applicability and limitations
of the models and to provide proposals for their improvement.
The principles of model evaluation in terms of quality assurance, model validation and software evaluation were elaborated and a suitable evaluation protocol
for chemical risk assessment models was developed. Quality assurance of a model includes internal (e.g. an investigation of the underlying theory) and
external (e.g. a comparison of the results with experimental data) validation, and addresses the evaluation of the respective software. It should focus not
only on the predictive capability of a model, but also on the strength of the theoretical underpinnings, evidence supporting the model?s conceptualisation, the
database and the software. The external validation was performed using a set of reference substances with different physico-chemical properties and use
patterns. Additionally, sensitivity and uncertainty analyses were carried out, and alternative models were discussed. Recommendations for improvements
and maintenance of the risk assessment methodology were presented. To perform the software evaluation quality criteria for risk assessment software were
developed.
From a theoretical point of view, it was shown that the models strongly depend on the lipophilicity of the substance, that the underlying assumptions
drastically limit the applicability, and that realistic concentrations may seldom be expected. If the models are applied without adjustment, high uncertainties
must inevitably be expected. However, many cases were found in which the models deliver highly valuable results. The overall system was classified as a
good compromise between complexity and practicability. But several chemicals and classes of chemicals, respectively, with several restrictions were
revealed: The investigated models used to assess indirect exposure to humans are in parts currently not applicable for dissociating compounds, very polar
compounds, very lipophilic compounds, ions, some surfactants, and compounds in which metabolites provide the problems and mixtures. In a strict sense, the
method is only applicable for persistent, non-dissociating chemicals of intermediate lipophilicity. Further limitations may exist. Regarding the software, it
was found that EUSES basically fulfils the postulated criteria but is highly complex and non-transparent. To overcome the inadequacies a more modular design is proposed.
45
Liao, Yitun, and 廖繹敦. "A Study on Secure Risk Assessment Mechanism in the Requirement Phase Based on the Secure Software Development Life Cycle." Thesis, 2012. http://ndltd.ncl.edu.tw/handle/11771231681025733942.
Повний текст джерелаАнотація:
碩士國防大學管理學院
資訊管理學系
100
In recent years, as a result of rapid development of the World Wide Web and programming languages, we have made tremendous progress in the development of web applications. However, many of the causes of information security incidents are due to the absence of the concept of security and risk checking mechanism, in traditional software development life cycle(SDLC), leading to Web application risk exposure. According to the survey of Gartner Group, almost 75% of the internet attack events are related to web applications. The result reveals that web applications have already become the targets of hackers and cyber criminals. By exploiting the vulnerabilities of web applications, attackers make the public authorities and business organizations suffer huge losses. For the reason mentioned above, we propose using the threat modeling construction methods to help design web application framework at the design stage of secure software development life cycle (SSDLC). Threat modeling is a kind of analysis method focusing on security. It is used to help both developers to analyze the risk source of web applications and hackers and cyber criminals to launch attacks. By using threat modeling, developers not only find out the vulnerabilities of web applications, but also repair the defects immediately. In this thesis, we build risk assessment mechanism based on the ISO 27005 Information Security Risk Management (ISRM) through the process of risk management and implementation in the design stage of SSDLC. Finally we make experiments to verify the risk assessment mechanism can reduce the security incidents of the web applications. Moreover, it can ensure that the web applications achieve information security objectives.
46
Usach, Molina Héctor. "Automated Contingency Management in Unmanned Aircraft Systems." Doctoral thesis, 2019. http://hdl.handle.net/10251/130202.
Повний текст джерелаАнотація:
[ES] El ritmo de desarrollo tecnológico actual y la investigación científica están permitiendo alcanzar mayores niveles de automatización en todos los sectores industriales. Uno de los ejemplos más representativos es el uso de aeronaves no tripuladas (UAS) en diferentes aplicaciones. Debido al gran potencial de este tipo de aeronaves, las Autoridades de Aviación Civil están desarrollando un nuevo marco regulatorio que permita integrarlas en el espacio aéreo civil de forma segura. El objetivo consiste en garantizar que la operación con UAS se realice con un nivel de seguridad equivalente al de la aviación tripulada convencional.
Para tratar de alcanzar este objetivo, esta tesis propone aumentar el nivel de automatización de un UAS dotando al sistema embarcado con la capacidad de Gestión Automática de Contingencias (ACM). La función del sistema ACM es la de asesorar al piloto en el momento en que se produce una contingencia en vuelo; y en última instancia, tomar el control total de la aeronave si la situación así' lo requiere (por ejemplo, en caso de pérdida del enlace de Comunicación y Control (C2)) o si el piloto delega la resolución del conflicto al sistema automático. Para acreditar que las nuevas funciones no suponen un riesgo añadido para la operación, resultará determinante seguir metodologías de diseño seguro basadas en los estándares de la industria aeroespacial.
La tesis propone una solución tecnológica basada en tres pilares: a) una arquitectura software para el sistema automático a bordo de la aeronave que trate de adaptar la trayectoria de vuelo a la condición operacional del vehículo, equilibrando seguridad y robustez; b) una especificación de Plan de Misión novedosa que permita aumentar la predictibilidad de la aeronave tras sufrir una contingencia; y c) un modelo de riesgo que permita determinar la ruta que minimiza el riesgo derivado de la operación.
Las diferentes propuestas realizadas en esta tesis se han implementado en un demostrador y se han validado en un entorno de simulación. Los resultados obtenidos apoyan la idea de que dotar al sistema embarcado de mayor grado de automatización puede ser un mecanismo viable hacia la integración segura de UAS en el espacio aéreo civil. En concreto, los resultados muestran que el sistema ACM propuesto es capaz de reducir el riesgo de la operación tras sufrir una contingencia y que, cuando esto ocurre, la respuesta de la aeronave sigue siendo predecible, incluso si el piloto no puede intervenir.[CAT] El ritme de desenvolupament tecnològic actual i la investigació científica estan permetent implementar majors nivells d'automatització a tots els àmbits de la indústria. Un dels exemples més representatius és l'ús d'aeronaus no tripulades (UAS) en diferents aplicacions. Vist el gran potencial d'aquest tipus d'aeronaus, les Autoritats d'Aviació Civil estan tractant de desenvolupar un nou marc regulador que permeta integrar-les en l'espai aeri civil de forma segura. Es tracta de garantir que l'operació d'un UAS es realitza amb un nivell de seguretat equivalent al de l'aviació tripulada convencional. Per tal d'assolir aquest objectiu, aquesta tesi proposa augmentar el nivell d'automatització d'un UAS dotant el sistema embarcat amb la capacitat de Gestió Automàtica de Contingències (ACM). La funció del sistema ACM és assessorar el pilot quan ocorre una contingència en vol; i en última instància, prendre el control total sobre l'aeronau si és necessari (per exemple, en cas de pèrdua de l'enllaç de Comunicació i Control (C2)) o si el pilot delega la resolució del conflicte al sistema automàtic. Per tal d'acreditar que les noves funcions del sistema automàtic no comporten un risc afegit per a l'operació, resultarà determinant emprar metodologies de disseny segur d'acord amb els estàndards de la indústria aeroespacial. La tesi proposa una solució tecnològica basada en tres pilars: a) una arquitectura software per al sistema automàtic a bord de l'aeronau que tracte d'adaptar la trajectòria de vol a la condició operacional del vehicle, equilibrant seguretat i robustesa; b) una especificació de Pla de Missió innovadora que permeta augmentar la predictibilitat de l'aeronau quan ocorre una contingència; i c) un model de risc que permeta determinar la ruta que minimitza el risc derivat de l'operació. Les distintes propostes realitzades en aquesta tesi s'han implementat sobre un demostrador i s'han validat en un entorn de simulació. Els resultats de la investigació recolzen la idea que dotar el sistema embarcat d'un major grau d'automatització pot ser un mecanisme adient per integrar els UAS en l'espai aeri civil de manera segura. En concret, els resultats indiquen que el sistema ACM és capaç de reduir el risc de l'operació quan ocorre una contingència i que en eixe cas, la resposta de l'aeronau segueix sent predicible, fins i tot si el pilot no hi pot intervenir.
[EN] Technological development and scientific research are steadily enabling higher levels of automation in the global industry. In the aerospace sector, the operation of Unmanned Aircraft System (UAS) is a clear example. Given the huge potential of the UAS market, Civil Aviation Authorities are elaborating a new regulatory framework for the safe integration of UAS into the civil airspace. The general goal is ensuring that the operation of UAS has an Equivalent Level of Safety (ELOS) to that of manned aviation. To meet the previous goal, this thesis advocates for increasing the level of automation of UAS operations by providing the automatic system on-board the aircraft with Automated Contingency Management (ACM) functions. ACM functions are designed to assist the pilot-in-command in case a contingency, and ultimately to fully replace the pilot if this is required by the situation (e.g. due to a Command and Control (C2) link loss) or if the pilot decides so. However, in order for automation to be safe, automated functions must be developed following safe design methodologies based on aerospace standards. The thesis develops a technological solution that is based on three pillars: a) a software architecture for the automatic system on-board the aircraft that tries to autonomously adapt to contingencies while still achieving mission objectives; b) a novel Mission Plan specification than increases predictability in the event of a contingency; and c) a probabilistic risk model that ensures that the flight trajectory is optimal from the point of view of the risk exposure. The different proposals are prototyped and validated using a simulation environment. The results obtained support the idea that an increase in the automation level of the aircraft can be an effective means towards the safe integration of UAS into the civil airspace. The proposed ACM functions are proved to reduce the operational risk in the event of a contingency, while ensure that the aircraft remains predictable, even without pilot intervention.
En primer lloc, vull fer constar que aquesta tesi ha estat co-financiada pel Fons Social Europeu 2014-2020 i pel programa VALI+d de la Generalitat Valenciana (expedient número ACIF/2016/197).
Usach Molina, H. (2019). Automated Contingency Management in Unmanned Aircraft Systems [Tesis doctoral no publicada]. Universitat Politècnica de València. https://doi.org/10.4995/Thesis/10251/130202
TESIS
47
Aksu, B., Anant R. Paradkar, Matas Marcel de, Ö. Özer, T. Güneri, and Peter York. "A quality by design approach using artificial intelligence techniques to control the critical quality attributes of ramipril tablets manufactured by wet granulation." 2012. http://hdl.handle.net/10454/10109.
Повний текст джерелаАнотація:
NoQuality by design (QbD) is an essential part of the modern approach to pharmaceutical quality. This study was conducted in the framework of a QbD project involving ramipril tablets. Preliminary work included identification of the critical quality attributes (CQAs) and critical process parameters (CPPs) based on the quality target product profiles (QTPPs) using the historical data and risk assessment method failure mode and effect analysis (FMEA). Compendial and in-house specifications were selected as QTPPs for ramipril tablets. CPPs that affected the product and process were used to establish an experimental design. The results thus obtained can be used to facilitate definition of the design space using tools such as design of experiments (DoE), the response surface method (RSM) and artificial neural networks (ANNs). The project was aimed at discovering hidden knowledge associated with the manufacture of ramipril tablets using a range of artificial intelligence-based software, with the intention of establishing a multi-dimensional design space that ensures consistent product quality. At the end of the study, a design space was developed based on the study data and specifications, and a new formulation was optimized. On the basis of this formulation, a new laboratory batch formulation was prepared and tested. It was confirmed that the explored formulation was within the design space.
48
Chien, Chia-Chen, and 簡嘉成. "Integrate Ontology and Analytic Network Process for Software Project Risks Identification and Assessment." Thesis, 2016. http://ndltd.ncl.edu.tw/handle/04074161856941347165.
Повний текст джерелаАнотація:
碩士國立中央大學
資訊管理學系
104
During the entire software cycle, software development processes faced many risks and uncertainties. If these risks can be controlled and eliminated effectively, it could help projects to avoid running out of budget and to prevent project schedule delay. The knowledge and experience about control risks could help organizations manage risk in the future. However, risk identification is a knowledge-intensive task which is relies on member's experience. If organization preserve and reuse the prior experience, it could improve project performance and knowledge reusability. In this regard, this research attempted to create the ontology-based system, which models the experience and knowledge of organization, to support project member to identify risks and risk interactions. After that, the system evaluates the interaction degree of each risk factor by Analytic Network Process method. Therefore, projects are facing a growing complexity, in both of project structure and external environment. Project manager needs to consider the changing of parameters number, e.g., team member turnover. To solve this problem, this system provides an additional function for team member to update the project attribute. After updating the attributes, system would identify the project risks again, so that project team could handle the whole risk contextual.