Experimentation in software engineering: an introduction
Experimentation in software engineering: an introduction
Managing Information Security Risks: The Octave Approach
Managing Information Security Risks: The Octave Approach
ACSAC '06 Proceedings of the 22nd Annual Computer Security Applications Conference
Systematic literature reviews in software engineering - A systematic literature review
Information and Software Technology
The role of software process simulation modeling in software risk management: A systematic review
ESEM '09 Proceedings of the 2009 3rd International Symposium on Empirical Software Engineering and Measurement
Software product line testing - A systematic mapping study
Information and Software Technology
Using mapping studies as the basis for further research - A participant-observer case study
Information and Software Technology
SP 800-30. Risk Management Guide for Information Technology Systems
SP 800-30. Risk Management Guide for Information Technology Systems
A review of studies on expert estimation of software development effort
Journal of Systems and Software
Hi-index | 0.00 |
Context: At the same time as our dependence on IT systems increases, the number of reports of problems caused by failures of critical IT systems has also increased. This means that there is a need for risk analysis in the development of this kind of systems. Risk analysis of technical systems has a long history in mechanical and electrical engineering. Objective: Even if a number of methods for risk analysis of technical systems exist, the failure behavior of information systems is typically very different from mechanical systems. Therefore, risk analysis of IT systems requires different risk analysis techniques, or at least adaptations of traditional approaches. This means that there is a need to understand what types of methods are available for IT systems and what research that has been conducted on these methods. Method: In this paper we present a systematic mapping study on risk analysis for IT systems. 1086 unique papers were identified in a database search and 57 papers were identified as relevant for this study. These papers were classified based on 5 different criteria. Results: This classification, for example, shows that most of the discussed risk analysis methods are qualitative and not quantitative and that most of the risk analysis methods that are presented in these papers are developed for IT systems in general and not for specific types of IT system. Conclusions: The results show that many new risk analysis methods have been proposed in the last decade but even more that there is a need for more empirical evaluations of the different risk analysis methods. Many papers were identified that propose new risk analysis methods, but few papers discuss a systematic evaluation of these methods or a comparison of different methods based on empirical data.