Mission Success in Complex Environments (MSCE)

Similar documents
Practical Risk Management: Framework and Methods

SEPG Using the Mission Diagnostic: Lessons Learned. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

SEPG Using the Mission Diagnostic: Lessons Learned. Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

Rethinking Risk Management

Evaluating CSIRT Operations

CARNEGIE MELLON UNIVERSITY

Assuring Mission Success in Complex Settings

HE MONITOR. Rethinking Risk Management This issue is dedicated to new research from the SEI in risk management

OCTAVE -S Implementation Guide, Version 1.0. Volume 9: Strategy and Plan Worksheets. Christopher Alberts Audrey Dorofee James Stevens Carol Woody

Security Measurement and Analysis

Software in System Engineering: Affects on Spacecraft Flight Software

CGEIT Certification Job Practice

Introduction to Software Product Lines Patrick Donohoe Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

Improving Acquisition in Government Requirements Management Leading Practices: CMMI-ACQ Visualization

Inside of a ring or out, ain t nothing wrong with going down. It s staying down that s wrong. Muhammad Ali

Software Architecture Evaluation Framework The Aerospace Corporation

Complexity and Software: How to Meet the Challenge. NDIA CMMI Technology Conference

Improving Operational Resilience Processes

Managing Information Systems Seventh Canadian Edition. Laudon, Laudon and Brabston. CHAPTER 14 Project Management, Business Value, and Managing Change

Top Software Engineering Issues in the Defense Industry

System-of-Systems Influences on Acquisition Strategy Development

Acquisition Overview: The Challenges

The Potential for Lean Acquisition of Software Intensive Systems

What Metrics Should a CSIRT Collect to Measure. Success?

SAMPLE Marketing Slides for Building a Compliance Program

Advanced Engineering Environments for Small Manufacturing Enterprises

Agenda. Enterprise Risk Management Defined. The Intersection of Enterprise-wide Risk Management (ERM) and Business Continuity Management (BCM)

Presented at the 2009 ISPA/SCEA Joint Annual Conference and Training Workshop - Making the Case for SOA Arlene F.

Effective Reduction of Avoidable Complexity in Embedded Systems

OCTAVE -S Implementation Guide, Version 1.0. Volume 2: Preparation Guidance. Christoper Alberts Audrey Dorofee James Stevens Carol Woody.

Oracle Buys Instantis

An Overview of the Smart Grid Maturity Model (SGMM)

taking StepChange Consulting Driving Change to Deliver Results

CGEIT ITEM DEVELOPMENT GUIDE

Applying Software Architecture Evaluation to Systems Acquisition

SOA Research Agenda. Grace A. Lewis

I ve Evaluated My Architecture. Now What?

Agile CIO Operating Model

Understanding Model Representations and Levels: What Do They Mean?

Market System Evaluation. March 2017

SYSTEMS MODELING AND SIMULATION (SMS) A Brief Introduction

Business Architecture Fundamentals

Overview of a Proactive Software Product Line Acquisition Approach

Engineered Resilient Systems (ERS) Architecture

Focus on Resiliency: A Process Improvement Approach to Security

Objective (c.f., p.58)

OCTAVE SM Criteria, Version 2.0

ISACA. The recognized global leader in IT governance, control, security and assurance

Systems Engineering Research Needs and Workforce Development Study Pathfinder Study

CMMI V2.0 MODEL AT-A-GLANCE. Including the following views: Development Services Supplier Management. CMMI V2.0 outline BOOKLET FOR print.

CMMI Version 1.2. Model Changes

Aerospace Software Architecture Evaluation Framework - Introduction

The Method Framework for Engineering System Architectures (MFESA)

Applying Software Architecture Principles in a DoD Acquisition

Introduction to Software Product Line Adoption

RSA ARCHER IT & SECURITY RISK MANAGEMENT

A Proposed Community Roadmap for Advancing the Practice of Model-Based Systems Engineering in Government Programs and Enterprises

This resource is associated with the following paper: Assessing the maturity of software testing services using CMMI-SVC: an industrial case study

SCAMPI-B for Contract Monitoring A Case Study of the Mission Planning Enterprise Contractors

The Role of Procurement in an enterprise wide transformation programme Fit for Growth

NGA S T R A T E G Y 2025

Risk and Resilience: Considerations for Information Security Risk Assessment and Management

San Francisco Chapter. Presented by Scott Perry - Slalom Consulting

CGEIT QAE ITEM DEVELOPMENT GUIDE

A Freshwater Partners White Paper

Enterprise Digital Architect

Yokogawa Electric Corporation Yokogawa s Challenges to Create Value for Customers

Risk Methodology K-12

Governance SPICE. Using COSO and COBIT Process Assessment Models BPM GOSPEL

Overview of a Proactive Software Product Line Acquisition Approach

Third Party Risk Management ( TPRM ) Transformation

Agility at Scale: Tactical and Strategic Approaches

Achieving SA-CMM Maturity Level A DoD Acquisition Management Experience

Manage Risk. Enhance Compliance. Boost Profitability.

Software Maintenance, Sustaining Engineering, and Operational Support

The Victim Trap. The TSP Symposium September 23, Watts S. Humphrey and The Software Engineering Institute Carnegie Mellon University

Software Project & Risk Management Courses Offered by The Westfall Team

Managing innovation. Philips Industry Consulting

CMMI A-Specification. Version 1.7. November, For CMMI Version 1.2. This document is controlled by the CMMI Steering Group.

462 Index. B brainstorming asset identification, briefing participants, 73 business unit participation, 32 33

A Primer on. Software Licensing. Charlene Gross Software Engineering Institute. Do You Own It or Not? Charlene Gross, April 19-23, 2010

When Recognition Matters WHITEPAPER OCTAVE RISK ASSESSMENT WITH OCTAVE.

Checklist for Validating Software Cost and Schedule Estimates

Architecture Analysis

Application of the CERT Resilience Management Model at Lockheed Martin

Integration Competency Center Deployment

Replacing Risk with Knowledge to Deliver Better Acquisition Outcomes

It s about your success

Defining a Maturity Scale for Governing Operational Resilience

IBM Impact Grants Offerings

Achieving Acquisition Excellence via Improving the Systems- Engineering Workforce

In Pursuit of Agility -

Lesson Learned from Cross Constellations and Multi Models Process Improvement Initiatives

Investor Meet BFS Key Growth Areas Ravi Vaidyanathan. Hexaware Technologies. All rights reserved.

Risk & Compliance. the way we do it. QualityData Advantage. for Basel Compliance

Best Practices for Enterprise Agile Transformation

Best Practice Information Aids for CMMI SM -Compliant Process Engineering

Strategic Systems Integration Planning

An Embedded SCAMPI-C Appraisal at the National Security Agency. NDIA CMMI Technology Conference and User s Group November 15, 2007

Business Resilience: Proactive measures for forward-looking enterprises

Transcription:

Mission Success in Complex Environments (MSCE) Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213

Mission Success in Complex Environments (MSCE) Project Part of the SEI Acquisition Support Program (ASP), the MSCE Project develops methods, tools, and techniques for Advancing the state-of-the-practice for risk management Assuring success in complex, uncertain environments The project builds on more than 17 years of SEI research and development in risk management. Continuous Risk Management for software-development projects Operationally Critical Threat, Asset, and Vulnerability Evaluation (OCTAVE ) for organizational security 2

Widespread Use of Risk Management Most programs and organizations implement some type of risk management approach when developing and operating softwareintensive systems. Risk management plan Processes Tools However, preventable failures continue to occur. Uneven and inconsistent application of risk-management practice Significant gaps in risk-management practice Ineffective integration of risk-management practice Increasingly complex management environment 3

Changing Risk Paradigm From Traditional Paradigm Tactical analysis that produces point mitigation solutions Failure-oriented ( playing not to lose ) Narrow tradeoff space based on type of risk (e.g., program, security) Applicable to a specific life-cycle phase and a single group or team Stand-alone management practice Bureaucratic and time-intensive To New Paradigm Systemic analysis that produces strategic mitigation solutions Success-oriented ( playing to win ) Broad tradeoff space based on mission and objectives Applicable across the life cycle and supply chain (multi-enterprise/system environments) Integrated with program and organizational management practices Practical, straightforward, and easy to apply 4

Tactical and Systemic Approaches 5

Mosaic What A suite of risk-based methods and guidance for managing systemic risk across the life cycle and supply chain Benefits Focused on achieving operational success Enables continuous management of risk Applicable across all life-cycle phases Designed for multi-enterprise, multi-system environments Provides a means of analyzing risk in relation to management models, frameworks, and standards 6

Mosaic: Focus on Assessment Every organization has preferred management practices The foundation of the Mosaic approach is a suite of methods for assessing risk continuously Act Do Mosaic also provides guidance for leveraging existing management practices to develop, implement, and track risk mitigation plans Mosaic Management Guidance 7

Mosaic Assessments Mosaic provides a suite of methods for assessing risk Mosaic assessments are modular in design Driver identification and analysis provide a common front end for multiple back-end analyses Gap Analysis Risk Analysis Mission Success Analysis Mission Assurance Analysis Integrated Risk and Opportunity Analysis Other Types of Analysis 8

Mosaic: Driver-Based Assessment A driver is a factor that has a strong influence on the eventual outcome or result. Key Objectives Driver 1 Driver 2 Driver 3 Driver N Positive Conditions and Future Events Negative Conditions and Future Events 9

Driver Framework Driver Categories Objectives Preparation Execution Environment Resilience Result The driver framework is a common structure for classifying a set of drivers. 10

Driver Attributes Attribute Description Example Name Success State Failure State Category A concise label that describes the basic nature of the driver A driver exerts a positive influence on the outcome A driver exerts a negative influence on the outcome The category to which the driver belongs Process The process being used to develop and deploy the system is sufficient. The process being used to develop and deploy the system is insufficient. Preparation 11

Basic Set of Drivers for Software Development 1. Program Objectives 2. Plan 3. Process 4. Task Execution 5. Coordination 6. External Interfaces 7. Information Management 8. Technology 9. Facilities and Equipment 10. Organizational Conditions 11. Compliance 12. Event Management 13. Requirements 14. Design and Architecture 15. System Capability 16. System Integration 17. Operational Support 18. Adoption Barriers 19. Operational Preparedness 20. Certification and Accreditation 12

Driver Analysis Driver questions are phrased from the success perspective. Probability is incorporated into the range of answers for each driver. The rationale for selecting an answer is recorded. 13

Integrating Tactical Data A driver-based approach enables integration of tactical data. 14

Driver Profile A simple analysis provides insight into current conditions. 15 1. Program Objectives 2. Plan 3. Process 4. Task Execution 5. Coordination 6. External Interfaces 7. Information Management 8. Technology 9. Facilities & Equipment 10. Organizational Conditions 11. Compliance 12. Event Management 13. Requirements 14. Design & Architecture 15. System Capability 16. System Integration 17. Operational Support 18. Adoption Barriers 19. Operational Preparedness 20. Certification & Accreditation Probability of Success State Probability of Success State

Primary Relationships among Driver Categories Environment Objectives Resilience Execution Result Preparation 16

Additional Analysis of Drivers Drivers provide a foundation for program decision making. A variety of back-end analyses can be used to analyze a set of driver values. Gap analysis Risk analysis Mission success analysis Mission assurance analysis Integrated risk and opportunity analysis 17

From Drivers to Risks Risk Probability Impact Risk Exposure 3. The process being used to develop and deploy the system is insufficient. High Severe High Determined using results of driver analysis Determined using standard risk analysis methods 18

Multi-Enterprise Environments: Network of Objectives 19

Multi-Enterprise Environments: Applying the Driver Framework Assessing a distributed program requires examining Each individual group The end-to-end program Framework Org B O P E E R R Framework for the End-to-End Program O P E E R R Framework Org A O P E E R R Framework Org D O P E E R R Framework Org C O P E E R R 20

Mosaic Assessments: Application in Multiple Domains Software acquisition and development programs Process improvement Mission assurance Software assurance Information technology management Cyber security management Critical infrastructure protection 21

Risk Management Framework -1 22

Risk Management Framework -2 The Risk Management Framework is implementation independent. Defines risk management activities Does not specify how to perform those activities The framework provides a Foundation for a comprehensive risk management methodology Basis for improving a risk management practice 23

Mosaic Portfolio - 1 Courses Risk Management Framework: Best Practices in Risk Management Introduction to Practical Risk Management Practical Risk Management: Framework and Methods Workshops Risk Management Tailoring and Improvement Workshops Course and Workshop Combinations 24

Mosaic Portfolio - 2 Evaluations Program Risk Evaluation Mission Success Evaluation Risk Management Framework Evaluation Custom Evaluation 25

Future Research Metrics Risk-based improvement Modeling and simulation 26

For Additional Information Christopher Alberts Email: cja@sei.cmu.edu Phone: 412-268-3045 Fax: 412-268-5758 Audrey Dorofee Email: ajd@sei.cmu.edu Phone: 412-268-6396 Fax: 412-268-5758 WWW U.S. mail http://www.sei.cmu.edu/msce/ Software Engineering Institute Carnegie Mellon University Pittsburgh, PA 15213-3890 27

28

2024 © businessdocbox.com Privacy Policy | Terms of Service | Feedback