ABSTRACT
Risk management in software engineering projects describes an integrated design to prevent project failure with methods, processes, and artifacts that continually identify, analyze, control, and monitor risks. For example, changes in people's lifestyles during the COVID-19 pandemic pose unexpected risks to the information technology industry. Agile is known as a methodology that is responsive and adapts quickly to change. Scrum is the most frequently used method based on the 2016 Agile development survey results. Many studies have produced a risk management framework for Scrum in recent years. However, repeating the risk analysis process and selecting a response to risk becomes a burden for stakeholders, so a framework is needed that can become a support system to help make decisions. This paper used a comparative study of risk management framework literature and literature that utilizes risk management tools and a case study of risk classification using 34k GitHub Issues for data mining. This study proposed a new framework that integrates datasets and machine learning into a risk management framework. The novelty in this paper is that the risk priority scheme is carried out using Long Short-Term Memory (LSTM) and Multinomial Naive Bayes (MNB). Further analysis can be carried out to test the overall effectiveness of the framework. © 2022 IEEE.
ABSTRACT
If we learned anything from the year 2020, it is that we need to be more prepared for the unexpected. We need to be working to enable our business to be more resilient in the face of unexpected challenges. We strongly believe that for the industrial sector, the most effective way to enable resiliency is to ensure you have integrity in your operational technology (OT). The objective of this paper is to identify and manage the risk that arose from managing plants remotely. As a result of COVID-19, people started working and managing from home. While this needed to be done to keep businesses running, many risks were introduced as well. How to manage them effectively to reduce cyber risk to an acceptable level will be discussed. Industrial frameworks to identify security gaps, and thus risk, were considered, such as ISA-99/IEC-62443, NIST, ISO-27001, and Top CIS controls. New practices critical infrastructure followed to reduce infection rates were identified from interviews and surveys conducted by PAS, part of Hexagon, of our customers who work with critical infrastructure. These new practices were then compared to the industrial risk management framework to identify the severity of the threats. Once these were identified, mitigation plans were recommended to reduce the risk to an acceptable level. Because of this rapid shift to run the plant remotely, there was an over-provisioning of access in the early stages of the pandemic - i.e., giving more direct access to the industrial control system environment. This was not wise from a security standpoint, but the priority was to keep businesses up and running, so they were ready to take that risk. Now that some organizations have decided to continue with remote work, it is imperative to verify all remote access considers the least privileged access concept. Remote access is like a bridge that bypasses all the controls implemented. Having a remote access vulnerability will help bad actors break into the network and cause catastrophic damage. Though this paper focuses on remote access risk introduced by the COVID-19 pandemic, you can apply the findings to all remote access into critical infrastructure. © Copyright 2021, Society of Petroleum Engineers
ABSTRACT
In late 2019, an epidemic of SARS-CoV-2 broke out in central China. Within a few months, this new virus had spread right across the globe, officially being classified as a pandemic on 11 March 2020. In France, which was also being affected by the virus, the government applied specific epidemiological management strategies and introduced unprecedented public health measures. This article describes the outbreak management system that was applied within the French military and, more specifically, analyzes an outbreak of COVID-19 that occurred on board a nuclear aircraft carrier. We applied the AcciMap systemic analysis approach to understand the course of events that led to the outbreak and identify the relevant human and organizational failures. Results highlight causal factors at several levels of the outbreak management system. They reveal problems with the benchmarks used for diagnosis and decision-making, and underscore the importance of good communication between different levels. We discuss ways of improving epidemiological management in military context.