This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Architect Certification (SCEA/OCMJEA) and the fly likes Question on part 2 - Risks Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Certification » Architect Certification (SCEA/OCMJEA)
Bookmark "Question on part 2 - Risks" Watch "Question on part 2 - Risks" New topic
Author

Question on part 2 - Risks

Krishna Jonnalagadda
Ranch Hand

Joined: Feb 09, 2010
Posts: 43
Hi,

I have a question on risk list for part 2.

I've identified some risks and have mitigation plans too.
Do i need to specify how my design is mitigating these risks ? or is it enough to give the mitigation plan ?

Eg. I've identified some security risks, can i just put in my assumptions that these will be taken care of ? as my use case doesnt talk about these.

Thanks
Krishna Jonnalagadda
Ranch Hand

Joined: Feb 09, 2010
Posts: 43
Can any one please post some experiences on this ..?
Rishi Shehrawat
Ranch Hand

Joined: Aug 11, 2010
Posts: 218

You need to detail out the mitigations for the identified risks. The mitigations should be part of the solution proposed by you. Putting assumptions might not be sufficent.
I feel that all three risks should not be related to security. You could have a single risk related to security which covers different type of security risks & the proposed the mitigations.
Gaurav Tripathi
Ranch Hand

Joined: Aug 25, 2010
Posts: 94
Your risks should cover functional as well as non-functional part. Its better if you could add mitigation of it.


- Gaurav (http://visitgaurav.blogspot.com and http://in.linkedin.com/in/gauravtripathi)
Krishna Jonnalagadda
Ranch Hand

Joined: Feb 09, 2010
Posts: 43
Should we add mitigation in words/sentences across each risk or show it in design (in class and sequence diagrams) ?

I saw in this forum that many people have put items as out of scope or put them in assumptions that are good to have and just concentrate on the given usecases.
For many security ristks we have to introduce many design patterns which will increase the scope ...and ofcourse takes more time/effort. ..

For non functional part , (to improve performance, xxxlities etc ..) i guess we could cover that in the design and atleast mention how the design will cover achieve them ..

Any comments ?? Any one who have passed part 2 and 3 ...please respond ??

Thanks


Vijaykumar Dixit
Ranch Hand

Joined: Jul 04, 2011
Posts: 32

I have a question as well.

Suppose the SuD depends on a single external payment gateway provider, is it not a risk that we don't yet know its availability and reliability and that we should have a standby/alternative provider to minimize the risk. But this risk mitigation will not be part of technical design.

So I guess for non-technical risks, mitigation may be non-technical as well. However in here design should be capable of configurable providers.
Will Myers
Ranch Hand

Joined: Aug 05, 2009
Posts: 319

Suppose the SuD depends on a single external payment gateway provider, is it not a risk that we don't yet know its availability and reliability and that we should have a standby/alternative provider to minimize the risk. But this risk mitigation will not be part of technical design.

So I guess for non-technical risks, mitigation may be non-technical as well. However in here design should be capable of configurable providers.


It clearly states in chapter 9 of the Cade and Sheil book that you should concentrate on the greatest risks. I would argue that because there is no information on this external provider you should assume it is production quality and concentrate on the more obvious risks such as security, scalability, reliablity, maitainability, etc as these are more likely to be issues.
Siddhartha G Baruah
Greenhorn

Joined: Jun 07, 2011
Posts: 13
Should we add mitigation in words/sentences across each risk or show it in design (in class and sequence diagrams) ?


I have the same question. Anyone?

@ Krishna, what have you decided?

Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Question on part 2 - Risks
 
Similar Threads
SCEA - finally
Risk & Mitigation list - SCEA 5 assignment
Part II Assignment modification
Question about Assumption and technical risks.
Top 3 technical risk and mitigation - Meaning?