Kuppusamy Venkatasubramanian wrote:
Does the top 3 risks listed should come from assumption or it can be any unforeseen circumstances?
I don't think that there is any relationship between the assumptions and risks. Assumptions will provide the context in which your architecture was created. It is quite possible that there might be some overlap between the assumptions and the risks. However, we need to ensure that assumptions are reasonable and risks are real.
Kuppusamy Venkatasubramanian wrote:
For example, in the assumption section i have specified that the security of the message to an outgoing web service is handled properly.
In my opinion, this cannot be an assumption. You will have to architect a solution that handles the security of the outgoing message appropriately unless it is outside the SuD.
Kuppusamy Venkatasubramanian wrote:
In this case, i can specify in the risk like if security is not handled properly, what will be impact to the system like invalid data is entered into the system.
This cannot be a risk since this is a known issue that can be handled appropriately in the architecture with data validation. A risk would be something like a tornado hitting your data center causing power disruption and resulting in your production systems going down thereby causing significant loss of revenue and customer satisfaction issues.
As always just my thoughts though....
SCEA 5, SCJD,SCWCD,SCJP,PMP,IBM-SOA Solution designer,IBM-XML