您的风险管理策略是什么?

时间:2021-09-04 05:05:54

We're a small web development business and we eventually want to release web applications as well. Right now, we're doing some risk assessment and would like to know what other companies do for security and risk management. What are your risk management strategies and practices, technical and otherwise?

我们是一个小型的Web开发企业,我们最终也希望发布Web应用程序。现在,我们正在进行一些风险评估,并想知道其他公司在安全和风险管理方面做了些什么。您的风险管理策略和实践有哪些,技术和其他方面?

Here's what I have so far (and I'll keep a running list):

这是我到目前为止(我将保持运行列表):

Technical

  • Source control
  • Unit testing
  • Consistent coding standards
  • 一致的编码标准

  • Backups at different physical locations
  • 备份在不同的物理位置

  • Bug tracking
  • QA testing
  • Security audits

Other

  • Explicitly detailed contracts
  • 明确详细的合同

  • Business insurance
  • Evidence based scheduling
  • 基于证据的调度

  • Weekly deliverables and customer sign-offs
  • 每周可交付成果和客户签收

  • Audit trails for accountability
  • 审计跟踪问责制

6 个解决方案

#1


On a more abstract level:

在更抽象的层面上:

Keep a risk-list with all possible risks you can think of, be they big or small, probable or improbable. Update or at least recheck this list every few weeks. This may be as tangible as "hard disk failure on main server" or as intangible as "competitor launches his product first".

保留风险列表,列出您可以想到的所有可能的风险,无论大小,可能或不可能。每隔几周更新或至少重新检查此列表。这可能与“主服务器上的硬盘故障”或“竞争对手首先推出其产品”一样无形。

Then, for each risk, evaluate the impact and probability on some scale (this can be quite arbitrary). The real risk will be somewhat proportional to the product of both. I.E., a high potential cost with very low probability is not as bad as medium cost with high probability. These numbers are just there to help you sort the risk, don't take them to seriously.

然后,对于每种风险,在某种程度上评估影响和概率(这可能是非常随意的)。真正的风险将与两者的产品成比例。 I.E.,具有极低概率的高潜在成本并不像中等成本那样具有高概率。这些数字只是帮助您分类风险,不要认真对待它们。

Next, for each risk think about mitigating measures you can take, be they countermeasures, insurance, whatever. Again, figure the cost of those (not onle the monetary cost!).

接下来,对于每种风险,考虑一下你可以采取的缓解措施,无论是对策,保险等等。再次,计算那些成本(而不是货币成本!)。

Only now you can really decide what (and if at all) to do about each risk. Just accepting the risk may be an acceptable solution at this point, but not earlier.

只有现在你才能真正决定每个风险的内容(如果有的话)。在这一点上接受风险可能是一个可接受的解决方案,但不是更早。

You might want to read Waltzing with Bears: Managing Risk on Software Projects by Tom DeMarco, Timothy Lister. Well woth the time.

您可能希望阅读Waltzing with Bears:Tom DeMarco管理风险项目,Timothy Lister。好的时间。

#2


Step 0 - identify and implement POC project for all high-risk technical issues.

第0步 - 为所有高风险技术问题确定并实施POC项目。

Weekly deliverables with customer acceptance (even if it's just a faux customer).

客户接受的每周可交付成果(即使它只是一个虚假的客户)。

#3


  • A good project management plan (i.e.: SOW, requirements gathering, "as-is" model, "to-be" model, etc.)
  • 一个好的项目管理计划(即:SOW,需求收集,“原样”模型,“将来”模型等)

  • While backups are a great risk management step, what many people/companies fail to take into consideration is their process for backing up. I've seen too many instances where the process for backing up (inserting tapes, scheduling, removing tapes, moving tapes offsite, etc.) was too easy to break.
  • 虽然备份是一个很好的风险管理步骤,但许多人/公司未能考虑的是他们的备份流程。我已经看到太多的实例,其中备份(插入磁带,安排,删除磁带,移动磁带异地等)的过程太容易破坏。

#4


You included one item about infrastructure.

您包含了一个有关基础架构的项

  • Backups at different physical locations
  • 备份在不同的物理位置

I recommend expanding this to include data protection.

我建议扩展它以包括数据保护。

  • Hardware that guards against power loss (battery or mechanical power)
  • 防止断电的硬件(电池或机械电源)

  • Hardware and software that supports ready access to your code and builds
  • 支持随时访问代码和构建的硬件和软件

Crashing and losing your data breaks coding flow and restoration from backup takes much longer than never losing it in the first place.

崩溃和丢失数据会中断编码流并从备份中恢复所需的时间比从不丢失它的时间长得多。

#5


Even with a small company, I feel like 'ownership' and 'answerability' are key. If you are going to have a lot of community projects, then who is answerable if it goes bad? Obviously, this is something which should evolve with the company, and being too strict about hierarchy leads to stifled teams. But it's something to think about the kind of team-dynamics you'll want to create and foster at your company.

即使是一家小公司,我觉得'所有权'和'可回答性'是关键。如果你想要有很多社区项目,那么如果它变坏了谁又应该负责?显然,这是应该与公司一起发展的事情,而对等级制度过于严格会导致被扼杀的团队。但是要考虑一下你想要在公司创造和培养的团队动力。

#6


What you named and listed are more like mitigations or methods to mitigate or avoid risks for some or most relevant risks. The risks themselves should be assessed and weighted first to be able to understand where you should focus your efforts and what amount of efforts practicle and affordable to achieve the quiality you wish. As part of classical full scale or even agile Risk Assesment and Risk Management you would normally start with identifying hazards based on what your product intended usage define. For example if you build a To-Do application you shouldn't normally consider assess, measure and mitigate risks if someone would put her private medical information records in it cause your To-Do application intended use and idea dont suppose such usage. It would be costly and inefficient to propose security methods for such application in this case. One of tools to work with hazards and risk analisys is so called FTA - Failure Tree Analysys where you define hazards and risks and break down them to possible sources so there you will come close to your particular risk sources and mitigations for example risk to loose track of code history and not be able to revert or analyze historical changes due to no relevant source control in place. But we dont normally need to analyze source code control as it is a known best practice and de facto industry standards. But still there are some moments about even such best practices to analyse - for example - source control in cloud or on-premise. So I suggest you could consider my answer as a start point and if this path is intresting and can help and develop answer more - so please ask or comment then.

您所命名和列出的内容更像是缓解或避免某些或最相关风险的缓解措施或方法。应首先对风险本身进行评估和加权,以便能够了解您应该集中精力的地方以及为实现您希望的质量而付出的实际努力量。作为经典的全面甚至敏捷风险评估和风险管理的一部分,您通常会根据产品的预期用途定义来识别危险。例如,如果您构建待办事项应用程序,则通常不应考虑评估,测量和降低风险,如果有人将其私人医疗信息记录放入其中导致您的待办事项应用程序的预期用途和想法不要假设这样的用法。在这种情况下,为这种应用提出安全方法将是昂贵且低效的。处理危险和风险分析的工具之一是所谓的FTA - 故障树分析,您可以在其中定义危险和风险并将其分解为可能的来源,以便您接近特定的风险来源和缓解措施,例如风险松散的轨道由于没有相关的源控制,代码历史记录无法恢复或分析历史更改。但我们通常不需要分析源代码控制,因为它是已知的最佳实践和事实上的行业标准。但是仍有一些时刻甚至可以分析这些最佳实践 - 例如 - 云或内部部署中的源代码控制。因此,我建议您可以将我的答案视为一个起点,如果这条路是有意义的,可以帮助并制定更多答案 - 那么请先询问或评论。

#1


On a more abstract level:

在更抽象的层面上:

Keep a risk-list with all possible risks you can think of, be they big or small, probable or improbable. Update or at least recheck this list every few weeks. This may be as tangible as "hard disk failure on main server" or as intangible as "competitor launches his product first".

保留风险列表,列出您可以想到的所有可能的风险,无论大小,可能或不可能。每隔几周更新或至少重新检查此列表。这可能与“主服务器上的硬盘故障”或“竞争对手首先推出其产品”一样无形。

Then, for each risk, evaluate the impact and probability on some scale (this can be quite arbitrary). The real risk will be somewhat proportional to the product of both. I.E., a high potential cost with very low probability is not as bad as medium cost with high probability. These numbers are just there to help you sort the risk, don't take them to seriously.

然后,对于每种风险,在某种程度上评估影响和概率(这可能是非常随意的)。真正的风险将与两者的产品成比例。 I.E.,具有极低概率的高潜在成本并不像中等成本那样具有高概率。这些数字只是帮助您分类风险,不要认真对待它们。

Next, for each risk think about mitigating measures you can take, be they countermeasures, insurance, whatever. Again, figure the cost of those (not onle the monetary cost!).

接下来,对于每种风险,考虑一下你可以采取的缓解措施,无论是对策,保险等等。再次,计算那些成本(而不是货币成本!)。

Only now you can really decide what (and if at all) to do about each risk. Just accepting the risk may be an acceptable solution at this point, but not earlier.

只有现在你才能真正决定每个风险的内容(如果有的话)。在这一点上接受风险可能是一个可接受的解决方案,但不是更早。

You might want to read Waltzing with Bears: Managing Risk on Software Projects by Tom DeMarco, Timothy Lister. Well woth the time.

您可能希望阅读Waltzing with Bears:Tom DeMarco管理风险项目,Timothy Lister。好的时间。

#2


Step 0 - identify and implement POC project for all high-risk technical issues.

第0步 - 为所有高风险技术问题确定并实施POC项目。

Weekly deliverables with customer acceptance (even if it's just a faux customer).

客户接受的每周可交付成果(即使它只是一个虚假的客户)。

#3


  • A good project management plan (i.e.: SOW, requirements gathering, "as-is" model, "to-be" model, etc.)
  • 一个好的项目管理计划(即:SOW,需求收集,“原样”模型,“将来”模型等)

  • While backups are a great risk management step, what many people/companies fail to take into consideration is their process for backing up. I've seen too many instances where the process for backing up (inserting tapes, scheduling, removing tapes, moving tapes offsite, etc.) was too easy to break.
  • 虽然备份是一个很好的风险管理步骤,但许多人/公司未能考虑的是他们的备份流程。我已经看到太多的实例,其中备份(插入磁带,安排,删除磁带,移动磁带异地等)的过程太容易破坏。

#4


You included one item about infrastructure.

您包含了一个有关基础架构的项

  • Backups at different physical locations
  • 备份在不同的物理位置

I recommend expanding this to include data protection.

我建议扩展它以包括数据保护。

  • Hardware that guards against power loss (battery or mechanical power)
  • 防止断电的硬件(电池或机械电源)

  • Hardware and software that supports ready access to your code and builds
  • 支持随时访问代码和构建的硬件和软件

Crashing and losing your data breaks coding flow and restoration from backup takes much longer than never losing it in the first place.

崩溃和丢失数据会中断编码流并从备份中恢复所需的时间比从不丢失它的时间长得多。

#5


Even with a small company, I feel like 'ownership' and 'answerability' are key. If you are going to have a lot of community projects, then who is answerable if it goes bad? Obviously, this is something which should evolve with the company, and being too strict about hierarchy leads to stifled teams. But it's something to think about the kind of team-dynamics you'll want to create and foster at your company.

即使是一家小公司,我觉得'所有权'和'可回答性'是关键。如果你想要有很多社区项目,那么如果它变坏了谁又应该负责?显然,这是应该与公司一起发展的事情,而对等级制度过于严格会导致被扼杀的团队。但是要考虑一下你想要在公司创造和培养的团队动力。

#6


What you named and listed are more like mitigations or methods to mitigate or avoid risks for some or most relevant risks. The risks themselves should be assessed and weighted first to be able to understand where you should focus your efforts and what amount of efforts practicle and affordable to achieve the quiality you wish. As part of classical full scale or even agile Risk Assesment and Risk Management you would normally start with identifying hazards based on what your product intended usage define. For example if you build a To-Do application you shouldn't normally consider assess, measure and mitigate risks if someone would put her private medical information records in it cause your To-Do application intended use and idea dont suppose such usage. It would be costly and inefficient to propose security methods for such application in this case. One of tools to work with hazards and risk analisys is so called FTA - Failure Tree Analysys where you define hazards and risks and break down them to possible sources so there you will come close to your particular risk sources and mitigations for example risk to loose track of code history and not be able to revert or analyze historical changes due to no relevant source control in place. But we dont normally need to analyze source code control as it is a known best practice and de facto industry standards. But still there are some moments about even such best practices to analyse - for example - source control in cloud or on-premise. So I suggest you could consider my answer as a start point and if this path is intresting and can help and develop answer more - so please ask or comment then.

您所命名和列出的内容更像是缓解或避免某些或最相关风险的缓解措施或方法。应首先对风险本身进行评估和加权,以便能够了解您应该集中精力的地方以及为实现您希望的质量而付出的实际努力量。作为经典的全面甚至敏捷风险评估和风险管理的一部分,您通常会根据产品的预期用途定义来识别危险。例如,如果您构建待办事项应用程序,则通常不应考虑评估,测量和降低风险,如果有人将其私人医疗信息记录放入其中导致您的待办事项应用程序的预期用途和想法不要假设这样的用法。在这种情况下,为这种应用提出安全方法将是昂贵且低效的。处理危险和风险分析的工具之一是所谓的FTA - 故障树分析,您可以在其中定义危险和风险并将其分解为可能的来源,以便您接近特定的风险来源和缓解措施,例如风险松散的轨道由于没有相关的源控制,代码历史记录无法恢复或分析历史更改。但我们通常不需要分析源代码控制,因为它是已知的最佳实践和事实上的行业标准。但是仍有一些时刻甚至可以分析这些最佳实践 - 例如 - 云或内部部署中的源代码控制。因此,我建议您可以将我的答案视为一个起点,如果这条路是有意义的,可以帮助并制定更多答案 - 那么请先询问或评论。