August 22 Training 2 of 2
59
8/9/2019 August 22 Training 2 of 2 http://slidepdf.com/reader/full/august-22-training-2-of-2 1/59 Juran’s Quality Control Handbook , 4 th Edition (1988) 1
Transcript of August 22 Training 2 of 2
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 1/59
Juran’s Quality Control Handbook , 4th
Edition (1988) 1
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 2/59
0
10
20
30
40
50
60
70
P e r c e n t a g e
o f
t o t a l p r o j e c t c o s t
Year
CMM level 3Start of intiative
CMM level 1
TCoSQ
Prevention
Rework Appraisal
Cost of
Conformance
Rework
87 88 89 90 91 92 93 94 95 96
Software process improvement at Raytheon. T.J.Haley. IEEE SOFTWARE (November 1996).
2
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 3/59
Investments in Prevention
• Rules: Security Policy, Procedures
• Tools: Passwords, Firewalls, Encryption
• Awareness, Training, Education
3
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 4/59
Investments in Response
• Contingency Plans
• Backup Capabilities
• Emergency Drills
4
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 5/59
Verification “Are we doing the job right?”
Validation
“Are we doing the right job?”
5
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 6/59
IEEE Std 1012
IEEE Standard for SoftwareVerification and Validation
foundational component within
IEEE Software Engineering standards series
SQA
V&V
reviews, audits testing
SRS
SCM
6
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 7/59
consequence
Likeli-
hood
2 3 4 4
4
1 31 1 3
negligible catastrophic
infrequent
reasonable
7
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 8/59
RISK : “probability that some adverse
circumstance will actually occur”
RISK : “any threat to the achievement ofone or more key aims of the project”
RISK : “changes in the future that would
lead to unacceptable situations”
8
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 9/59
“Yesterday’s problems aretoday’s risks .”
“Today’s risks are
tomorrow’s problems.”
9
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 10/59
Risk Exposure can be
unacceptable
… even with low
probability of occurrence
if too great aconsequence
of occurrence10
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 11/59
Risk Management
Risk Exposure =
Likelihood of occurrence
X
Consequence of occurrence
11
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 12/59
Risk Management
Risk Avoidance
reducing probability
of occurrence
Risk Mitigation reducing consequence
of occurrence12
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 13/59
R O I = return investment
R O R I = risk exposure reductionreliability investment
13
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 14/59
Security Risk Exposure =
Probabi l i ty of occurrence~ frequency of exploitable defects (“vulnerabilities”)
X
Consequence of occurrence
14
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 15/59
Security Risk Exposure =
Probabi l i ty of occurrence
X
Consequence of occurrence
(knowledge * skill * resources * motivation)
15
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 16/59
Security Risk Exposure =
Probabi l i ty of occurrence
X
Consequence of occurrence
(knowledge * skill * resources * motivation)
16
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 17/59
Resilient Military Systems and the Advanced Cyber ThreatDefense Science Board Task Force Report: January 2013
17
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 18/59
Intent = desire + expectanceCapabilities = resources + knowledge
18
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 19/59
static
inspections
walkthroughs
audits
reviews
assessments
19
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 20/59
prototyping
simulation
unit testing
integration testing
system testing
acceptance testing
dynamic
assessments
20
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 21/59
21
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 22/59
22
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 23/59
23
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 24/59
24
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 25/59
Operational Profile: Distribution of Uses
25
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 26/59
http://en.wikipedia.org/wiki/User:Wyatts/Draft_article_C 26
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 27/59
27
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 28/59
Apply each “classic” tool to software ….
28
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 29/59
Apply checklist/sheet to software ….
29
Sami Kollanus
Experiences from using ICMM in inspection process assessmentSOFTWARE QUALITY JOURNAL Volume 17, Number 2, 177-187, DOI: 10.1007/s11219-008-9067-2
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 30/59
Apply Pareto diagram to software ….
Heimann, David. A Bipartite Empirically Oriented Metrics Process for Agile Software Development.
Software Quality Professional. Vol 9. No.2 (2007)
30
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 31/59
Apply histogram to software ….
31
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 32/59
Apply run chart to software ….
“Run Chart of Percentage of Delinquent Fixes” in Metrics and Models in Software Quality
Engineering, 2nd edition, by Stephen H. Kan (2002). Used by permission.
32
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 33/59
Apply scatter diagram to software ….
“Scatter Diagram of Program Complexity and Defect Level” in Metrics and Models in Software
Quality Engineering, 2nd edition, by Stephen H. Kan (2002). Used by permission
33
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 34/59
Apply control chart to software ….
Paulk, Mark C., Kim LaScola Needy, and Jayant Rajgopal. Identify Outliers, Understand the Process.
Software Quality Professional. Vol. 11, No.2 (2009)
34
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 35/59
Apply fishbone diagram to software ….
“Cause-and-Effect Diagram of Design Inspection” in Metrics and Models in Software
Quality Engineering, 2nd edition, by Stephen H. Kan (2002). Used by permission.
35
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 36/59
“NEW” PLANNING / MANAGEMENT TOOLS
36
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 37/59
Apply affinity diagram to software ….
37
Angélica Caro et al
A proposal for a set of attributes relevant for Web portal data quality.SOFTWARE QUALITY JOURNAL Volume 16, Number 4, 513-542, DOI: 10.1007/s11219-008-9046-7
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 38/59
Apply relations diagram to software ….
“A Diagram of Complex Relationships Associated with Customer -Critical Situations of a Software Product” in
Metrics and Models in Software Quality Engineering, 2nd edition, by Stephen H. Kan (2002). Used by permission.
38
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 39/59
Apply tree diagram to software ….
39
Jos J. M. Trienekens • Rob J. Kusters • Dennis C. Brussel
Quality specification and metrication, results from a case-study in a mission-critical software domain
Software Qual J (2010) 18:469 – 490 DOI 10.1007/s11219-010-9101-z
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 40/59
Apply matrix diagram to software ….
40
Frank Liu et al
A quantitative approach for settingtechnical targets
based on impact analysis in software
quality function
deployment (SQFD)
Software Qual J (2006) 14: 113 – 134
DOI 10.1007/s11219-006-7598-y
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 41/59
Apply matrix data analysis to software ….
41
Jos J. M. Trienekens et al
Entropy based software processes improvement
SOFTWARE QUALITY JOURNAL Volume 17, Number 3, 231-243, DOI: 10.1007/s11219-008-9063-6
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 42/59
Apply arrow diagram to software ….
42
Kuei-Chen Chiu et al
Bayesian updating of optimal release time for software systems
SOFTWARE QUALITY JOURNAL Volume 17, Number 1, 99-120, DOI: 10.1007/s11219-008-9060-9
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 43/59
Apply process decision program chart
to software ….
43
Kuei-Chen Chiu et alBayesian updating of optimal
release time for software systems
SOFTWARE QUALITY
JOURNAL Volume 17, Number 1,
99-120, DOI: 10.1007/s11219-
008-9060-9
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 44/59
44
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 45/59
reviews tests
stakeholder agreement operational profiles
verifiable requirements fault-tolerant design
45
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 46/59
Software Reliability
46
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 47/59
47
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 48/59
48
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 49/59
49
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 50/59
50
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 51/59
51
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 52/59
. . . . .
52
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 53/59
53
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 54/59
C yber S ecurity and Information Systems
Information Analysis Center
54
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 55/59
Community of Practice Practical Products
55
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 56/59
56
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 57/59
57
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 58/59
ongoing mentoring
on-the-job application
management-sponsored project
initial class session
follow-up [virtual]
sessions
58
8/9/2019 August 22 Training 2 of 2
http://slidepdf.com/reader/full/august-22-training-2-of-2 59/59
Taz Daughtrey
434 841 5444
59
