<![CDATA[CV.XYZ is a small size company that works on software engineering.The worker in this company is not many, between 5 – 8 people only. The problem in this company is there are no identification of risks that can happen. The examples of the problems are the clients suddenly request some features for their software, no milestone on the project, no data about clients’ system and no monitoring on the ongoing projects. These things can hold back the company’s performance. Thus, risk analysis is needed for analyzing risk faktors that can disturb software development.In this thesis, identification on how the company works is performed, analysing for any existing risk and response for those risks. The risk assessment process is done based on NIST 800-30 that explains about ten steps of risk assessment, determining risks based on ISO 29110 about how to create software on a company that works in software engineering with less than 25 workers in it, and OWASP Risk Rating Methodology about determining the value of every risk based on certain criterias. OWASP is used as guidelines for determining weight of each risks that has been found using ISO 29110. Based on analysis, those methods used are useful for searching and responding existing risks. Result shows 1 high risk, 2 medium risks and 19 low risks. For high risk there is no risk identification on the company that makes the company does not know what risk can impact them. The response is avoid by doing risk identification.]]>
Copyrights © 2015
