Portal de Periódicos da CAPES

Mogrit: Towards a IT risks management model for MSME

2014; Universidad Icesi; Volume: 12; Issue: 30 Linguagem: Inglês

10.18046/syt.v12i30.1860

1692-5238

Gonzalo Andrés Vanegas Devia, César Pardo,

Software Engineering Research

Nowadays, software development projects can fail for multiple factors. In this sense, both project management that establishes the way forward as analysis of the risks, which may face a software development project, is becoming increasingly necessary. This paper presents the harmonization of IT Risk models such as: CRAMM, COBIT, EBIOS, ITIL V3 MAGERIT, OCTAVE, RISK IT and some models to support the IT Risk such as: ISO/IEC 27000, ISO/IEC 27005, ISO/IEC 31010, AS/NZS ISO 31000, BS 7799-3:2006, and UNE 71504:2008. It also presents a comparative analysis of high and low level, which allows knowing the most common, and representative of each model. Likewise, with the results obtained, are established the benefits and the manner in which the models compared can be harmonized to carry out their implementation of a harmonized wayand thus to support management processes within development activities of an organization. This work provides a clearer view of the differences, similarities and possible integrations between IT Risk models and standards for Small and medium enterprises of software development.