ch 7 Flashcards
acceptance
When an organization decides to accept a risk because the cost of avoiding the risk outweighs the potential loss of the risk. A decision to accept a risk can be extremely difficult and controversial when dealing with safety-critical systems because making that determination involves forming personal judgments about the value of human life, assessing potential liability in case of an accident, evaluating the potential impact on the surrounding natural environment, and estimating the system’s costs and benefits.
agile development
A software development methodology in which a system is developed in iterations lasting from one to four weeks. Unlike the waterfall system development model, agile development accepts the fact that system requirements are evolving and cannot be fully understood or defined at the start of the project.
annualized loss expectancy (ALE)
The estimated loss from a potential risk event over the course of a year. The following equation is used to calculate the annual loss expectancy: A× SLE = ALE. Where ARO is the annualized rate of occurrence, an estimate of the probability that this event will occur over the course of a year and SLE is the single loss expectancy, the estimated loss that would be incurred if the event happens.
annualized rate of occurrence (ARO)
An estimate of the probability that a risk event will occur over the course of a year.
avoidance
The elimination of a vulnerability that gives rise to a particular risk in order to avoid the risk altogether. This is the most effective solution but often not possible due to organizational requirements and factors beyond an organization’s control.
best practice
A method or technique that has consistently shown results superior to those achieved with other means and that is used as a benchmark within a particular industry.
black-box testing
A type of dynamic testing that involves viewing the software unit as a device that has expected input and output behaviors but whose internal workings are unknown (a black box).
breach of warranty
When a product fails to meet the terms of its warranty.
business information system
A set of interrelated components—including hardware, software, databases, networks, people, and procedures—that collects and processes data and disseminates the output.
Capability Maturity Model Integration (CMMI) models
Collection of best practices that help organizations improve their processes.
CMMI-Development (CMMI-DEV)
A specific application of CMMI frequently used to assess and improve software development practices.
decision support system (DSS)
A type of business information system used to improve decision making in a variety of industries.
dynamic testing
A QA process that tests the code for a completed unit of software by actually entering test data and comparing the results to the expected results.
failure mode
A description of how a product or process could fail to perform the desired functions described by the customer.
failure mode and effects analysis (FMEA)
An important technique used to develop ISO 9000-compliant quality systems by both evaluating reliability and determining the effects of system and equipment failures.