Risk management in software development in the field of information protection

In the context of increasing digitalization of sea and river transport, the immersion of the entire transport infrastructure in the digital environment, the volume of information flows serving the transport process is increasing, and the requirements for information protection are increasing in conditions of an aggressive external information environment. In the digital environment, a software product must not only serve the document flow of transport chains, but also ensure its confidentiality. Automation of transport facilities (ships, platforms, berths, warehouses) management increases their potential vulnerability from unauthorized access to control systems; the latter must be taken into account in servicing programs, increasing their size (for example, there is a need to fragment coherent information blocks and their alternative routing). This, in turn, increases the risk of errors in the software products themselves and significantly complicates their structure. Risks of failures (including confidentiality violations) during the software operation that implements information exchange can entail significant material and reputational losses for the developer. If the developer is legally and functionally involved in the industry, such losses can and should be considered among the general range of risks in water transport. An important aspect of risk management, which until recently was practically not considered in a quantitative aspect within the framework of mathematical models, is the joint consideration of losses when a risk situation occurs and the developer’s costs associated with reducing the likelihood of such occurrences; the latter may entail a reduction in the total expected losses, formalized as the corresponding mathematical expectation. As a result, risk management can be formulated in terms of mathematical programming problems with different (discrete or continuous) sets of constraints and with different properties of objective functions.

1. DeMarco, Tom, and Timothy Lister. Waltzing With Bears: Managing Risk on Software Projects. Dorset House, 2003.

2. Karetnikov, V. V., K. I. Efimov, and A. A. Sikarev. “To the question of risk assessment on domestic water transport of the Russian Federation.” Vestnik of Astrakhan State Technical University. Series: Marine engineering and technologies 2 (2017): 22–27. DOI: 10.24143/2073-1574-2017-2-22-27.

3. Nyrkov, Anatoliy P., Yuri F. Katorin, Vagiz D. Gaskarov, Yana V. Kosyak, and Aleksandr V. Sauchev. “Aggregation process for implementation of application security management based on risk assessment.” 2018 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). IEEE, 2018. 98–101. DOI: 10.1109/EIConRus.2018.8317039.

4. Kholin, A.I. “Main risks associated with software development.” Nauchnyi lider 18(116) (2023): 43–44.

5. Tikhonov, A.G., and T. N. Subbotina. “Risk management in software development.” Economy and Business 5–3(87) (2022): 122–125. DOI: 10.24412/2411-0450-2022-5-3-122-125.

6. Makarov, D.A., M. Y. Rozenberg, and A. B. Shilnikov. “Risks in software development process.” Bulletin of the South Ural State University, Series “Mathematical Modelling, Programming & Computer Software” 37(170) (2009): 85–92.

7. Voloshin, I.P. “Risk factors in the development of software.” Informatsionnaya bezopasnost’ regionov 3(24) (2016): 15–19.

8. Karetnikov, Vladimir V., Sergey V. Kozik, and Artem A. Butsanets. “Risks assessment of applying unmanned means of water transport in the water area.” Vestnik Gosudarstvennogo universiteta morskogo i rechnogo flota imeni admirala S. O. Makarova 11.6 (2019): 987–1002. DOI: 10.21821/2309-5180-2019-11-6-987-1002.

9. Nyrkov, A. P., S. S. Sokolov, A. A. Zhilenkov, and S. G. Chernyi. “Programmno-apparatnaya realizatsiya sistemy preduprezhdeniya avariinoi situatsii dlya ob”ektov morskogo transporta.” Avtomatizatsiya v promyshlennosti 2 (2016): 56–60.

10. Mamunts, D., S. Sokolov, A. Nyrkov, S. Chernyi, M. Bukhurmetov, and V. Kuznetsov. “Models and algorithms for estimation and minimization of the risks associated with dredging.” Transport and Telecommunication 18.2 (2017): 139–145. DOI: 10.1515/ttj‑2017-0013.

11. Nyrkov, A. P., and A. A. Nyrkov. “Modeli, algoritmy i programmnoe obespechenie minimizatsii riskov mul’timodal’nykh perevozok.” Vestnik gosudarstvennogo universiteta morskogo i rechnogo flota imeni admirala S. O. Makarova 1(20) (2013): 67–73.

12. Nyrkov, Anatoliy P., A. A. Zhilenkov, S. S. Sokolov, and S. G. Chernyi. “Hard-and software implementation of emergency prevention system for maritime transport.” Automation and Remote Control 79 (2018): 195–202. DOI: 10.1134/S0005117918010174.

13. Vikhrov, N. M., A. P. Nyrkov, Yu. F. Katorin, A. A. Shnurenko, A. V. Bashmakov, S. S. Sokolov, and R. A. Nurdinov. “Analiz informatsionnykh riskov.” Morskoi vestnik 3(55) (2015): 81–85.

14. Veselkov, Viacheslav, Nikolai Vikhrov, Anatolii Nyrkov, Sergei Chernyi, and Ivan Titov. “Development of methods to identify risks to build up the automated diagnosis systems.” 2017 IEEE Conference of Russian Young Researchers in Electrical and Electronic Engineering (EIConRus). IEEE, 2017. 598–601. DOI: 10.1109/EIConRus.2017.7910625.

15. Nyrkov, A. P. “Analiz i otsenka riskov na vodnom transporte.” Regional’naya informatika “RI‑2014”. Materialy XIV Sankt-Peterburgskoi mezhdunarodnoi konferentsii. SPb.: Sankt-peterburgskoe obshchestvo informatiki, svyazi i upravleniya, 2014. 278–279.

16. Zak, Yu. A. Prinyatie reshenii v usloviyakh nechetkikh i razmytykh dannykh: Fuzzy-tekhnologii. M.: «LIBROKOM», 2013.

17. Function Point Counting Practices Manual. Release 4.2. IFPUG, 2004.