Improving IT Change Management Processes with Automated Risk Assessment

  • Juliano Araujo Wickboldt
  • Luís Armando Bianchin
  • Roben Castagna Lunardi
  • Fabrício Girardi Andreis
  • Weverton Luis da Costa Cordeiro
  • Cristiano Bonato Both
  • Lisandro Zambenedetti Granville
  • Luciano Paschoal Gaspary
  • David Trastour
  • Claudio Bartolini
Part of the Lecture Notes in Computer Science book series (LNCS, volume 5841)

Abstract

The rational management of IT infrastructures is a goal of modern organizations that aim to deliver high quality services to their customers in an affordable way. Since changes are imminent in such a dynamic environment, failures during this process may directly affect business continuity. Hence, risk assessment is a key process in IT change management. Despite its importance, risks are usually assessed by humans based on empirical knowledge, leading to inaccurate basis for decision making. In this paper, we present a solution for automating the risk assessment process, which combines historical data from previous changes and analyzes impact of changes over affected elements. A prototypical system was developed to evaluate the solution on an emulated IT infrastructure. The results achieved show how the automated solution is capable of raising the quality of changes, therefore reducing service disruption caused by changes.

References

  1. 1.
    Office of Government Commerce (OGC): ITIL - Information Technology Infrastructure Library (2008), http://www.itil-officialsite.com/
  2. 2.
    Office of Government Commerce (OGC): ITIL - Information Technology Infrastructure Library: Service Transition Version 3.0 (2007)Google Scholar
  3. 3.
    Cordeiro, W.L.C., Machado, G.S., Andreis, F.G., Santos, A.D., Both, C.B., Gaspary, L.P., Granville, L.Z., Bartolini, C., Trastour, D.: ChangeLedge: Change Design and Planning in Networked Systems based on Reuse of Knowledge and Automation. Computer Networks (2009) doi:10.1016/j.comnet.2009.07.001Google Scholar
  4. 4.
    Machado, G.S., Cordeiro, W.L.C., Daitx, F.F., Both, C.B., Gaspary, L.P., Granville, L.Z., Sahai, A., Bartolini, C., Trastour, D., Saikoski, K.: Enabling Rollback Support in IT Change Management Systems. In: 11th IEEE/IFIP Network Operations and Management Symposium (NOMS), Salvador, Brazil, pp. 347–354 (2008)Google Scholar
  5. 5.
    Sauvé, J. P.; Santos, R. A.; Almeida, R. R.; Moura, J. A. B.: On the Risk Exposure and Priority Determination of Changes in IT Service Management. In: 18th IFIP/IEEE Distributed Systems: Operations and Management (DSOM), San Jose, USA, pp. 147–158, 2007.CrossRefGoogle Scholar
  6. 6.
    Froot, K.A., Scharfstein, D.S., Stein, J.C.: Risk management: Coordinating corporate investment and financing policies. Journal of Finance, American Finance Association, 1629–1658 (1993)Google Scholar
  7. 7.
    Danaei, G., Hoorn, S.V., Lopez, A.D., Murray, C.J.L., Ezzati, M.: Causes of cancer in the world: comparative risk assessment of nine behavioural and environmental risk factors. In: The Lancet, vol. 366(9499), pp. 1784–1793. Elsevier, Amsterdam (2005)Google Scholar
  8. 8.
    Klüppelberg, C., Kostadinova, R.: Integrated insurance risk models with exponential Levy investment Insurance Mathematics and Economics, vol. 42(2), pp. 560–577. Elsevier, Amsterdam (2008)MATHGoogle Scholar
  9. 9.
    Institute of Risk Management (IRM): A Risk Management Standard, United Kingdom (2002)Google Scholar
  10. 10.
    Fewster, R., Mendes, E.: Measurement, prediction and risk analysis for Web applications. In: 7th IEEE International Software Metrics Symposium, pp. 338–348 (2001)Google Scholar
  11. 11.
    Hearty, P., Fenton, N., Marquez, D., Neil, M.: Predicting Project Velocity in XP Using a Learning Dynamic Bayesian Network Model. IEEE Transactions on Software Engineering 35(1), 124–137 (2009)CrossRefGoogle Scholar
  12. 12.
    Fenton, N.E., Neil, M.: A critique of software defect prediction models. IEEE Transactions on Software Engineering 25(5), 675–689 (1999)CrossRefGoogle Scholar
  13. 13.
    Marques, M., Neves-Silva, R.: Risk Assessment to Support Decision on Complex Manufacturing and Assembly Lines. In: 5th IEEE International Conference on Industrial Informatics, pp. 1209–1214 (2007)Google Scholar
  14. 14.
    Oppenheimer, D., Ganapathi, A., Patterson, D.A.: Why do Internet services fail, and what can be done about it? In: 4th USENIX Symposium on Internet Technologies and Systems (USITS), Seattle, USA (2003)Google Scholar
  15. 15.
    Wickboldt, J.A., Machado, G.S., Cordeiro, W.L.C., Lunardi, R.C., Santos, A.D., Andreis, F.G., Both, C.B., Granville, L.Z., Gaspary, L.P., Bartolini, C., Trastour, D.: A Solution to Support Risk Analysis on IT Change Management. In: 11th IFIP/IEEE International Symposium on Integrated Network Management (IM), New York, NY (to appear, 2009)Google Scholar
  16. 16.
    Distributed Management Task Force (DMTF): CIM - Common Information Model (2009), http://www.dmtf.org/standards/cim
  17. 17.
    Workflow Management Coalition (WfMC): Workflow Process Definition Interface - XML Process Definition Language (2009), http://www.wfmc.org/xpdl.html
  18. 18.
    Active Endpoints: ActiveBPEL Open Source Engine (2008), http://www.activebpel.org

Copyright information

© IFIP International Federation for Information Processing 2009

Authors and Affiliations

  • Juliano Araujo Wickboldt
    • 1
  • Luís Armando Bianchin
    • 1
  • Roben Castagna Lunardi
    • 1
  • Fabrício Girardi Andreis
    • 1
  • Weverton Luis da Costa Cordeiro
    • 1
  • Cristiano Bonato Both
    • 1
  • Lisandro Zambenedetti Granville
    • 1
  • Luciano Paschoal Gaspary
    • 1
  • David Trastour
    • 2
  • Claudio Bartolini
    • 3
  1. 1.Federal University of Rio Grande do SulPorto AlegreBrazil
  2. 2.Hewlett Packard LaboratoriesBristolUK
  3. 3.Hewlett Packard LaboratoriesPalo AltoUSA

Personalised recommendations