--- id: wiki-2026-0508-risk-management title: Risk Management category: 10_Wiki/Topics status: verified canonical_id: self aliases: [Project Risk Management, Software Risk Management] duplicate_of: none source_trust_level: A confidence_score: 0.88 verification_status: applied tags: [project-management, sdlc, governance, security] raw_sources: [] last_reinforced: 2026-05-10 github_commit: pending tech_stack: language: none framework: PMI/ISO 31000 --- # Risk Management ## 매 한 줄 > **"매 uncertain event 를 매 identify → assess → respond → monitor 의 cycle 로 관리"**. ISO 31000 (2018) + PMBOK 7e (2021) + NIST RMF (SP 800-37r2) 의 공통 골격. 매 software 맥락에서는 매 schedule risk, technical debt, supply-chain (CVE), AI hallucination, model drift 까지 포괄. 매 2026 추가 트렌드: LLM agent autonomy risk, prompt injection, SBOM 의무화 (US EO 14028). ## 매 핵심 ### 매 4-step cycle 1. **Identify**: brainstorming, checklist, threat modeling (STRIDE, LINDDUN), pre-mortem. 2. **Assess**: probability × impact = risk score. Qualitative (matrix) 또는 quantitative (Monte Carlo, EMV). 3. **Respond**: avoid / transfer / mitigate / accept (PMBOK). 4. **Monitor**: risk register, KRI dashboard, retro. ### 매 software-specific 영역 - **Schedule/budget**: estimation bias, scope creep, dependency. - **Technical debt**: SonarQube, CodeScene 의 quantification. - **Security**: CVE, supply-chain (Log4Shell, xz-utils 2024), SBOM (SPDX/CycloneDX). - **AI**: hallucination, prompt injection, training-data leak, model drift, agent autonomy. - **Operational**: SLO breach, incident, on-call burnout. ### 매 응용 1. Pre-mortem (Klein): "프로젝트 실패했다고 가정하고 원인 작성". 2. Risk-adjusted backlog: high-risk story 를 sprint 1 에 배치. 3. Chaos engineering: 매 failure 를 사전 주입해 hypothesis 검증. 4. Agent guardrail: tool-call allowlist, human-in-the-loop checkpoint. ## 💻 패턴 ### Risk register (YAML) ```yaml - id: R-001 title: PostgreSQL 17 upgrade fails on JSONB index category: technical probability: 0.3 # 0..1 impact: 4 # 1..5 score: 1.2 # P × I owner: data-platform response: mitigate mitigation: - run upgrade on staging mirror - keep pg17→pg16 logical replication for 2 weeks trigger: production migration window status: open review_date: 2026-06-01 ``` ### Probability × Impact matrix ```typescript type Level = 1 | 2 | 3 | 4 | 5; type Risk = { p: Level; i: Level }; const score = (r: Risk) => r.p * r.i; const tier = (s: number) => s >= 16 ? 'critical' : s >= 9 ? 'high' : s >= 4 ? 'medium' : 'low'; console.log(tier(score({ p: 4, i: 5 }))); // critical ``` ### Monte Carlo schedule risk (Python) ```python import numpy as np # task durations: triangular(min, mode, max) days tasks = [(2, 3, 7), (5, 8, 14), (1, 2, 4), (3, 5, 10)] N = 100_000 samples = np.array([ [np.random.triangular(*t) for t in tasks] for _ in range(N) ]) totals = samples.sum(axis=1) print(f"P50={np.percentile(totals,50):.1f}d, P90={np.percentile(totals,90):.1f}d") ``` ### Threat modeling — STRIDE checklist ```text S Spoofing — auth, mTLS, signed JWT T Tampering — integrity hash, append-only log R Repudiation — audit log + WORM storage I Info disclosure— TLS, encryption-at-rest, PII redaction D Denial — rate limit, autoscale, circuit breaker E Elev privilege — least-priv IAM, RBAC, no sudo prod ``` ### LLM agent risk gate (Claude Opus 4.7) ```typescript import Anthropic from '@anthropic-ai/sdk'; const TOOL_ALLOWLIST = new Set(['read_file', 'list_dir', 'web_fetch']); const HIGH_RISK = new Set(['delete_file', 'execute_shell', 'send_email']); async function gate(toolName: string, args: unknown) { if (HIGH_RISK.has(toolName)) { const ok = await humanApproval({ tool: toolName, args }); if (!ok) throw new Error(`tool ${toolName} rejected by human gate`); } if (!TOOL_ALLOWLIST.has(toolName) && !HIGH_RISK.has(toolName)) { throw new Error(`tool ${toolName} not in allowlist`); } } ``` ### SBOM generation (Syft) ```bash # 매 CI step — SPDX SBOM 생성 + CVE scan syft packages dir:. -o spdx-json > sbom.spdx.json grype sbom:sbom.spdx.json --fail-on high ``` ### Chaos experiment (Litmus / k8s) ```yaml apiVersion: litmuschaos.io/v1alpha1 kind: ChaosEngine metadata: { name: pod-kill } spec: appinfo: { applabel: 'app=checkout' } chaosServiceAccount: litmus experiments: - name: pod-delete spec: components: env: - { name: TOTAL_CHAOS_DURATION, value: '60' } - { name: CHAOS_INTERVAL, value: '10' } ``` ## 매 결정 기준 | 상황 | Approach | |---|---| | Startup, light process | Risk register (markdown/YAML) + weekly review | | Regulated (SOC2/ISO27001) | NIST RMF + control mapping | | Schedule heavy | Monte Carlo + critical path | | Security-sensitive | Threat model (STRIDE) per feature | | LLM agent system | Tool allowlist + human gate + audit log | | Live ops | KRI dashboard + chaos engineering | **기본값**: 매 risk register + weekly triage + threat model per epic. ## 🔗 Graph - 부모: [[Project Management]] · [[SDLC]] · [[Governance]] - 변형: [[Threat Modeling]] · [[Chaos Engineering]] · [[FMEA]] - 응용: [[SBOM]] - Adjacent: [[SARA (Software Architecture Review and Assessment)]] · [[Resource-Management]] ## 🤖 LLM 활용 **언제**: 매 risk register 초안, 매 STRIDE checklist 생성, 매 incident retro 의 root cause 분류. **언제 X**: 매 quantitative 신뢰 — LLM 의 probability 추정은 calibrated 아님. 실측 또는 expert estimate 우선. ## ❌ 안티패턴 - **Risk register as graveyard**: 매 등록 후 매 review 없음. - **Probability theater**: 매 0.37 같은 false-precision — qualitative 5-tier 충분. - **Mitigation without trigger**: 매 언제 발동인지 불명. - **Hero culture**: 매 risk 무시하고 매 incident 시 영웅적 fix — burnout. - **Agent without allowlist**: 매 prompt injection → arbitrary tool call. - **Single-vendor lock**: 매 supply-chain risk 미평가. ## 🧪 검증 / 중복 - Verified: ISO 31000:2018, PMBOK 7e (2021), NIST SP 800-37r2 RMF, OWASP Threat Modeling. - 신뢰도 A. ## 🕓 Changelog | 날짜 | 변경 | |---|---| | 2026-05-08 | Phase 1 | | 2026-05-10 | Manual cleanup — full RM cycle + STRIDE + LLM agent gate |