2nd/10_Wiki/Topics/Architecture/Risk_Management.md

---
id: wiki-2026-0508-risk-management
title: Risk Management
category: 10_Wiki/Topics
status: verified
canonical_id: self
aliases: [Project Risk Management, Software Risk Management]
duplicate_of: none
source_trust_level: A
confidence_score: 0.88
verification_status: applied
tags: [project-management, sdlc, governance, security]
raw_sources: []
last_reinforced: 2026-05-10
github_commit: pending
tech_stack:
  language: none
  framework: PMI/ISO 31000
---

# Risk Management

## 매 한 줄
> **"매 uncertain event 를 매 identify → assess → respond → monitor 의 cycle 로 관리"**. ISO 31000 (2018) + PMBOK 7e (2021) + NIST RMF (SP 800-37r2) 의 공통 골격. 매 software 맥락에서는 매 schedule risk, technical debt, supply-chain (CVE), AI hallucination, model drift 까지 포괄. 매 2026 추가 트렌드: LLM agent autonomy risk, prompt injection, SBOM 의무화 (US EO 14028).

## 매 핵심

### 매 4-step cycle
1. **Identify**: brainstorming, checklist, threat modeling (STRIDE, LINDDUN), pre-mortem.
2. **Assess**: probability × impact = risk score. Qualitative (matrix) 또는 quantitative (Monte Carlo, EMV).
3. **Respond**: avoid / transfer / mitigate / accept (PMBOK).
4. **Monitor**: risk register, KRI dashboard, retro.

### 매 software-specific 영역
- **Schedule/budget**: estimation bias, scope creep, dependency.
- **Technical debt**: SonarQube, CodeScene 의 quantification.
- **Security**: CVE, supply-chain (Log4Shell, xz-utils 2024), SBOM (SPDX/CycloneDX).
- **AI**: hallucination, prompt injection, training-data leak, model drift, agent autonomy.
- **Operational**: SLO breach, incident, on-call burnout.

### 매 응용
1. Pre-mortem (Klein): "프로젝트 실패했다고 가정하고 원인 작성".
2. Risk-adjusted backlog: high-risk story 를 sprint 1 에 배치.
3. Chaos engineering: 매 failure 를 사전 주입해 hypothesis 검증.
4. Agent guardrail: tool-call allowlist, human-in-the-loop checkpoint.

## 💻 패턴

### Risk register (YAML)
```yaml
- id: R-001
  title: PostgreSQL 17 upgrade fails on JSONB index
  category: technical
  probability: 0.3   # 0..1
  impact: 4          # 1..5
  score: 1.2         # P × I
  owner: data-platform
  response: mitigate
  mitigation:
    - run upgrade on staging mirror
    - keep pg17→pg16 logical replication for 2 weeks
  trigger: production migration window
  status: open
  review_date: 2026-06-01
```

### Probability × Impact matrix
```typescript
type Level = 1 | 2 | 3 | 4 | 5;
type Risk = { p: Level; i: Level };

const score = (r: Risk) => r.p * r.i;
const tier = (s: number) =>
  s >= 16 ? 'critical'
  : s >= 9 ? 'high'
  : s >= 4 ? 'medium'
  : 'low';

console.log(tier(score({ p: 4, i: 5 }))); // critical
```

### Monte Carlo schedule risk (Python)
```python
import numpy as np

# task durations: triangular(min, mode, max) days
tasks = [(2, 3, 7), (5, 8, 14), (1, 2, 4), (3, 5, 10)]
N = 100_000
samples = np.array([
    [np.random.triangular(*t) for t in tasks]
    for _ in range(N)
])
totals = samples.sum(axis=1)
print(f"P50={np.percentile(totals,50):.1f}d, P90={np.percentile(totals,90):.1f}d")
```

### Threat modeling — STRIDE checklist
```text
S Spoofing       — auth, mTLS, signed JWT
T Tampering      — integrity hash, append-only log
R Repudiation    — audit log + WORM storage
I Info disclosure— TLS, encryption-at-rest, PII redaction
D Denial         — rate limit, autoscale, circuit breaker
E Elev privilege — least-priv IAM, RBAC, no sudo prod
```

### LLM agent risk gate (Claude Opus 4.7)
```typescript
import Anthropic from '@anthropic-ai/sdk';

const TOOL_ALLOWLIST = new Set(['read_file', 'list_dir', 'web_fetch']);
const HIGH_RISK = new Set(['delete_file', 'execute_shell', 'send_email']);

async function gate(toolName: string, args: unknown) {
  if (HIGH_RISK.has(toolName)) {
    const ok = await humanApproval({ tool: toolName, args });
    if (!ok) throw new Error(`tool ${toolName} rejected by human gate`);
  }
  if (!TOOL_ALLOWLIST.has(toolName) && !HIGH_RISK.has(toolName)) {
    throw new Error(`tool ${toolName} not in allowlist`);
  }
}
```

### SBOM generation (Syft)
```bash
# 매 CI step — SPDX SBOM 생성 + CVE scan
syft packages dir:. -o spdx-json > sbom.spdx.json
grype sbom:sbom.spdx.json --fail-on high
```

### Chaos experiment (Litmus / k8s)
```yaml
apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata: { name: pod-kill }
spec:
  appinfo: { applabel: 'app=checkout' }
  chaosServiceAccount: litmus
  experiments:
    - name: pod-delete
      spec:
        components:
          env:
            - { name: TOTAL_CHAOS_DURATION, value: '60' }
            - { name: CHAOS_INTERVAL, value: '10' }
```

## 매 결정 기준
| 상황 | Approach |
|---|---|
| Startup, light process | Risk register (markdown/YAML) + weekly review |
| Regulated (SOC2/ISO27001) | NIST RMF + control mapping |
| Schedule heavy | Monte Carlo + critical path |
| Security-sensitive | Threat model (STRIDE) per feature |
| LLM agent system | Tool allowlist + human gate + audit log |
| Live ops | KRI dashboard + chaos engineering |

**기본값**: 매 risk register + weekly triage + threat model per epic.

## 🔗 Graph
- 부모: [[Project Management]] · [[SDLC]] · [[Governance]]
- 변형: [[Threat Modeling]] · [[Chaos Engineering]] · [[FMEA]]
- 응용: [[SBOM]]
- Adjacent: [[SARA (Software Architecture Review and Assessment)]] · [[Resource-Management]]

## 🤖 LLM 활용
**언제**: 매 risk register 초안, 매 STRIDE checklist 생성, 매 incident retro 의 root cause 분류.
**언제 X**: 매 quantitative 신뢰 — LLM 의 probability 추정은 calibrated 아님. 실측 또는 expert estimate 우선.

## ❌ 안티패턴
- **Risk register as graveyard**: 매 등록 후 매 review 없음.
- **Probability theater**: 매 0.37 같은 false-precision — qualitative 5-tier 충분.
- **Mitigation without trigger**: 매 언제 발동인지 불명.
- **Hero culture**: 매 risk 무시하고 매 incident 시 영웅적 fix — burnout.
- **Agent without allowlist**: 매 prompt injection → arbitrary tool call.
- **Single-vendor lock**: 매 supply-chain risk 미평가.

## 🧪 검증 / 중복
- Verified: ISO 31000:2018, PMBOK 7e (2021), NIST SP 800-37r2 RMF, OWASP Threat Modeling.
- 신뢰도 A.

## 🕓 Changelog
| 날짜 | 변경 |
|---|---|
| 2026-05-08 | Phase 1 |
| 2026-05-10 | Manual cleanup — full RM cycle + STRIDE + LLM agent gate |