2nd/10_Wiki/Topics/Architecture/Risk_Management.md

id, title, category, status, canonical_id, aliases, duplicate_of, source_trust_level, confidence_score, verification_status, tags, raw_sources, last_reinforced, github_commit, tech_stack

id	title	category	status	canonical_id	aliases	duplicate_of	source_trust_level	confidence_score	verification_status	tags	raw_sources	last_reinforced	github_commit	tech_stack
wiki-2026-0508-risk-management	Risk Management	10_Wiki/Topics	verified	self	Project Risk Management Software Risk Management	none	A	0.88	applied	project-management sdlc governance security		2026-05-10	pending	language framework none PMI/ISO 31000

Risk Management

매 한 줄

"매 uncertain event 를 매 identify → assess → respond → monitor 의 cycle 로 관리". ISO 31000 (2018) + PMBOK 7e (2021) + NIST RMF (SP 800-37r2) 의 공통 골격. 매 software 맥락에서는 매 schedule risk, technical debt, supply-chain (CVE), AI hallucination, model drift 까지 포괄. 매 2026 추가 트렌드: LLM agent autonomy risk, prompt injection, SBOM 의무화 (US EO 14028).

매 핵심

매 4-step cycle

1. Identify: brainstorming, checklist, threat modeling (STRIDE, LINDDUN), pre-mortem.
2. Assess: probability × impact = risk score. Qualitative (matrix) 또는 quantitative (Monte Carlo, EMV).
3. Respond: avoid / transfer / mitigate / accept (PMBOK).
4. Monitor: risk register, KRI dashboard, retro.

매 software-specific 영역

• Schedule/budget: estimation bias, scope creep, dependency.
• Technical debt: SonarQube, CodeScene 의 quantification.
• Security: CVE, supply-chain (Log4Shell, xz-utils 2024), SBOM (SPDX/CycloneDX).
• AI: hallucination, prompt injection, training-data leak, model drift, agent autonomy.
• Operational: SLO breach, incident, on-call burnout.

매 응용

1. Pre-mortem (Klein): "프로젝트 실패했다고 가정하고 원인 작성".
2. Risk-adjusted backlog: high-risk story 를 sprint 1 에 배치.
3. Chaos engineering: 매 failure 를 사전 주입해 hypothesis 검증.
4. Agent guardrail: tool-call allowlist, human-in-the-loop checkpoint.

💻 패턴

Risk register (YAML)

- id: R-001
  title: PostgreSQL 17 upgrade fails on JSONB index
  category: technical
  probability: 0.3   # 0..1
  impact: 4          # 1..5
  score: 1.2         # P × I
  owner: data-platform
  response: mitigate
  mitigation:
    - run upgrade on staging mirror
    - keep pg17→pg16 logical replication for 2 weeks
  trigger: production migration window
  status: open
  review_date: 2026-06-01

Probability × Impact matrix

type Level = 1 | 2 | 3 | 4 | 5;
type Risk = { p: Level; i: Level };

const score = (r: Risk) => r.p * r.i;
const tier = (s: number) =>
  s >= 16 ? 'critical'
  : s >= 9 ? 'high'
  : s >= 4 ? 'medium'
  : 'low';

console.log(tier(score({ p: 4, i: 5 }))); // critical

Monte Carlo schedule risk (Python)

import numpy as np

# task durations: triangular(min, mode, max) days
tasks = [(2, 3, 7), (5, 8, 14), (1, 2, 4), (3, 5, 10)]
N = 100_000
samples = np.array([
    [np.random.triangular(*t) for t in tasks]
    for _ in range(N)
])
totals = samples.sum(axis=1)
print(f"P50={np.percentile(totals,50):.1f}d, P90={np.percentile(totals,90):.1f}d")

Threat modeling — STRIDE checklist

S Spoofing       — auth, mTLS, signed JWT
T Tampering      — integrity hash, append-only log
R Repudiation    — audit log + WORM storage
I Info disclosure— TLS, encryption-at-rest, PII redaction
D Denial         — rate limit, autoscale, circuit breaker
E Elev privilege — least-priv IAM, RBAC, no sudo prod

LLM agent risk gate (Claude Opus 4.7)

import Anthropic from '@anthropic-ai/sdk';

const TOOL_ALLOWLIST = new Set(['read_file', 'list_dir', 'web_fetch']);
const HIGH_RISK = new Set(['delete_file', 'execute_shell', 'send_email']);

async function gate(toolName: string, args: unknown) {
  if (HIGH_RISK.has(toolName)) {
    const ok = await humanApproval({ tool: toolName, args });
    if (!ok) throw new Error(`tool ${toolName} rejected by human gate`);
  }
  if (!TOOL_ALLOWLIST.has(toolName) && !HIGH_RISK.has(toolName)) {
    throw new Error(`tool ${toolName} not in allowlist`);
  }
}

SBOM generation (Syft)

# 매 CI step — SPDX SBOM 생성 + CVE scan
syft packages dir:. -o spdx-json > sbom.spdx.json
grype sbom:sbom.spdx.json --fail-on high

Chaos experiment (Litmus / k8s)

apiVersion: litmuschaos.io/v1alpha1
kind: ChaosEngine
metadata: { name: pod-kill }
spec:
  appinfo: { applabel: 'app=checkout' }
  chaosServiceAccount: litmus
  experiments:
    - name: pod-delete
      spec:
        components:
          env:
            - { name: TOTAL_CHAOS_DURATION, value: '60' }
            - { name: CHAOS_INTERVAL, value: '10' }

매 결정 기준

상황	Approach
Startup, light process	Risk register (markdown/YAML) + weekly review
Regulated (SOC2/ISO27001)	NIST RMF + control mapping
Schedule heavy	Monte Carlo + critical path
Security-sensitive	Threat model (STRIDE) per feature
LLM agent system	Tool allowlist + human gate + audit log
Live ops	KRI dashboard + chaos engineering

기본값: 매 risk register + weekly triage + threat model per epic.

🔗 Graph

• 부모: Project Management · SDLC · Governance
• 변형: Threat Modeling · Chaos Engineering · FMEA
• 응용: SBOM
• Adjacent: SARA (Software Architecture Review and Assessment) · Resource-Management

🤖 LLM 활용

언제: 매 risk register 초안, 매 STRIDE checklist 생성, 매 incident retro 의 root cause 분류. 언제 X: 매 quantitative 신뢰 — LLM 의 probability 추정은 calibrated 아님. 실측 또는 expert estimate 우선.

❌ 안티패턴

• Risk register as graveyard: 매 등록 후 매 review 없음.
• Probability theater: 매 0.37 같은 false-precision — qualitative 5-tier 충분.
• Mitigation without trigger: 매 언제 발동인지 불명.
• Hero culture: 매 risk 무시하고 매 incident 시 영웅적 fix — burnout.
• Agent without allowlist: 매 prompt injection → arbitrary tool call.
• Single-vendor lock: 매 supply-chain risk 미평가.

🧪 검증 / 중복

• Verified: ISO 31000:2018, PMBOK 7e (2021), NIST SP 800-37r2 RMF, OWASP Threat Modeling.
• 신뢰도 A.

🕓 Changelog

날짜	변경
2026-05-08	Phase 1
2026-05-10	Manual cleanup — full RM cycle + STRIDE + LLM agent gate