• False alarms

• Insufficient error handling

• Sequencing or order

• Incorrect timing outputs

• Valid but not expected outputs

Of course, because of the complexity of software and heterogeneous environments, this is a very small list.

Just in case you do not have enough risk assessment methodologies to choose from, you can also look at CRAMM (Central Computing and Telecommunications Agency Risk Analysis and Management Method), which was created by the United Kingdom, and its automated tools are sold by Siemens. It works in three distinct stages: define objectives, assess risks, and identify countermeasures. It is really not fair to call it a unique methodology, because it follows the basic structure of any risk methodology. It just has everything ...

Get CISSP All-in-One Exam Guide, 6th Edition, 6th Edition now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.