Environmental Risks

In this section we're going to start considering the realities of running software systems in the real world.

It's important to understand that software is always operating within a context. Whether it's a product being offered by a startup, some utility downloaded from an app store or a large government or enterprise deployment, the context really matters, and therefore the risks presented by this context are relevant to the overall risk position of the software itself.

PEST / PESTLE

One useful technique for environmental analysis is PEST or PESTLE, which breaks down the environment into specific components: Political, Economic, Social, Technological, Legal and Ecological. Other frameworks suggest looking at Demographic, Geographic or Military elements too.

Types Of Environmental Risk

There is a lot to this subject, so this section is just a taster: we're going to consider just two specific types of environmental risk, Security Risk, Legal Risk and Reputational Risk. And then cap off the taxonomy of risks by looking at Operational Risk, which really encompasses the others.

Security Risk

Risks due to hostile agents and events from inside or outside of the system.

Legal Risk

Risks due to the legal context in which an operation is running.

Reputational Risk

Reputational risk is the potential harm to reputation.

Operational Risk

The risk of loss resulting from inadequate or failed internal processes, people and systems or from external events.