Criado por malzsoj@gmail.com
mais de 9 anos atrás
|
||
Questão | Responda |
how is SecSDLC implementation phase is accomplished ? | through changing configuration and operation of organization’s information systems |
name the 5 Implementation changes | *Procedures (through policy) *People (through training) *Hardware (through firewalls) *Software (through encryption) *Data (through classification) |
Name 3 Major steps in executing project plan ? | *Planning the project *Supervising tasks and action steps *Wrapping up |
Name 6 Major project tasks in WBS | *Work to be accomplished *Assignees *Start and end dates *Amount of effort required *Estimated capital and noncapital expenses *Identification of dependencies between/among tasks |
WBS Example | |
Name 3 Time impacts in the development of a project plan? | *Time to order, receive, install, and configure security control *Time to train the users *Time to realize return on investment of control |
Project scope: | concerns boundaries of time and effort-hours needed to deliver planned features and quality level of project deliverables |
what does Project management require? | a unique set of skills and thorough understanding of a broad body of specialized knowledge |
The Bull’s-Eye Model | |
2 Steps that can be taken to make organizations more amenable to change are | *Reducing resistance to change from beginning of planning process *Develop culture that supports change |
Tiered Risk Management Framework | |
Security Control Allocation | |
Accreditation: | what authorizes an IT system to process, store, or transmit information. |
Bull’s-eye method: | requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. |
Certification: | “the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.” |
Change control: | how medium- and large-sized organizations deal with the impact of technical change on the operation of the organization. |
Cost benefit analysis (CBA): | determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost. |
Direct changeover: | involves stopping the old method and beginning the new. |
Joint application development: | getting key representatives from user groups to serve as members of the SecSDLC development process. |
Milestone: | a specific point in the project plan when a task that has a noticeable impact on the progress of the project plan is complete. |
Negative feedback loop (cybernetic loop): | ensures that progress is measured periodically. |
Parallel operations: | involves running the new methods alongside the old methods. |
Phased implementation: | the most common conversion strategy and involves a measured rollout of the planned system, with a part of the whole being brought out and disseminated across an organization before the next piece is implemented. |
Pilot implementation: | the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. |
Predecessors: | tasks or action steps that come before the specific task at hand. |
Project plan: | instructs the individuals who are executing the implementation phase. |
Project wrap-up: | usually handled as a procedural task and assigned to a mid-level IT or information security manager. |
Projectitis: | when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work. |
Request for proposal (RFP): | a specification document suitable for distribution to vendors. |
Successors: | tasks or action steps that come after the task at hand. |
Technology governance: | a complex process that organizations use to manage the affects and costs of technology implementation, innovation, and obsolescence; guides how frequently technical systems are updated and how technical updates are approved and funded. |
Work breakdown structure (WBS): | simple planning tool. |
Quer criar seus próprios Flashcards gratuitos com GoConqr? Saiba mais.