2760772
Description
Flashcards by malzsoj@gmail.com, updated more than 1 year ago
|
Created by malzsoj@gmail.com
over 10 years ago
|
|
| Question | Answer |
| how is SecSDLC implementation phase is accomplished ? | through changing configuration and operation of organization’s information systems |
| name the 5 Implementation changes | *Procedures (through policy) *People (through training) *Hardware (through firewalls) *Software (through encryption) *Data (through classification) |
| Name 3 Major steps in executing project plan ? | *Planning the project *Supervising tasks and action steps *Wrapping up |
| Name 6 Major project tasks in WBS | *Work to be accomplished *Assignees *Start and end dates *Amount of effort required *Estimated capital and noncapital expenses *Identification of dependencies between/among tasks |
| WBS Example | |
| Name 3 Time impacts in the development of a project plan? | *Time to order, receive, install, and configure security control *Time to train the users *Time to realize return on investment of control |
| Project scope: | concerns boundaries of time and effort-hours needed to deliver planned features and quality level of project deliverables |
| what does Project management require? | a unique set of skills and thorough understanding of a broad body of specialized knowledge |
| The Bull’s-Eye Model | |
| 2 Steps that can be taken to make organizations more amenable to change are | *Reducing resistance to change from beginning of planning process *Develop culture that supports change |
| Tiered Risk Management Framework | |
| Security Control Allocation | |
| Accreditation: | what authorizes an IT system to process, store, or transmit information. |
| Bull’s-eye method: | requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. |
| Certification: | “the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.” |
| Change control: | how medium- and large-sized organizations deal with the impact of technical change on the operation of the organization. |
| Cost benefit analysis (CBA): | determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost. |
| Direct changeover: | involves stopping the old method and beginning the new. |
| Joint application development: | getting key representatives from user groups to serve as members of the SecSDLC development process. |
| Milestone: | a specific point in the project plan when a task that has a noticeable impact on the progress of the project plan is complete. |
| Negative feedback loop (cybernetic loop): | ensures that progress is measured periodically. |
| Parallel operations: | involves running the new methods alongside the old methods. |
| Phased implementation: | the most common conversion strategy and involves a measured rollout of the planned system, with a part of the whole being brought out and disseminated across an organization before the next piece is implemented. |
| Pilot implementation: | the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization. |
| Predecessors: | tasks or action steps that come before the specific task at hand. |
| Project plan: | instructs the individuals who are executing the implementation phase. |
| Project wrap-up: | usually handled as a procedural task and assigned to a mid-level IT or information security manager. |
| Projectitis: | when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work. |
| Request for proposal (RFP): | a specification document suitable for distribution to vendors. |
| Successors: | tasks or action steps that come after the task at hand. |
| Technology governance: | a complex process that organizations use to manage the affects and costs of technology implementation, innovation, and obsolescence; guides how frequently technical systems are updated and how technical updates are approved and funded. |
| Work breakdown structure (WBS): | simple planning tool. |
Want to create your own Flashcards for free with GoConqr? Learn more.