Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development of some software modules will be outsourced to external software vendors. The computer systems, operating systems, and other standard hardware and essential software will be procured as well. Which of the following is least related to the procurement of this project?
A. Common Criteria
B. Vendor’s reputation
C. Zachman Enterprise Framework
D. The Capability Maturity Model Integration (CMMI)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. Zachman Enterprise Framework.

  • The Common Criteria for Evaluation criteria for IT security is defined in ISO 15408. It can be used in purchasing computer security products.
  • CMMI is an integrated version of acquisition, development, and services. It can be used to evaluate the capabilities of software vendors.
  • Vendor’s reputation is almost always a procurement concern.
  • Enterprise Architecture Frameworks is a concern in the phase of initiation when an organization is engineering a system. They are the least concern in this question when it comes to the acquisition phase. Furthermore, Zachman is just one of the well-known architecture frameworks. An organization doesn’t have to consider Zachman only. TOGAF and SABSA are alternatives to Zachman.

Leave a Reply