Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The solution architect chooses to implement a RAID storage system composed of high-capacity and high-speed Solid State Disks (SSD). The development team is developing a security plan for the system. Given security is a priority concern, which of the following is the best to deal with issues of data remanence when retiring disks or the storage system?
B. Low-level formatting
C. Multiple passes of overwriting
D. Cryptographic Erase
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development of some software modules will be outsourced to external software vendors. The computer systems, operating systems, and other standard hardware and essential software will be procured as well. Which of the following is least related to the procurement of this project?
A. Common Criteria
B. Vendor’s reputation
C. Zachman Enterprise Framework
D. The Capability Maturity Model Integration (CMMI)
Agile is hot, but there are many misconceptions about it. Frequent delivery of working software or values is one of its core concepts. Delivery means hand over working software to customers to create values.
Development progress or prototypes are not working software; they create no values because they don’t operate in the production environment.
From the perspective of scrum.org, there’s no project manager but a product owner. They call the daily event as Daily Scrum instead of a daily standup meeting.
Periodic review, demonstration, and daily meeting (standup or being sat) are general management practices. They are not specific to Agile or Scrum.
The Waterfall Model delivers at the end of the project. Customers may review a pile of user requirement specification (URS) documents after the requirement analysis; documented designs as the solution in documents as well. In each phase, customers get nothing real until the end of the project.
The Spiral Model is an improvement of the Waterfall Model. It delivers at the end of the project but demonstrates prototypes or work products to customers after each iteration, which can be treated as a small waterfall.
Wentz’s Risk Model incorporates the Peacock Model, the Onion Model, the Ring Model, and the Concept of Neutral Risk.
The Concept of Neutral Risk, based on the risk definition of ISO 31000, introduces the business mindset of seizing opportunities and avoiding threats to highlight that information security is not only a business enabler but also a business driver.
The Peacock Model is a notion of information systems that extends the definition defined by 44 U.S.C, Sec 3502. The Onion Model denotes the concept of layered defense or defense in depth.
The Ring Model is derived from the NIST Generic Risk Model to specify risk in the context of information security.
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The COO, who doesn’t like surprises, sponsors this initiative, and the reliability of the production system is the priority. He asked for periodic review and demonstration of development progress or prototypes and thought the daily standup meeting is favorable. The project team is evaluating the development approach. Which of the following is the best?
A. Waterfall Model
C. Spiral Model
Directivecontrols promote security awareness and direct compliant behaviors, e.g., policies, posters, and signs.
Deterrentcontrols discourage violation of security policies and reduce or eliminate the motive of unauthorized behaviors, e.g., guards and mantraps.
Preventivecontrols raise the hurdle and thwart the breaching attempts, e.g., firewalls, intrusion prevention systems (IPS), and antivirus software.
Detectivecontrols monitor and report potential or undergoing breaching attempts, e.g., intrusion detection systems (IDS), honeypots or honeynets, and reviews.
Correctivecontrols stop the breaching attempts to maintain or restore normal operations or service level, e.g. Trusted Recovery and Antivirus Software (Quarantining a virus).
Recoverycontrols recover from disruption and restore to normal operations and service level if breaching attempts disrupt the operations or services, e.g., backup and restore, system imaging, and shadowing.
Compensating controls provide contingent or alternative protection to existing controls. For example, a PIN code is compensating for the Windows Hello facial recognition.
Your company decides to start the business of selling toys online and shipping globally. The E-Commerce system that supports the new business will be developed in-house. The development team is designing the data model for the SQL database based on the entity-relationship diagram. It splits the comma-separated values (CSV) data stored in a field into multiple fields. Which of the following best describes the process?
A. Split horizon
B. Normalization in 1NF
C. Normalization in 2NF
D. Key clustering
The database schema of a database is its structure described in a formal language supported by the database management system (DBMS). The term “schema” refers to the organization of data as a blueprint of how the database is constructed (divided into database tables in the case of relational databases).
An XML schema is a description of a type of XML document, typically expressed in terms of constraints on the structure and content of documents of that type, above and beyond the basic syntactical constraints imposed by XML itself.
A data dictionary is used to standardize a definition of a data element and enable a common interpretation of data elements.
A data dictionary is used to documentstandard definitions of data elements, their meanings, and allowable values. A data dictionary contains definitions of each
data element and indicates how those elements combine into composite data
elements. Data dictionaries are used to standardize usage and meanings of data
elements between solutions and between stakeholders.
Data dictionaries are sometimes referred to as metadata repositories and are used
to manage the data within the context of a solution. As organizations adopt data mining and more advanced analytics, a data dictionary may provide the metadata
required by these more complex scenarios. A data dictionary is often used in
conjunction with an entity relationship diagram (see Data Modelling (p. 256)) and
may be extracted from a data model.
Data dictionaries can be maintained manually (as a spreadsheet) or via automated
Source: IIBA/CBAP BABOK v3
Metadata is data about data. It’s not the data itself.
Schema is one type of metadata that describes how the data is organized.
Data Dictionary details may include definitions, relationships with other data, origin, format, and usage.
A data dictionary is a collection of metadata conceptually and a repository of metadata physically.
“Goals” and “Objectives” are often used interchangeably. However, we can use them in a more specific way to communicate effectively.
A goal is a written statement of desired outcomes or future state. It is typically broken down into objectives that are then broken down further to a reasonable level and organized hierarchically. The hierarchy is not limited to two levels. From this point of view, a goal is an upper-level objective (parent) relative to the lower-level ones (children) broken down from it.
Measured by KPIs or KGIs
(Key Goal Indicators)
Measured by KPIs
(Key Performance Indicators)
Success is the result of achieving the goal that is measured by key performance indicators (KPIs) or key goal indicators (KGIs). The term KGI comes from COBIT. It distinguishes KGI as a lagging indicator from KPI as a leading indicator. However, it’s not uncommon to use KPI only.
Performance is the progress to the objective or goal through execution.