CISSP PRACTICE QUESTIONS – 20191223

Effective CISSP Questions

Your company decides to start the business of selling toys online and shipping globally. An in-house development team is tasked to develop the E-commerce system to support the new business.  As a security professional and a member of the project team, you want to ensure the use of secure information system development processes. Which of the following provides practices or guidelines that best meet your requirements?
A. Agile
B. ISO 15288
C. NIST SP 800-160 Volume 1
D. CMMI


Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is C. NIST SP 800-160 Volume 1.

Systems Engineering

Systems engineering is a collection of system life cycle technical and nontechnical processes with associated activities and tasks.” ISO/IEC/IEEE 15288:2015 (Systems and software engineering — System life cycle processes) is a generic approach for system engineering.

Systems Security Engineering

Systems security engineering, as an integral part of systems engineering, helps to ensure that the appropriate security principles, concepts, methods, and practices are applied during the system life cycle to achieve stakeholder objectives for the protection of assets—across all forms of adversity characterized as disruptions, hazards, and threats.” NIST SP 800-160 Volume 1 addresses security activities based on ISO 15288.

CMMI

Capability Maturity Model Integration (CMMI) is a process level improvement training and appraisal program. Administered by the CMMI Institute, a subsidiary of ISACA, it was developed at Carnegie Mellon University (CMU). It is required by many United States Department of Defense (DoD) and U.S. Government contracts, especially in software development.

Wikipedia

Agile

Agile is a mindset and a collection of principles and practices to collaborate with customers to respond to changes and improve continuously to deliver values. XP, Scrum, and Kanban are common Agile approaches adopted in the software sector. The idea of Agile is also applied to the organization level, known as organizational/business agility.

The Manifesto for Agile Software Development is the inception of Agile.

Leave a Reply