Your company initiated a project to develop an in-house CRM system sponsored by the COO. As a project manager, which of the following is the least concern?
A. Ensure the use of secure system development life cycle
B. Assess risk at the information system tier
C. Ensure security is considered in procurement activities
D. Include alternatives in the project business case in terms of cost/benefit
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Include alternatives in the project business case in terms of cost/benefit.
A project business case that comprises solution alternatives with cost/benefit analysis should be developed and approved to initiated a project.
1. application of a systematic, disciplined, quantifiable approach to structures, machines, products, systems, or processes [ISO/IEC TR 19759:2016, Software Engineering — Guide to the Software Engineering Body of Knowledge (SWEBOK). 15]
An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development lifecycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem. (NIST Glossary)
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.