Effective CISSP Questions

Your company initiated a project to develop an in-house CRM system sponsored by the COO. As a project manager, which of the following is the least concern?
A. Ensure the use of secure system development life cycle
B. Assess risk at the information system tier
C. Ensure security is considered in procurement activities
D. Include alternatives in the project business case in terms of cost/benefit

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Include alternatives in the project business case in terms of cost/benefit.

A project business case that comprises solution alternatives with cost/benefit analysis should be developed and approved to initiated a project.


1. application of a systematic, disciplined, quantifiable approach to structures, machines, products, systems, or processes [ISO/IEC TR 19759:2016, Software Engineering — Guide to the Software Engineering Body of Knowledge (SWEBOK). 15]

Security Engineering

An interdisciplinary approach and means to enable the realization of secure systems. It focuses on defining customer needs, security protection requirements, and required functionality early in the systems development lifecycle, documenting requirements, and then proceeding with design, synthesis, and system validation while considering the complete problem. (NIST Glossary)



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

The Effective CISSP - SRM

The Effective CISSP: Practice Questions

The Effective CISSP: Practice Questions

貴公司發起了一個項目,以開發由首席運營官贊助的內部CRM系統。 作為項目經理,以下哪項是最不用擔心的?
A. 確保使用安全的系統開發生命週期
B. 在信息系統層評估風險
C. 確保在採購活動中考慮安全
D. 從成本/收益的角度,將決策選項加入項目業務案例中


Leave a Reply