Your company is developing an ERP system, owned by the head of the IT department, using Scrum. You are the product owner of the development of the material management module. Which of the following is the least of your concerns?
A. Refinement of the product backlog
B. Application for authorization to operate (ATO)
C. Trustworthiness of the product
D. User acceptance
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Application for authorization to operate (ATO).
The material management module is part of the ERP system, which is composed of interacting elements such as hardware, software, data, humans, processes, facilities, materials, and naturally occurring physical entities. The authorization to operate (ATO) is granted at the information system level.
Authorization To Operate (ATO)
The official management decision given by a senior organizational official to authorize operation of an information system and to explicitly accept the risk to organizational operations (including mission, functions, image, or reputation), organizational assets, individuals, other organizations, and the Nation based on the implementation of an agreed-upon set of security controls.
Source: CNSSI 4009
Combination of interacting elements organized to achieve one or more stated purposes.
Note 1: There are many types of systems. Examples include: general and special-purpose information systems; command, control, and communication systems; crypto modules; central processing unit and graphics processor boards; industrial/process control systems; flight control systems; weapons, targeting, and fire control systems; medical devices and treatment systems; financial, banking, and merchandising transaction systems; and social networking systems.
Note 2: The interacting elements in the definition of system include hardware, software, data, humans, processes, facilities, materials, and naturally occurring physical entities.
Note 3: System of systems is included in the definition of system.
Source: NIST SP 800-160
The Product Owner is accountable for maximizing the value of the product resulting from the work of the Scrum Team. How this is done may vary widely across organizations, Scrum Teams, and individuals.
The Product Owner is also accountable for effective Product Backlog management, which includes:
* Developing and explicitly communicating the Product Goal;
* Creating and clearly communicating Product Backlog items;
* Ordering Product Backlog items; and,
* Ensuring that the Product Backlog is transparent, visible and understood.
The Product Owner may do the above work or may delegate the responsibility to others. Regardless, the Product Owner remains accountable.
For Product Owners to succeed, the entire organization must respect their decisions. These decisions are visible in the content and ordering of the Product Backlog, and through the inspectable Increment at the Sprint Review.
The Product Owner is one person, not a committee. The Product Owner may represent the needs of many stakeholders in the Product Backlog. Those wanting to change the Product Backlog can do so by trying to convince the Product Owner.
Source: Scrum Guide 2020
- Zero-day (computing)
- Zero-day vulnerability: What it is, and how it works
- Common Weakness Enumeration
- CVE List Home
- What’s the difference between CVE and CWE?
- Common Vulnerability Scoring System SIG
- Common Vulnerability Scoring System version 3.1: Specification Document
- Security Content Automation Protocol
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
貴公司正在使用Scrum開發ERP系統。IT部門主管是該系統的擁有者(owner)。 您是物料管理模塊開發的產品所有者(Product Owner)。 您最不用擔心以下哪一項？
A. 產品待辦清單之調整(Refinement of the product backlog)
D. 用戶接受度(User acceptance)