CISSP PRACTICE QUESTIONS – 20210429

Effective CISSP Questions

As a business analyst, you are preparing a business case to evaluate the feasibility of developing a customer relationship management system for your company. Which of the following is the least concern? (Wentz QOTD)
A. Data flow analysis
B. System impact level
C. Cost-benefit analysis
D. Project management planning

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is D. Project management planning.

A project charter officially proves and authorizes the existence of a project. A business case justifies the project is feasible. The project management planning starts after a project is chartered or authorized.

Business Case and Project Initiation

In the initiation phase of an information system development project (typically called an initiative in this phase), a business case is developed to justify the investment, which entails feasibility evaluation in terms of technical and financial, and other aspects.

  • Personal data flow analysis is crucial in privacy impact analysis. Please refer to ISO 29134 and ISO 29100 for details.
  • From the perspective of NIST RMF, the system impact level is determined in the step of system categorization by evaluating the high watermark of the impact of data types the system processes upon security objectives (CIA).
  • Cost-benefit is the core element of a business case. Financial methods, such as payback period (PB), internal rate of return (IRR), and net present value (NPV), are commonly used.
Project Life Cycle
Project Life Cycle (Source: PMBOK)

NIT SDLC and RMF

NIST SDLC and RMF
NIST SDLC and RMF

ISO Standards

ISO Security and Privacy Standards
ISO Security and Privacy Standards

Reference

A BLUEPRINT FOR YOUR SUCCESS IN CISSP

My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

作為一個商業分析師,您正在準備一個業務案例,以評估為公司開發客戶關係管理系統的可行性。 下列哪一項是最不用擔心的?(Wentz QOTD)
A. 資料流分析 (Data flow analysis)
B. 系統影響等級 (System impact level)
C. 成本效益分析 (Cost-benefit analysis)
D. 專案管理計劃 (Project management planning)

Leave a Reply