As a business analyst, you are preparing a business case to evaluate the feasibility of developing a customer relationship management system for your company. Which of the following is the least concern? (Wentz QOTD)
A. Data flow analysis
B. System impact level
C. Cost-benefit analysis
D. Project management planning
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is D. Project management planning.
A project charter officially proves and authorizes the existence of a project. A business case justifies the project is feasible. The project management planning starts after a project is chartered or authorized.
Business Case and Project Initiation
In the initiation phase of an information system development project (typically called an initiative in this phase), a business case is developed to justify the investment, which entails feasibility evaluation in terms of technical and financial, and other aspects.
- Personal data flow analysis is crucial in privacy impact analysis. Please refer to ISO 29134 and ISO 29100 for details.
- From the perspective of NIST RMF, the system impact level is determined in the step of system categorization by evaluating the high watermark of the impact of data types the system processes upon security objectives (CIA).
- Cost-benefit is the core element of a business case. Financial methods, such as payback period (PB), internal rate of return (IRR), and net present value (NPV), are commonly used.
NIT SDLC and RMF
A BLUEPRINT FOR YOUR SUCCESS IN CISSP
My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.
- It is available on Amazon.
- Readers from countries or regions not supported by Amazon can get your copy from the author’s web site.
作為一個商業分析師，您正在準備一個業務案例，以評估為公司開發客戶關係管理系統的可行性。 下列哪一項是最不用擔心的？(Wentz QOTD)
A. 資料流分析 (Data flow analysis)
B. 系統影響等級 (System impact level)
C. 成本效益分析 (Cost-benefit analysis)
D. 專案管理計劃 (Project management planning)