Effective CISSP Questions

Your company started an engineering project to develop an E-Commerce website following ISO 15288. Which of the following is least likely to be treated as an organizational project enabler? (Wentz QOTD)
A. Life cycle model management
B. Risk management
C. Knowledge management
D. Infrastructure management

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is B. Risk management.

ISO 15288

The title of ISO/IEC/IEEE 15288 is “Systems and software engineering — System life cycle processes.” Systems and software engineering processes of ISO 15288 can be categorized into four groups:

  • Agreement Processes
  • Organizational Project-Enabling Processes
  • Technical Management Processes
  • Technical Processes

An organization may initiate multiple projects that share the same project infrastructure and resources. Project-specific processes can be either technical or technical management. Risk management here refers to project risk management instead of enterprise risk management (ERM).

Infrastructure management looks like a technical thing. However, this question emphasizes the project nature of engineering and its context. It entails a holistic view of engineering and can not be answered or guessed just like “Think Like a Manager.”



My new book, The Effective CISSP: Security and Risk Management, helps CISSP aspirants build a solid conceptual security model. It is not only a tutorial for information security but also a study guide for the CISSP exam and an informative reference for security professionals.

貴公司啟動了一個工程項目,以按照ISO 15288開發電子商務網站。以下哪項最不可能被視為組織項目的推動者?(Wentz QOTD)
A. 生命週期模型管理
B. 風險管理
C. 知識管理
D. 基礎設施管理

Leave a Reply