Effective CISSP Questions

A secure software development methodology or approach is typically selected n the early stage of a software engineering project. Which of the following Agile approaches most relies on empiricism or observations of reality to monitor progress and manage risk? (Wentz QOTD)
A. Scrum
B. DevOps
C. Spiral model
D. Extreme Programming (XP)

Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.

My suggested answer is A. Scrum.

Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams, and an informative reference for security professionals.

Scrum Theory

Scrum is founded on empiricism and lean thinking. Empiricism asserts that knowledge comes from experience and making decisions based on what is observed. Lean thinking reduces waste and focuses on the essentials.

Scrum employs an iterative, incremental approach to optimize predictability and to control risk. Scrum engages groups of people who collectively have all the skills and expertise to do the work and share or acquire such skills as needed.

Scrum combines four formal events for inspection and adaptation within a containing event, the Sprint. These events work because they implement the empirical Scrum pillars of transparency, inspection, and adaptation.

Source: Scrum Guide

Scrum Framework
Scrum Framework

Extreme Programming (XP)

Extreme Programming (XP) is an agile software development framework that aims to produce higher quality software, and higher quality of life for the development team. XP is the most specific of the agile frameworks regarding appropriate engineering practices for software development.

Source: Agile Alliance

XP Practices


DevOps is a set of practices that combines software development (Dev) and IT operations (Ops). It aims to shorten the systems development life cycle and provide continuous delivery with high software quality. DevOps is complementary with Agile software development; several DevOps aspects came from the Agile methodology.

Source: Wikipedia

DevOps and Tools
DevOps and Tools (Image Source: Shane Shown)

Spiral Model

The spiral model is a risk-driven software development process model. Based on the unique risk patterns of a given project, the spiral model guides a team to adopt elements of one or more process models, such as incremental, waterfall, or evolutionary prototyping.

Source: Wikipedia

Spiral model
Spiral model (Image Source: Wikipedia)


在軟體工程專案的早期階段通常會選定安全的軟體開發方法論或方法。 以下哪種敏捷方法最依賴經驗主義或對現實的觀察來監控進度和管理風險? (Wentz QOTD)
A. Scrum
B. DevOps
C. 螺旋模型
D. 極限編程 (XP)

Leave a Reply