You are leading a system engineering project. Which one of the following is a concern that should be addressed at the organization level? (Wentz QOTD)
A. Threat modeling
B. Knowledge management
C. Verification and validation
D. Security architecture definition
Kindly be reminded that the suggested answer is for your reference only. It doesn’t matter whether you have the right or wrong answer. What really matters is your reasoning process and justifications.
My suggested answer is B. Knowledge management.
Wentz’s book, The Effective CISSP: Security and Risk Management, helps CISSP and CISM aspirants build a solid conceptual security model. It is a tutorial for information security and a supplement to the official study guides for the CISSP and CISM exams and an informative reference for security professionals.
All engineering endeavors and results are fulfilled and delivered through projects. An engineering organization establishes a well-crafted project management infrastructure and environment to enable and support engineering projects.
ISO/IEC/IEEE 15288:2015 (Systems and software engineering — System life cycle processes) is an international standard for systems and software engineering, which deals with system life cycle processes.
- An engineering project requires technical processes and technical management processes.
- The engineering organization should deal with the so-called organizational project-enabling processes and agreement processes. Knowledge is shared across projects, so knowledge management is addressed at the organizational level.
NIST has superseded SP 800-64 R2, which introduces the system development life cycle (SDLC) with SP 800-160 series, which aligns with the ISO 15288 standard.
Reference
您正在領導一個系統工程項目。 以下哪一項是應該在組織層面解決的問題? (Wentz QOTD)
A. 威脅建模
B. 知識管理
C. 驗證和確認 (verification and validation)
D. 安全架構定義