• Business Model Canvas, Iteration, and Marshmallows

• As an information systems security professional, why should you know how software is developed?
• Think twice about the waterfall model and its influence on modern software development approaches.
• What’s the difference between (information) system development life cycle and software development life cycle?
• What is an information system? How do you apply the concepts of security requirements, security controls, and security objectives (CIA) to the information system?

• The Bell LaPadula Model, as a finite state machine model, controls information flow for confidentiality with two security properties:
  • Simple: no read up
  • * (star): no write down
• The Simple Security Property states that a subject (Bob) may not read the information at a higher sensitivity level (no read up).
• The * (star) Security Property states that a subject (Bob) may not write information to an object at a lower sensitivity level (no write down).

• What is engineering?
  • a practice of applying knowledge to create and operate something throughout its life cycle.
  • At the system level, security should be architected and then engineered into the design of the system.
    • Is “architecture design” part of the engineering processes?
    • What is design?
• What is architecture?
  • the complex or carefully designed structure of something. (google definition)
• Engineering
  • ISO/IEC/IEEE 15288:2015
  • ISO/IEC 15288 (wiki)
• Enterprise architecture
  • Enterprise architecture framework
  • Federal Enterprise Architecture (FEA)

If you always do, you always done;
If you always get, you always got.
~Dr. David Hillson, The Risk Doctor

When I was a high school student, I am fortunate enough to know what my passion is. The passion drives and guides me to be committed to the business of training and education. ITCareer.tw is my new initiative to learn, share, trigger inspirations, and nurture career expertise with IT people. ~Wentz Wu

當我還是一名高中生時，我很幸運能夠知道自己的熱情是什麼。 熱情驅動並指導我致力於培訓和教育業務。 ITCareer.tw是我的新嚐試，旨在與IT人員一起學習，分享，激發靈感並培養職業知識。 ~吳文智

http://itcareer.tw

• Governance: the way that organizations or countries are managed at the highest level, and the systems for doing this (Cambridge)
• Reviews: used to evaluate the content of a work product. (IIBA BABOK)
  • Formal
    • Inspection
    • Formal Walkthrough (also known as Team Review)
    • Single Issue Review (also known as Technical Review)
  • Informal
    • Informal Walkthrough
    • Desk Check
    • Pass Around
    • Ad hoc
• Assessment:
  • the process of considering all the information about a situation or a person and making a judgment (Cambridge)
  • the action or an instance of making a judgment about something (MW)
• Read through: to read (something) from beginning to end especially to look for mistakes or check details
• Evaluation: determination of the value, nature, character, or quality of something or someone
• Examination: the act of looking at or considering something carefully in order to discover something
• Testing: the process of using or trying something to see if it works, is suitable, obeys the rules, etc.
• Audit: an official examination of the accounts of a business
• IS audit is the formal examination, interview and/or testing of information
  systems to determine whether:
  • Information systems are in compliance with applicable laws, regulations,
    contracts and/or industry guidelines
  • IS data and information have appropriate levels of confidentiality, integrity
    and availability
  • IS operations are being accomplished efficiently and effectiveness targets
    are being met