October 26, 2015 jobs

Intermediate Student --- Xu Huadong

Ten months homework

First, change management

1, the change of the working procedure;

• Submit and accept a change request

• Preliminary examination of the change

• Demonstration of change scheme

• Project Change Control Committee review

• Issue change notification and start implementation

• Monitoring of change implementation

• Change Effect Assessment

• Determine if the project has been incorporated into the normal track after the change has occurred

2, change the first instance of 4 content;

• Exert influence on the change initiator to confirm the necessity of the change. Make sure the change is valuable

• Format check, integrity check, verify that the required information for evaluation is fully prepared

• Consensus between stakeholders on the proposed change information for evaluation

• A common way to change the preliminary review process is to change the application document

3. Control of progress change, including which topics.

• Determine the current status of a project's progress

• Exert influence on the factors causing the change of schedule

• Find out if progress has changed

• Manage the actual changes as they occur

Second, security management

1, which technology to achieve the confidentiality of information;

Network Security Protocol , network authentication Service, data encryption service

2, which technology to achieve the integrity of information;

Non-repudiation of message source, firewall system, communication security, intrusion detection system

3, which technology to achieve the availability of information;

Disk and system fault tolerance and backup, acceptable login and process performance, reliable and functional security processes and mechanisms

4, the definition of reliability, and measurement methods.

Reliability refers to the probability that the system does not fail to complete the specified function under the specified time and given conditions.

The average time between failures is usually used ( Meantime between Failure,MTBF) to measure

5. What are the common security technologies used in the application system?

• Minimum Authorization principle 2) anti-exposure 3) Information encryption 4) physical secrecy

6. What are the methods to ensure the integrity of the application system?

• Protocol 2) error correcting code 3) password Check 4) digital signature 5) notarization

7, the room for distribution of 8 kinds of power;

1) separate power supply 2) emergency Power supply 3) standby power supply 4) regulated power supply

5) Power Protection 6) uninterruptible power supply 7) Electrical noise protection 8) Sudden incident protection

8, emergency power supply, voltage supply of the content;

Emergency power supply: Configuration of basic equipment with low voltage, improved equipment or stronger equipment, such as basic UPS, improved ups, multi-level ups, and emergency power supplies

Regulated power supply: Using line regulator to prevent the influence of voltage fluctuation on computer system

9, the application system operation, involving 4 levels of security, these 4 levels of security, according to the granularity from coarse to fine arrangement;

System-level security, resource access security, functional security, data domain security

system-level security;

isolation, access to sensitive systems Restrictions on IP address segments, logon time periods, session time limits, number of connections, restrictions on number of logins during a specific time period, and remote access control

One, which belongs to the security of resource access;

On the client, give the user the user interface associated with their permissions, and only the menu and action buttons that match their permissions appear

On the service side , the URL Program Resources and calls to the business service class Send method access control

what is functional safety;

Whether the user needs approval when operating the business record, the upload attachment cannot exceed the specified size

data domain security includes which 2 levels;

One is row-level data domain security

The second is the field-level data domain security

the access control checks of the application system are included;

• Application system access Control check 2) application system log Check

3) application System Usability Check 4) application system capability check

5) Application system security operation Check 6) application system maintenance Check

7) application System Configuration Check 8) malicious code check

what is included in the log check of the application system;

Database logs, system access logs, System processing logs, error logs, and exception logs

What are the usability checks of the application system;

System outage time, system uptime, and system recovery time

the maintenance check of the application system includes which;

Whether the maintenance problem is resolved within a specified time, whether the problem is resolved correctly, and whether the process of solving the problem is effective

Thesafety level is divided into which 2 kinds;

Security levels are classified as classified and reliability levels

Classification classified as confidential, confidential and secret according to the relevant reservation

The reliability level is divided into three levels: the highest reliability requirements are class A, the minimum reliability required for system operation is class C , in the middle of the class B

Third, risk management

1, the risk management process includes which six steps;

Risk management planning, risk identification, qualitative risk analysis, quantitative risk analysis, Response plan preparation, risk monitoring

2, the risk of accidents, and the difference between risk factors;

The risk accident is the direct or extrinsic cause of the loss, is the medium of the loss, that is, the risk can only lead to the loss through the occurrence of the risk accident.

In the case of an event, it is a risk accident if it is the direct cause of the loss, and under other conditions it becomes a risk factor if it is the indirect cause of the loss

3.What are the methods of risk identification;

1) Delphi Technology 2) Brainstorming method 3)SWOT Analysis Method (advantages, disadvantages, opportunities, Challenges) 4) Checklist 5< c6>) Graphic Technology

4.What are the methods of risk qualitative analysis;

Risk probability and impact assessment, probability and impact matrix, risk urgency assessment

5, risk qualitative analysis, according to the probability and impact matrix, what are the high-risk measures, and what are the low-risk measures;                                                                                                                                                                                                                                  

High risk needs to take key measures, and adopt a positive response strategy

Low risk simply put it on the list of risks to watch or allocate contingency reserve

6.What are the methods of risk quantitative analysis;

expected currency value, calculation analysis factor, plan review technique (three-point estimate), Monte Carlo ( Monte Carlo) Analysis

7, the negative risk of the response strategy there are 3 , and each to give an example of the explanation;

1) avoidance, such as extending the schedule or reducing the range

2) transfer, such as the use of fees into a contract can transfer the cost risk to the buyer, if the project design is stable, you can use a fixed price contract to transfer the risk to the seller

3) mitigation, e.g. with a less complex process

8.What are the 3 strategies for positive risk , and one example;

1) Develop and allocate more capable resources to the project in order to shorten the completion time or achieve the high quality originally expected

2) sharing, establishing risk-sharing partnerships

3) Improve,

9. At the same time apply to the negative risk and positive strategy is what, and examples.

Accept

definition of Risk audit

Risk audit is to examine and document the effectiveness of risk management processes in dealing with identified risks and their root causes.

This article is from the "Xu Huadong" blog, make sure to keep this source http://xingnuo0909.blog.51cto.com/10009343/1706586

October 26, 2015 jobs