2015.10.26 Information System Project Manager assignment

I. PMI authority (authorization) management infrastructure
1, the access control includes which 2 important processes, and content;

For:

A. Authentication process: Verifying the legal identity of the subject through "identification"
B. Authorization management: Granting users access to a resource through authorization

2. What is the difference between PMI and PKI? Which is "What can you Do" and which is "who are you?"

For:

PMI: What can you do, mostly authorized
PKI: Who you are, identification

Second, information security audit system
1, the People's Republic of China National standards-computer system security capacity of 5 levels;

For:

1> independent protection level (for ordinary intranet users);

2> System Audit Protection level (for the intranet or the international network for business activities, non-essential units requiring confidentiality);

3> Safety mark protection level (applicable to local authorities, financial units, post and telecommunications, energy and water supply departments, transportation, large-scale business and information technology enterprises, key projects and other units);

4> structured protection level (applicable to central State organs, radio and television departments, important materials reserve units, social emergency services sector, cutting-edge science and technology enterprise groups, national key scientific research institutions and national defense construction departments);

5> Access Verification protection level (for key defense departments and for special isolation of computer information systems as required by law)

2, the concept of network monitoring type, active information acquisition type, system embedded type agent;

For:

"Network Monitor Type: run in a network monitoring dedicated hardware platform, the hardware is called network exploration
Active Information acquisition: Log phones for non-host-type devices such as firewalls, switches, routers, etc.
"Embedded Agent: Security protection software installed on each protected host, which implements host-based safety audits and monitoring.

Iii. Organization and management of information security system
1, the Enterprise Information security organization and management, personnel security including which 6;

For:

1. Personnel review
2. Job Responsibilities and authorizations
3. Personnel Training
4. Personnel Assessment
5. Signing a confidential contract
6. Redeployment of personnel

2, the training for information security is divided into four levels, the main content at all levels;

For:

1 "knowledge level: to establish sensitivity to the threat and vulnerability of computer information systems, and to understand the basic knowledge of computer information system protection."
2 policy level: To provide understanding of computer information System security principles of the ability to enable the executive leadership to make the enterprise computer Information security reasonable and scientific policy.
3 "Implementation level: to provide awareness and assessment of the ability to withstand threats and attacks, through training, the leaders of all levels of security responsibility and security management can formulate and implement their corporate security policy.
4 Implementation level: to provide the computer information system all kinds of personnel to the actual, implementation, assessment of their computer information system security procedures and skills, so that staff in the implementation of their duties related tasks can apply the concept of security.

3. How many working groups have been established in the Information Security Standard Committee?

For:

WG1: Working Group on standards Systems and coordination
WG3: Password and information Security management workgroup
WG4: Working Group on Identification and authorization
WG5: Information security Assessment Working Group
WG7: Working Group on Information Security management

Iv. Isse-cmms
1. What are the three types of process areas included in ISSE-CMM?

1. Engineering
2. Project
3. Organization

V. New TECHNOLOGIES
1, three models of cloud computing;

IAAS: Infrastructure as a service
PAAS: Platform as a service
SAAS: Software as a service

2, the three layer of the internet of things;

1. Perceptual Layer
2. Network layer
3. Application Layer

3, the difference of incident management, problem management, service level agreement;

Event Management: Something that happens once in a while (passive)
Problem management: frequently occurring problems (finding the cause of the problem)
Service level agreements: fines do not belong to the requirements of technology and quality (quality, level, performance).

4, see "Big Data Development Program", Internet +, China intelligent Manufacturing 2025.
5, the WEB service applies four kinds of circumstances, and does not apply 2 kinds of circumstances;

1. Cross-firewall
2. Integration of applications written in different languages and running on different platforms
3. Cross-company business integration
4. Software Reuse
Not suitable for:
1. Stand-alone applications
2. Homogeneous applications in the LAN

6, DAS, NAS, san the difference;

DAS: direct-attached storage
NAS: Network-attached storage
SAN: Storage-based network

7, the integrated wiring system includes which 6 subsystems.

1. Buildings
2. Vertical
3. Level
4. Equipment
5. Management
6. Work Area

2015.10.26 Information System Project Manager assignment