4.4 Jobs (change management + security management)

First, change management

1, the principle of change management is the first?

The principle of change management is to first establish the project baseline, change process and change Control Committee (also called the Change Management Committee)

2.What are the more configuration tools in China? (3 )

Rational ClearCase,Visual SourceSafe,Concurrent versionssystem

3. isCCB A decision-making body or an operating institution?

CCB is the decision-making body

4.What is the role of the project manager in the change?

The role of the project manager in the change is to respond to the requirements of the change author, to assess the impact of the change on the project and to respond to the plan, to translate the requirements from technical requirements to resource requirements for the decision of the authorized person, and to adjust the project benchmark according to the results of the review to ensure that the project benchmark reflects the project implementation.

5.change of working procedure? (remember)

Submit and accept a change request

Preliminary examination of the change

Demonstration of change scheme

Project Change Control Committee review

Issue change notification and start implementation

Monitoring of change implementation

Assessment of change effects

6.What is the purpose of the preliminary revision? (remember)

Confirmation of the need for change

Integrity checks to ensure that the information required for evaluation is fully prepared

Agree on the change information presented for evaluation in the stakeholder room

The common way to change the preliminary examination is to change the application document audit flow

7.What are the various aspects of the evaluation of the effect of change?

The first assessment is based on the project benchmark.

It is also necessary to combine the original intention of the change to see whether the purpose of the change has been achieved

Evaluate the gap between the technical argumentation, the content of economic argumentation and the implementation process in the change plan, and advance the solution

8, for change, when can use batch processing, sub-priority way, in order to improve efficiency?

In the case of the overall pressure of the project, it is more important to emphasize the proposed change and the processing should be standardized. You can use batch processing, sub-priority, and other ways to improve efficiency.

9, the project size is small, and other projects associated with the hour, high-tech should be simple and efficient, need to pay attention to which three points?

Exert influence on the factors that change production. Prevent unnecessary changes, reduce unnecessary assessments, and improve the efficiency of the adoption of necessary changes.

The confirmation of the change should be formalized

The operational process of the change should be normalized

What topics should be included in the control of progress changes? (remember)

Determine the current status of a project's progress

Exert influence on the factors causing the change of schedule

Find out if progress has changed

Manage the actual changes as they occur

What are thetopics involved in the control of cost changes?

Impact on factors that cause cost benchmark changes

Make sure the change request is approved

Manage these actual changes when a change occurs

Ensure that potential cost overruns do not exceed authorized project stage funds and overall funding

Monitor cost performance and identify deviations from cost benchmarks

Accurately record all deviations from the cost benchmark

Prevent incorrect, inappropriate, or unapproved changes from being included in the expense or Resource Usage report

Notify interested parties of changes in validation

Take measures to control the anticipated cost overruns within an acceptable range

Please briefly describe the difference between change management and configuration management.

Change management can be considered as part of configuration management

Also visual change management and configuration management are two sets of mechanisms associated with

Second, security management

1, information Security ternary group is what?

Confidentiality, integrity, availability

2, the confidentiality of data generally through which to achieve?

Network Security Protocol

Network authentication Service

Data encryption Services

3.What are the technologies that ensure data integrity?

Non-repudiation of the message source

Firewall system

Communication security

Intrusion Detection System

4.What are the technologies that ensure availability?

Disk and system fault tolerance and backup

Acceptable sign-in and process performance

Reliable, functional security processes and mechanisms

5, in the iso/iec27001 , the content of information security management is summed up in which one of the aspects?

Information security Policy and strategy

Organization Information Security

Asset Management

Human Resource security

Physical and environmental security

Communication and operational safety

Access control

Acquisition, development and maintenance of information systems

Information Security Incident Management

Business Continuity Management

Compliance

6. What is business continuity management?

Disruption of business activities should be prevented, protection of critical business processes from significant information system failures or disasters and ensuring their timely recovery.

7.What are the security technologies commonly used in the application system?

Minimum authorization principle

Anti-exposure

Information encryption

Physical secrecy

8.What are the main factors that affect information integrity?

Equipment failure, error (Error in transmission, processing and storage process, timing stability and accuracy, error caused by various sources of interference), human attacks and computer viruses.

9.What are the main methods to ensure the integrity of the application system?

Agreement

Error correcting coding method

Password Checksum method

Digital signatures

Justice

which nature is generally measured by the ratio of the normal use time of the system to the total working time?

Availability is generally measured by the ratio of the system's normal use time to the total working time

One, in the safety management system, different security level of the security management agencies in which order to gradually establish their own information security organization management system?

Equipped with safety management personnel

Establishing a security functional unit

Establishment of a security leadership group

Principal responsible for leadership

Establishment of information security and secrecy management department

In thelist of elements of information system security management, what are the "risk management" categories, including which families? What families are included in the Business Continuity management category?

Risk Management: Risk management requirements and strategies

Risk Analysis and assessment

Risk control

Risk-based decision making

Management of risk assessment

Business Continuity management: Backup and Recovery

Security event Handling

Emergency treatment

Inthegb/t20271-2006 , how is the information system security technology system described? (one-level title only)

Physical security

Operational security

Data security

What is emergency power supply? Regulated power supply? Power protection? Uninterrupted power supply?

Emergency power supply: Configure basic equipment with low voltage resistance, improved equipment or stronger equipment such as ups, improved ups, multi-level ups , and emergency power supplies (generator sets).

Regulated power supply: Using line regulator to prevent the influence of voltage fluctuation on computer system

Power protection: Set up power protection devices such as metal oxide varistors, diodes, gas discharge tubes, filters, voltage regulator transformers, and surge filters to prevent / reduce power failures.

Uninterrupted power outage: the use of uninterrupted power supply, to prevent voltage fluctuations, electrical interference and power outages and other adverse effects on the computer system.

what is included in the control of the personnel in and out of the room and Operation authority?

Should clear the Computer room safety management of the responsible person, the computer room access should be responsible for the establishment of personnel, unauthorized personnel are not allowed to enter the computer room, access to the computer room, its scope of activities should be limited, and the reception staff accompanied; if the computer room is managed by someone, without approval, no one is allowed to copy the computer room. Without the express permission of the designated management personnel, any recording medium, document material and all kinds of protected products are not allowed to bring out the room, and the work is not allowed into the machine room, the room is strictly forbidden to smoke and bring into the fire and water.

All visitors should be required to be confirmed and approved, grade records should be properly kept for future reference; Persons admitted into the computer room shall generally prohibit the carrying of electronic devices such as personal computers into the computer room, the scope of their activities and operation should be limited, and the computer room reception personnel responsible and accompanied.

for electromagnetic compatibility, what is included in the anti-leakage of computer equipment?

The computer equipment that needs to place the electromagnetic leakage should be equipped with electromagnetic interference equipment, the electromagnetic interference equipment should not be shut down when the computer equipment is protected and the shielding room can be used if necessary. The shielding room should be closed at any time, the shielding door should not be punched in the shielding wall, not outside the waveguide or not through the filter room inside and outside the shield to connect any cable; You should always test the leakage of the shielding room and make necessary maintenance.

what are the key positions of personnel to be unified management, allow one person more post, but business application operators can not be other key positions of personnel concurrently?

For security administrators, system administrators, database administrators, network administrators, key business developers, system maintenance personnel and important business application operations personnel, such as information systems critical positions.

What positions does the business developer and system maintenance personnel not hold or occupy?

You cannot act as a security administrator, a system administrator, a database administrator, a network administrator, or an important business application operator.

Four levels of security are involved in the operation of the application system, what is the order of coarse-to-fine granularity? (remember)

System-level security, resource access security, functional security, data domain security

what is system-level security?

Isolation of sensitive systems, restrictions on Access IP address segments, restrictions on logon periods, session time limits, number of connections, restrictions on logon times during a specific period of time, and remote access control.

What is resource access security?

On the client side, provide users with their permissions related to the user interface, only the corresponding permissions for the menu and Action buttons, on the server side of the URL Program Resources and the business service class method of the call access control.

What is functional safety?

If the user in the operation of business records, whether the need for approval, upload attachments can not exceed the size of the development and so on.

What is data domain security?

One is the security of the row-level data domain, that is, which business records the user can access;

The second is field-level data domain security, which is where users can access the fields of business records

What is the scope of the system operation security checks and records? (and describe each of the contents)

Access control checks for the application system. Includes physical and logical access controls, whether to increase, change, and cancel access rights according to prescribed policies and procedures, and whether the allocation of user rights follows the "least privilege" principle.

Log check of the application system. Includes database logs, system access logs, System processing logs, error logs, and exception logs.

Apply System competency checks. including system resource consumption, system transaction speed and system throughput.

Security operation check of the application system. Whether the user's trial of the application system is accessed and used according to the relevant policies and procedures of information security.

The configuration check of the application system. Check that the configuration of the application system is reasonable and appropriate when configuring the component to play its due function.

Check for malicious code. Whether there is malicious code, such as viruses, Trojan horses, hidden channels resulting in application system data loss, corruption, illegal modification, information disclosure and so on.

ClassifiedAccording to the relevant provisions: Top Secret, confidential and?

Top Secret, Secret and secret

What are thethree levels of reliability rating?

The highest reliability requirement is class a

The minimum reliability required for system operation is class C

Between the middle of a B -level

4.4 Jobs (change management + security management)