Chapter 16th Change Management1, the principle of change management is first?
A: First establish the project baseline, change process and change Control Committee (also called the Change Management Committee).
2, what are the more configuration tools in China? (3)
A: The domestic use of more configuration tools are rational ClearCase, Visual SourceSafe, Concurrent Versions System.
3, CCB is a decision-making body or a working organization?
A: CCB is a decision-making body, not an operating agency.
4, what is the role of the project manager in the change?
A: The requirements of the corresponding change, the assessment of the impact of the change on the project and the response plan, the requirements from the technical requirements to the resource requirements for the decision of the authorized person, and according to the results of the implementation of the project benchmark to ensure that the project benchmarks reflect the implementation of the project.
5, change of working procedure? (Case Analysis)
A: (1) Submit and accept the change application, (2) The first instance of the change, (3) The argumentation of the Change plan, (4) The Project Change Control Committee review, (5) issue the notice of change and start the implementation, (6) The monitoring of the Change implementation, (7) The evaluation of the change effect.
6, what is the purpose of the preliminary revision? (Case Analysis)
A: (1) to exert influence on the change author, to confirm the necessity of the change, to ensure that the change is valuable.
(2) Format check, integrity check, ensure that the information required for evaluation is fully prepared.
(3) to reach a consensus on the proposed change information for evaluation in the stakeholder's room.
(4) The common way to change the preliminary examination is to change the application document audit flow.
7, what are the aspects of the evaluation of the change effect?
A: (1) The first assessment basis is the project benchmark.
(2) It is also necessary to combine the original intention of the change to see whether the purpose of the change has been achieved.
(3) Evaluate the technical argumentation in the change plan, the gap between the economic argumentation content and the implementation process, and advance the solution.
8, for change, when can you use batch processing, priority-based ways to improve efficiency?
A: Under the overall pressure of the project, more emphasis should be placed on the proposed change, processing should be standardized, can be used in batches, sub-priority and other ways to improve efficiency.
9, small project size, and other projects associated with the hour, high-tech should be simple and efficient, need to pay attention to which three points?
A: (1) influence the factors affecting the change. Prevent unnecessary changes, reduce unnecessary assessments, and improve the efficiency of the necessary changes.
(2) The confirmation of the change shall be formalized.
(3) The operation process of the change should be standardized.
Ten, what topics should be included in the control of progress changes? (Case Analysis)
A: (1) Determine the current status of the project Progress, (2) impact on the factors causing the change in schedule;
(3) to ascertain whether the progress has been changed, and (4) to manage the actual changes as they arise.
One, what are the topics for controlling cost changes?
A: (1) exert influence on the factors that cause the change of cost benchmark;
(2) To ensure that the request for change is agreed;
(3) When the change occurs, the management of these actual changes;
(4) To ensure that the potential cost overruns do not exceed the authorized project stage funds and overall funds.
(5) Supervise the cost performance and find out the deviation from the cost benchmark;
(6) Accurately record all deviations from the cost benchmark;
(7) Prevent erroneous, inappropriate or unapproved changes from being included in the expense or resource use report;
(8) Notify interested parties of changes in the validation;
(9) Take measures to control the anticipated cost overruns within an acceptable range.
A, please briefly describe the difference between change management and configuration management.
A: (1) Change management can be considered as part of configuration management when used for project baseline adjustments;
(2) Change management and configuration management are interrelated two sets of mechanisms
(3) Change management is the management of project delivery or benchmark adjustment
(4) Configuration management is the storage management of project delivery and benchmark
17th Chapter Safety Management1, information Security ternary group is what?
Answer: Confidentiality, completeness, availability.
2, and what is the confidentiality of data generally implemented?
A: (1) Network Security Protocol, (2) Network authentication Service, (3) Data encryption service.
3, what are the technologies that ensure data integrity?
Answer: (1) non-repudiation of the source, (2) firewall system, (3) communication security, (4) Intrusion detection system.
4, what technologies are available to ensure availability?
Answer: (1) disk and system fault tolerance and Backup, (2) acceptable login and process performance, (3) reliable functional security and mechanism.
5, in iso/iec27001, the content of information security management is summed up in which 11 aspects?
A: (1) Information security stitches and strategies, (2) Organization of Information Security, (3) Asset Management, (4) Human Resources Security, (5) physical and environmental security, (6) Communication and operational safety, (7) Access control, (8) Information System acquisition and development and maintenance; ; (10) Business continuity management; (11) compliance.
6, what is business continuity management?
A: (1) prevent business disruption, protect critical business processes from significant information system failures or disasters, and ensure that they are restored in a timely manner;
(2) To reduce the loss of information assets resulting from system failure or disaster to an acceptable level;
(3) Control measures to identify and mitigate risks, to limit the impact of adverse events, and to ensure that the information required for business processes is readily available.
7, what are the security technologies commonly used in the application system?
A: (1) Minimum authorization principle, (2) anti-exposure, (3) Information encryption, (4) physical secrecy.
8, what are the main factors that affect information integrity?
A: The main factors affecting the integrity of equipment failure, error (transmission, processing and storage of errors generated in the process, timing stability and precision reduction caused by error, various sources of interference caused by error), human attacks and computer viruses.
9, and what are the main ways to ensure the integrity of the application system?
A: protocol, error correction code, password check and method, digital signature, notarization
Ten, which property is generally measured by the ratio of normal use time to the total working time of the system?
Answer: Availability.
One, in the security management system, different security level of the security management agencies in which order to gradually establish their own information security organization management system?
A: (1) equipped with safety management personnel, (2) Establishment of security functions, (3) The establishment of a safety leadership group;
(4) The main head of the leadership, (5) The establishment of information security and confidentiality management department.
A, in the information System security management elements list, "Risk management" category, including which families? What families are included in the Business Continuity management category?
A: Risk management includes risk management requirements and strategies, risk analysis and assessment, risk control, risk-based decision-making, risk assessment management;
The Business Continuity management class includes backup and recovery, security event handling, and emergency handling.
-and gb/t20271-2006, how is Information system security technology system described? (one-level title only)
Answer: Physical security, operational security, data security.
-, for power supply, what is emergency power supply? Regulated power supply? Power protection? Uninterrupted power supply?
A: (1) Emergency power supply, equipped with the basic equipment of low voltage, improve equipment or stronger equipment, such as basic ups, improved UPS, multi-level ups and emergency power supply (generator set), etc.
(2) Regulated power supply, the use of line voltage regulator to prevent the impact of voltage fluctuations on the computer system;
(3) Power protection, set up power protection device, such as metal oxide variable resistance, diode, gas discharge tube, filter, voltage regulator transformer and surge filter, etc., to prevent/reduce power failure;
(4) Uninterrupted power supply, the use of uninterrupted power supply, to prevent voltage fluctuations, electrical interference and power outages and other adverse effects on the computer system.
the, personnel in and out of the room and operation of the scope of access control include?
A: (1) designated the owner of the computer room, unauthorized personnel are not allowed to enter the room;
(2) Access to the computer room, the scope of its activities should be limited, and the reception staff accompanied;
(3) Room key is managed by special person, do not allow to copy computer room key or server to open the key;
(4) Without the permission of the management personnel, do not allow any material media access room;
(5) The computer room should be strictly forbidden to smoke and bring into the fire and water;
(6) Proper custody of the computer room access registration records;
-, for electromagnetic compatibility, computer equipment to prevent leakage of what content?
A: (1) The need to prevent electromagnetic leakage of the computer equipment should be equipped with electromagnetic interference equipment, in the protected computer equipment operating electromagnetic interference equipment is not allowed to shut down, if necessary, can be used to shield the room;
(2) for the shielding room should be closed at any time the screen door, not in the shielding wall nail drilling, not in the waveguide accidentally without filter on the shielding room inside and outside the connection of any cable;
(3) The leakage of the shielding room should be tested frequently and the necessary maintenance should be carried out.
-, which key positions of personnel to be unified management, allow one person more post, but business application operators can not be the other key positions of personnel concurrently?
A: For security administrators, system administrators, database administrators, network administrators, key business developers, system maintainer members and important business application operators, such as information system key positions of personnel to manage the unified management, allowing one person to multi-gang. But the business application operator cannot have other key position personnel concurrently.
-, business developers and system maintenance personnel can not take part in or hold positions?
A: Security administrators, system administrators, database administrators, network administrators, and key business application operators, such as jobs or jobs.
+, the application system operation involves four levels of security, according to the granularity from coarse to fine sort what is? (Case Analysis)
Answer: System-level security, resource access security, functional security, data domain security.
-, what is system-level security?
A: System-level security is defined by the current system security technology analysis, the development of system-level security policy, including the isolation of sensitive systems, access to IP address segment restrictions, logon time limit, the time limit, the number of connections limit, the limit of the number of logins in a specific period of time and remote access control, etc. System level security is the first protection door of application system.
+, what is resource access security?
A: Resource access security is a program resource access security control, on the client, for the user to provide only the interface, menu and action buttons with their rights, on the server side of the URL program resources and business service class methods of access control.
A, what is functional safety?
A: Functional security refers to restrictions within the program flow, such as whether the user needs to audit when operating a business record.
at, what is data domain security?
A: Data domain security includes two levels, one is row-level data domain security, that is, what business data users can access, generally in the user's unit to filter the conditions, and the other is the field-level data domain security, that is, users can access the fields of business records.
-, what is the scope of the system running security checks and records? (and describe each of the contents)
Answer: (1) The application system's access control check. Includes physical and logical access controls, whether to increase, change, and cancel access rights according to prescribed policies and procedures, and whether the user's rights assignment follows the "least privilege" principle.
(2) Log check of the application system. Includes database days, system access logs, System processing logs, error logs, and exception logs.
(3) Usability check of the application system. Including system outage time, system uptime and system recovery time.
(4) Application system capability check. including system resource consumption, system transaction speed and system throughput.
(5) Security operation check of application system. Whether the user's use of the application system is accessed and used according to the relevant policies and procedures of information security.
(6) Maintenance check of application system. Whether the maintainability problem is resolved within the stipulated time, whether the problem is solved correctly, whether the process of solving the problem is effective, etc.
(7) Configuration check of the application system. Check that the configuration of the application system is reasonable and appropriate, and that each configuration component is functioning as it should.
(8) Check of malicious code. Whether there is malicious code, such as viruses, Trojan horses, covert channels resulting in application system data loss, corruption, illegal modification, information disclosure and so on.
-, classified according to the relevant provisions classified as: Top Secret, confidential and?
A: Top secret, confidential and secret.
-, what are the three levels of reliability rating?
A: Reliability requires the highest level of C, reliability requires the lowest level of C, there is a class B between a and C.
This article from "The Boundless" blog, declined reprint!
2016 first half of the system integration in the April 4 job