October 26, 2015 jobs

First, change management
1, the change of the working procedure;
(1) Submit and accept the change request
(2) Preliminary examination of changes
(3) Demonstration of the change scheme
(4) Review of the Project change Control Committee
(5) Issue notice of change and start implementation
(6) Monitoring of change implementation
(7) Evaluation of change effect
(8) Determine if the project has been incorporated into the normal track after the change has taken place
2, change the first instance of 4 content;
(1) To exert influence on the change, to confirm the necessity of the change, to ensure that the change is valuable;
(2) Format check, integrity check, to ensure that the information required for the evaluation of adequate preparation;
(3) to reach a consensus on the change information of the assessment in the stakeholder's room;
(4) The common way to change the preliminary examination is to change the application document audit flow;
3. Control of progress change, including which topics.
(1) Determine the current status of the project progress;
(2) exert influence on the factors causing the change of schedule;
(3) to ascertain whether the progress has been changed;
(4) To manage the actual changes when they occur;

Second, security management
1, which technology to achieve the confidentiality of information;
(1) Network Security Protocol (2) network authentication Service (3) Data encryption service
2, which technology to achieve the integrity of information;
(1) Non-repudiation of the message source (2) firewall System (3) communication Security (4) Intrusion detection system
3, which technology to achieve the availability of information;
(1) Fault tolerance and backup of disk and system
(2) Acceptable login and process performance
(3) Reliable and functional security processes and mechanisms
4, the definition of reliability, and measurement methods;
The probability of failure to complete the specified function under the specified time and given conditions is usually measured by MTBF of mean time interval.
5. What are the common security technologies used in the application system?
(1) Minimum authorization principle
(2) Anti-exposure
(3) Information encryption
(4) Physical encryption
6. What are the methods to ensure the integrity of the application system?
(1) Agreement
(2) Error Correcting coding method
(3) Digital signature
(4) Password check and method
(5) Notarization
7, the room for distribution of 8 kinds of power;
(1) Separate power supply
(2) Emergency power supply
(3) Standby power supply
(4) Regulated power supply
(5) Power protection
(6) Uninterrupted power supply
(7) Electrical noise protection
(8) Sudden incident protection
8, emergency power supply, voltage supply of the content;
(1) Emergency power supply: Configure basic equipment with low voltage, improve equipment or stronger equipment, such as basic ups, improved UPS, multi-level ups and emergency power supply (generator set), etc.
(2) Regulated power supply: the use of line voltage regulator to prevent the impact of voltage fluctuations on the computer system.
9, the application system operation, involving 4 levels of security, these 4 levels of security, according to the granularity from coarse to fine arrangement;
(1) System-level security (2) Resource access security (3) functional Security (4) Data domain security
10, which belongs to system-level security;
(1) Isolation of sensitive systems
(2) Restrictions on access to IP address segments
(3) Limit of login time period
(4) Limit of Session time
(5) Limit of number of connections
(6) Restrictions on login during a specific time period
(7) Remote access control
11, which belongs to the security of resource access;
(1) On the client, to provide users with their permissions related to the user interface, into the appearance and its permissions to match the menu and action buttons;
(2) On the server side, the URL program resources and the Business service class method call access control;
12, which belongs to functional safety;
Users in the operation of business records, whether it is necessary to audit, upload Fujian can not exceed the size of the formulation and so on.
13, the data domain security includes which 2 levels;
(1) Row-level data domain security, that is, users can access those business records;
(2) field-level data domain security, that is, users can access the business records of those fields;
14, the application system's access control inspection includes which;
including physical and logical access control, whether to follow the prescribed policies and procedures for the increase, change and cancellation of access rights, the allocation of user rights to follow the "least privilege" principle;
15, the application system log check including which;
(1) database log (2) system access log (3) system processing log (4) error log (5) Exception Log
16, the usability of the application system to check including which;
(1) System outage time (2) System normal service time (3) System recovery time, etc.
17, the application system maintenance check including which;
Whether the maintenance problem is resolved within the stipulated time, whether the problem is solved correctly, whether the process of solving the problem is effective, etc.
18, the security level is divided into which 2 kinds;
(1) Confidentiality level: Top Secret, confidential, secret
(2) Reliability Rating: Class A, B, C (from high to low)

Third, risk management
1, the risk management process includes which six steps;
(1) Risk management planning (2) risk identification (3) Quantitative risk analysis (4) Qualitative risk analysis (5) Response plan Preparation (6) Risk monitoring
2, the risk of accidents, and the difference between risk factors;
(1) Risk accident: is the direct or external cause of the loss, is the loss of the media, that is, the risk only through the occurrence of risk accidents to lead to loss;
(2) Risk factors: if he is the indirect cause of the loss, is the risk factors;
3. What are the methods of risk identification;
(1) Delphi Technology (2) Brainstorming Method (3) SWOT analysis (4) Checklist (5) Graphic technology
4. What are the methods of risk qualitative analysis;
(1) Risk Probability and impact assessment (2) Probability and Impact matrix (3) Risk classification (4) Risk urgency assessment
5, risk qualitative analysis, according to the probability and impact matrix, high-risk measures, what is the low-risk measures;
(1) High risk: the need to take key measures to adopt a positive response strategy;
(2) Low risk: Put in the list of risk to be observed or allocate emergency reserve additional, do not need to take any other immediate direct management measures;
6. What are the methods of risk quantitative analysis;
(1) Expected monetary Value (EMV) (2) Calculation analysis Factor (3) Plan review Technique (PERT) (4) Monte Carlo analysis
7, the negative risk of the response strategy there are 3, and each to give an example of the explanation;
(1) Evasion: extended progress, less range
(2) Transfer: Sell or Outsource
(3) Mitigation: Use less complex processes, implement more tests, or choose a more stable and reliable seller
8. What are the 3 strategies for positive risk, and one example;
(1) Development: To allocate more resources for the project to improve the progress and improve quality;
(2) Sharing: establishing and sharing partnerships to share risks to third parties most able to gain opportunities for project benefits;
(3) Improve: Increase the probability and influence of positive risk, identify and maximize the driving factors of positive risk, promote or enhance the cause of the opportunity, strengthen the trigger conditions, improve the probability of chance occurrence;
9. At the same time apply to the negative risk and positive strategy is what, and examples.
(1) Accept
(2) The strategy can be divided into active and passive ways, the most common way to proactively accept risk is to establish emergency reserve, to deal with known or potential unknown threat opportunities. Passively accepting the risk does not require any action to be taken and left to the project team, subject to the situation when the risk occurs.
10. Definition of Risk audit
Risk audits are the examination and documentation of risk coping strategies, the effectiveness of identified risks and their root causes, and the effectiveness of the risk management process.

October 26, 2015 jobs