2. 计算机
  3. The following scenario applies to questions 27 and 28. Sam is the security manager of a company that makes most of its revenue f

The following scenario applies to questions 27 and 28. Sam is the security manager of a company that makes most of its revenue f

admin2013-12-19  70
问题 The following scenario applies to questions 27 and 28.
Sam is the security manager of a company that makes most of its revenue from its intellectual property. Sam has implemented a process improvement program that has been certified by an outside entity. His company received a Level 2 during an appraisal process, and he is putting in steps to increase this to a Level 3. A year ago when Sam carried out a risk analysis, he determined that the company was at too much of a risk when it came to potentially losing trade secrets. The countermeasure his team implemented reduced this risk, and Sam determined that the annualized loss expectancy of the risk of a trade secret being stolen once in a hundred-year period is now $400.
Which of the following is the criteria Sam’s company was most likely certified under?
选项 A、SABSA
B、Capability Maturity Model Integration
C、Information Technology Infrastructure Library
D、Prince2
答案C
解析 B正确。软件能力成熟度模型集成(CMMI)是一种帮助组织提高性能的过程改进方法。CMMI模型也可以用作评估组织的过程成熟度框架。CMMI中使用的等级有等级1-初始级,等级2-已管理级,等级3-已定义级,等级4-量化管理级以及等级5-优化管理级。
A不正确。因为Sherwood应用的商业安全体系结构(SABSA)是信息安全企业体系结构的开发模型和方法。由于它是一个框架,这意味着它提供的是供独立体系结构构建的结构。也正是因为它是一种方法,所以意味着它提供了构建和维护这种体系结构所需要遵循的流程。
C不正确。因为信息技术基础构架库(ITIL)是IT服务管理最佳行为的实际标准。之所以创建ITIL是因为业务需求对信息技术的依赖性逐渐增加。尽管ITIL包含了一个处理安全的组件,但它的重心更多地集中在IT部门和它所服务的“客户”之间的内部服务级别协议。这些客户通常是内部部门。ITIL并不适用该情景中描述的等级。
D不正确。因为PRINCE2(受控环境中的项目)是为了实现高效项目管理的一种基于过程的方法。它主要是UK政府使用,而不是CISSP考试所涉及的主题。
转载请注明原文地址:https://kaotiyun.com/show/TNhZ777K
0

CISSP认证

相关试题推荐
随机试题
最新回复(0)