7 - Defining the Project Budget and Risk Plans Flashcards
What are the main topics covered in this chapter?
Security, budgeting, risk activities and strategies for your project
What are the four types of security mentioned?
- Physical security
- Operational security
- Digital security
- Data security
What constitutes the classic definition of the triple constraints?
- Scope statement
- Schedule
- Budget
Define a security policy.
A document outlining the minimum standards required to secure the organization’s technology-related systems, assets, and data
What sections are typically included in a security policy?
- Purpose
- Scope
- Definitions
- Appendix
- Roles and responsibilities
What is the purpose section of a security policy?
It states what the policy is protecting and why
What does the scope section of a security policy define?
The people impacted by the policy and a description of the systems covered
What is the difference between a policy and a procedure document?
A policy outlines what to accomplish, while a procedure outlines how to accomplish it
List some examples of IT security policies.
- Acceptable use policy
- Protection for electronic confidential information
- Network and system configuration
- Cybersecurity incident response
- Acquisition and disposal of technology assets
What is an acceptable use policy?
A policy instructing how to use the organization’s technology resources
What are branding restrictions in the context of security?
Regulations related to trademarks, copyrights, and patents
What is a trademark?
A symbol used to identify a company, brand names, logos, etc.
How are security clearances categorized for government organizations?
- Confidential
- Secret
- Top secret
What is operational security?
Policies for performing background checks and security clearances
What does digital security focus on?
Access and permissions to digital assets
What is multifactor authentication (MFA)?
A process requiring two or more methods to verify a user’s identity during sign-in
What is data classification?
Describing data according to its sensitivity, type, and value to the organization
What are two types of sensitive data classifications mentioned?
- Personally identifiable information (PII)
- Personal health information (PHI)
What is the ‘need-to-know’ principle?
Information should only be shared with those who need it to perform a task
What is the primary role of a project manager regarding project costs?
Estimating costs to complete the work of the project and determining the project budget
What are the four cost-estimating techniques?
- Analogous (top-down)
- Parametric
- Bottom-up
- Three-point estimates
True or False: Cost estimates become final once the cost baseline is determined.
True
What are the four techniques for cost estimating discussed?
Analogous, parametric, bottom-up, and three-point estimates.
What is analogous estimating also known as?
Top-down estimating.