Chapter 3

Question 1

What does a CISO do?

Answer 1

• Creates strategic IS plan.
• Suggests IS solutions to protect business activities.
• Improving IS by managing and planning.

Question 2

What’s a Security Systems
Development Life Cycle (SecSDLC)?

Answer 2

a methodology for the design and
implementation of an information system

Question 3

What are the 6 steps in SecSDLC?

Answer 3

1. Investigation.
2. Analysis.
3. Logical Design.
4. Physical Design.
5. Implementation.
6. Maintenance.

Question 4

What’s “Investigation” in SecSDLC?

Answer 4

budgeting, and defining the scope and goals, etc.

Question 5

What’s “Analysis” in SecSDLC?

Answer 5

Analyzing existing security
policies, programs and threats.

Question 6

What’s “Logical Design” in SecSDLC?

Answer 6

Developing a blueprint and policies.

Question 7

What’s “Physical Design” in SecSDLC?

Answer 7

Evaluating the blueprint and agreeing on a final design.

Question 8

What’s “Implementation” in SecSDLC?

Answer 8

Implementing and testing the security program.
An employee signature of acknowledgement is important.

Question 9

What’s “Maintenance” in SecSDLC?

Answer 9

Keeping the program up to date.
Includes a report mechanism for users with complaints or suggestions.