Chapter 7 (Security) Flashcards
Several areas of Security include ________, ________, ________, and __________.
Physical
Digital
Operational
Data
Corporate IT Policies
A document that outlines the minimum standards required to secure the organization’s technology-relatied systems, assets, and data. It also outlines the rules and procedures for accessing the organization’s systems and data.
Security Policy
A Purpose, Scope, Definitions Section, and an Appendix is included in most _________.
Policies
What section of a policy states what the policy is protecting and why?
Purpose
What section of a policy defines the people impacted by the policy, such as employees and contractors, and a description of the systems the policy is covering?
Scope
What section of a policy outlines the rules and procedures regarding accessing the organization’s systems and data?
Scope
What document outlines the HOW we are going to accomlish a task?
Procedure Document
What section of a policy includes descriptions of equipment, data, services, etc..?
Defenitions Section
What section of a policy will outline who performs the inventory and disposal and the employees role on allowing access for these activities?
Roles and Responsibilities
A type of security for those who create products, intellectual property, or unique services
Branding Restrictions
What involves a trademark, copyright, registered trademark, or patent?
Branding
What is generally used to identify a company, brand names, logos, and such?
Trademark
What identifies the intellectual property of a company and is registered with teh U.S. Patent and Trademark Office?
Registered Trademark
What is used for intellectual property such as books, music, recordings, and so on?
Copyright
Intellectual property that is awaiting acceptance by the Patent and Trademark Office is designated as ________.
Patent Pending
What type of security involves securing assets such as mobile devices, removable media devices, access to facilities, and more?
Physical Security
What type of security includes policies for performing background checks and security clearance?
Operational Security
What three levels of Security Clearance are there for the U.S. Department of State?
Confidental
Secret
Top Secret
What type of security policies are related to access and permissions to digital assets? This may include systems, data, communication equipment, etc..
Digital Security
MFA
Multifactor Authentication
A process whereby the user must use two or more methods to verify their identity during the sign-in process.
Multifactor Authentication (MFA)
A way for users who are not physically located at the organization’s site to access information.
Remote Access
What type of security policies define access by roles and responsibilities and/or by data classification?
Data Security
A way to describe data ccording to it’s sensitivity, type, and value to the organization.
Data classification
PII
PHI
Personal Identifiable Information
Personal Health Information
When information should only be shared with those who have a need-to-know to perform a task or fulfuill their job function.
Need-To-Know Basis
Who has the rprimary role of estimating the costs to complete the work of the project, determining the project budget, and estimating the total cost of the project?
Project Manager
Two areas where you want to be as accurate as possible when presenting estimates.
Cost Baseline
Schedule Baseline
Four techniques to determine cost estimates
Analogous
Parametric
Bottom-up
Three-Point
Analogous Estimating is also know as _________.
Top-Down Estimating
Determines the cost of the project at a high level by using a similar past project as a basis for the estimate. Usually uued when there is not alot of detail on the project.
Analogous (Top-Down) Estimate
Determines the cost of a project by using a mathematical model to compute costs and often uses the quality of work multiplied by the rate.
Parametric Estimating
Which is the most precise cost-estimating technique?
Bottom-Up Estimating
The total time it will take for a person to complete the task if they do nothing else from the time they start until the task is complete.
Work Effort
Determines the cost of the project by assigning a cost estimate to each work package on the project.
Bottom-Up Estimate
Determines the cost of the project by being an average of the Most Likely Estimate, the Optimistic Estimate, and the Pessimistic estimate.
Three-Point Estimate
Which estimate assumes the costs will come in as expected?
Most Likely Estimate
Which estimate is an estimate that is better than expected?
Optimistic Estimate
Which estimate assumes the goods or services will cost more than expected?
Pessimistic Estimate
Let’s say your most likely estimate for contracting work is $302 per hour. The optimistic estimate is $250 per hour, and the pessimistic estimate is $400 per hour. Using the three-point estimate, create an equation and write the answer.
($302+$250+400) / 3 = $317.33
What is a Loaded Rate?
A percentage of the emplyee’s salary to cover benifits such as medical, disibility, or pension plans.
What do you do next once the cost estimate is completed?
Prepare the Budget
The process of aggregating all the cost estimates and establishing a cost baseline for the project.
Budgeting
The total expected cost for the project
Cost Baseline
PMO
Program Management Office
Program Management Offices’ tasks are to
Over see project budgets, approve expenses, and track all the project budgets
Which department defines the cost categories Project Budgets are broken down into?
Accounting Department
Name a few examples of Cost Categories
Salary
Hardware
Software
Travel
Training
Materials
Supplies
CapEx
Capital Expenses
OpEx
Operational Expenses
Which type of expense applies to assets that are expected to provide benefits to the organization for an extended time into the future? (software purchases, equipment purchases, building purchases, etc..)
Capital Expenses
Which type of expense applies to whats needed to run the day-to-day activities of the business? (Training, Salaries, Rent, etc..)
Operational Expenses
Which type of expense is a certain amount of money set aside to cover costs resulting from possible adverse events or unexpected issues on the project?
Contigency Reserve
Which type of expense is an amount set aside by upper management to cover future sitauations that can’t be predicted?
Management Reserve
The total approved exptected cost for the project.
Cost Baseline
What type of graph is this?
Cost Baseline
Measuring the project spending to date, determining the how fast you’re going through the money (burn rate), and tracking expenditures to the cost baseline so that stakeholders can see what was planned versus what was actually spent on the project.
Expenditure Tracking
The mechinism you’ll use to report on the current state of the project budget.
Expenditure Reporting
What shows the remaining time and work effort for the itteration?
Agile Burndown Chart
What shows the Burn Rate (the rate at which you are spending funds over time) for the budget over the scheduled timeline?
Budget Burnout Chart
The rate at which you are spending funds over time
Burn rate
What is this chart an example of?
Budget Burndown Chart
EVM
Earned Value Measurement
A performance measurement technique that compares what your project has produced to what you’ve spent by monitoring the planned value, earned value, and actual costs expended to produce the work of the project.
Earned Value Measurement (EVM)
The primary functions of _______________ is to determine and document the cause of the varience, to determine the impact of the varience, and to determine whether a corrective action should be implemented as a result.
Earned Value Measurement (EVM)
___________________ allows you to forcast where the project is headed.
Earned Value Measurement (EVM)
To perform the Earned Value Measruement calculations, you need to first gather these three measurements:
Planned Value
Actual Cost
Earned Value
The cost of work that has been authorized and budgeted for a specific activity.
Planned Value
PV
Planned Value
Money that’s actually been spent during a given time period for completing work
Actual Cost
AC
Actual Cost
The value of the work completed to date as it compares to the budgeted amount.
Earned Value
EV
Earned Value
What tells you whether your costs are higher than budgeted or lower than budgeted?
Cost Variance
CV
Cost Variance
What is the formula for Cost Variance (CV)?
CV = EV - AC
Compares an activitiy’s actual progress to date to the estimated progress and is represented in terms of cost.
Schedule Variance
What is the Schedule Variance formula?
SV = EV - PV
CPI
Cost Performance Index
Measures the value of the work completed at the measurement date against the actual cost.
Cost Performance Index (CPI)
What is the Cost Performance Index (CPI) formula?
CPI = EV / AC
SPI
Schedule Performance Index
Measures the progress to date against the progress that was planned.
Schedule Performance Index
What is the scheduel Performance Index forumla?
SPI = EV / PV
The rate you are spending money over time.
Burn Rate
ETC
Estimate to Complete
The cost estimate for the remaining project work
Estimate to Complete (ETC)
What is the Estimate to Complete (ETC) forumla?
ETC = Budget - Spend to Date
A potential future event that can have either negative or positive impacts on the project.
Risk
Deals with how you manage the areas of uncertainty in you project
Risk Planning
What are the three components to risk planning?
Risk Identification
Risk Analysis
Preparing Risk Response
The process of determining and documenting the potential risk that could occur on you project
Risk Identification
A list of risks that includes an identification number, risk name, risk description risk owner, and risk plan.
Risk Register
The person responsible for monitoring the project to determine whether the potential for the risk event is high and for implementing the risk reponse plan should it occur.
Risk Owner
Risks that are catastrophic in nature and are outside of the control of the organization.
Force Majeure
SWOT
Stengths, Weaknesses, Opportunities, and Threats
Involves analyzing the project from each of these perspective: Strength, Weakness, Opportunities, and Threats
SWOT
Examines what you organization does well
Strengths
Areas the organization could improve upon
Weaknessess
Identifies risks that have the greatest possibility of occurring and the greatest impact to the project if they do occur.
Risk Analysis
A way to prioratize and quantify risks so they are easy to understand
Impact Analysys
The likelighood that a risk event will occur
Probability
The consequence the risk poses to the project if it occurs
Impact
Probability with wieght by which measurements?
0.0 - 1.0
Impacts are weighed by which measurements?
0 - 10
The process of determining the probability and impact of the risks and ranking them in order of priority to determine which ones need response plans.
Qualitative Analysis
The process of assigning numeric probabilities to risks and their impacts on project objectives
Quantitative Analysis
Looks at risks from the perspective of various situations or scenarios that may occur as the project progresses.
Situational/Scenario Analysis
An analysis that uses cost or schedule variables that are input into the model and then replicated several times to estimate potential outcomes for each of the variables used.
Monte Carlo Analysis
The process of reviewing the risk analysis and determining what action should be taken to reduce negative impacts.
Preparing Risk Responses
Reducing the impact or the probability of the risk
Mitigate
A sign or a precursor signaling that a risk event is about to occur.
Risk triggers
Who is reponsible for monitoring the risk assigned to them and watching for risk triggers?
Risk Owner
Describes who should be alerted once a risk event occurs
Points of Escalation
