Risk Assessment Approach Base Line Approach Information Security Management

Program evaluation review technique (PERT) Rapid application development (RAD) Function point analysis (FPA) Critical path method (CPM) Explanation to Above:Function point analysis is a technique for determining the size of a development task based on the number of function points. Function points are factors such as inputs, outputs, inquiries, logical internal file, etc. While this will help determine the size of individual activities, it will not assist in determining project duration since there are many over-lapping tasks. A PERT chart will help determine project duration once all the activities and the work involved in the activities are known. Rapid application development is a methodology that enables organizations to develop strategically important systems faster while reducing development costs and maintaining quality, and object-oriented system development is the process of solution specification and modeling. Traffic analysis Masquerading Denial of service mail spoofing ISO 9126 focuses on the end result of good software processes, i.e., the quality of the actual software product. ISO 9001 contains guidelines about design, development, production, installation or servicing. ISO 9002 contains guidelines about production, installation or servicing, and ISO 9003 contains guidelines for final inspection and testing.

With the "what if" analysis method, the effect of adding various safeguards (and therefore reducing vulnerabilities) is tested to see what difference each makes. Tradeoffs can then be made based on the cost of the safeguard and its benefit in terms of reduced risk. Choice (B) is incorrect. In traditional cost/benefit analysis, the cost is based on the purchase and operating costs of safeguards. The benefit is calculated based on an expected decrease in future losses. Choice (C) is incorrect. Screening analysis can be used to concentrate on the highest-risk areas. One method is to examine risks with very severe consequences, such as a high dollar loss or loss of life. Choice (D) is incorrect. With "back-of-the envelope" analysis, a high-medium-low ranking can often provide all the information needed. However, especially for the selection of expensive safeguards or the analysis of systems with unknown consequences, more in-depth analysis may be warranted.