EBK SOFTWARE ENGINEERING
10th Edition
ISBN: 8220101455970
Author: SOMMERVILLE
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.3E
Explanation of Solution
Need for Preliminary risk assessment and design assessment:
The activities undergoing in an organization for identifying and understanding the risk to system and data are known as system risk assessment.
When a new system is developed, throughout its development life cycle different stages of risk assessment are performed.
- Preliminary Risk assessment:
- Preliminary risk assessment stage is needed as it identifies the generic risks applicable to systems.
- Preliminary risk assessment also helps in deciding how to achieve an adequate level of security at a reasonable cost.
- Preliminary risk assessment consists of data management risk, technical risk, contractual risk and employee risk...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
The fact that computer security is almost often considered as an afterthought
rather than an integral part of the development process is one of the most
significant problems associated with this aspect of the field. In the event that
nothing further can be done, it is essential to express the ramifications.
It is recommended to submit a proposal for a security education program. Artifacts that have been finished and polished are assumed to include all their vital parts. The input that was used to create it should be reflected in the final product. The proposal will comprise an executive summary, communication plan, proposal introduction, rules and processes, suggested solutions to security flaws, and methods to continuously monitor the organization for hostile behaviour.
It is recommended to submit a proposal for a security education program. Artifacts that have been finished and polished are supposed to have every part they need. The input that was used to create it should be reflected in the final product. The proposal will include an executive summary, a communication plan, an introduction, rules and processes, suggested solutions to security flaws, and plans to continuously monitor the organization for hostile behaviour.
Knowledge Booster
Similar questions
- It is recommended to propose a security awareness campaign. Finished works of art should not be missing any important parts. All of the input should be reflected in the final product. Proposal contents will comprise an executive summary, communication plan, proposal introduction, rules and processes, suggested solutions to security flaws, and plans to continuously monitor the organization for hostile behaviour.arrow_forwardHow does the role of a Security Consultant integrate with that of a Systems Architect in ensuring project robustness?arrow_forwardWhen developing a plan for security, it is necessary to keep track of three essential components.arrow_forward
- When it comes to the importance of incorporating security techniques into the first stages of the system development lifecycle, what are your thoughts?arrow_forwardWhat, exactly, is meant by the term "system security" when it is used to describe a given situation?arrow_forwardThe following examples illustrate how a security framework might potentially aid in the design and execution of a solution. How does the governance of IT really work? Who is responsible for making preparations regarding the organization?arrow_forward
- One of the difficulties with computer security is that it is often seen as an afterthought, to be integrated into a system after it has been designed rather than being considered as an essential part of the design process from the beginning. If security is an afterthought, it is important to briefly explain the implications.arrow_forwardExplain the overall importance of security planning in anyorganizational environment where software systems are createdor deployed.arrow_forwardOne of the challenges associated with computer security is that it is frequently considered an afterthought, or something that should be added into a system after it has been designed, rather than being regarded as an essential component of the design process from the very beginning. This is one of the primary reasons why computer security is so problematic. If safety is treated as an afterthought, it is vital to investigate the repercussions for just a moment.arrow_forward
- A security framework may be used to assist in the design and implementation of a security infrastructure, as demonstrated in the following examples. What exactly is information security governance, and how does it function? - How does it work? Who should be in charge of making preparations inside the organization?arrow_forwardHow precisely can a security framework help in the planning and implementation of a security infrastructure? As compared to other forms of governance, information security governance stands out due to its unique characteristics. Is there a person or group inside the company who should be responsible for making contingency plans?arrow_forwardOne of the challenges with computer security is that it is sometimes seen as an afterthought, something to be added to a system after it has been created, rather than as an important part of the design process from the start. If security is an afterthought, it is critical to consider the ramifications quickly.arrow_forward
arrow_back_ios
SEE MORE QUESTIONS
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Systems (MindTap Course...Computer ScienceISBN:9781305971776Author:Ralph Stair, George ReynoldsPublisher:Cengage LearningPrinciples of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning