Software Engineering (10th Edition)
10th Edition
ISBN: 9780133943030
Author: Ian Sommerville
Publisher: PEARSON
expand_more
expand_more
format_list_bulleted
Expert Solution & Answer
Chapter 13, Problem 13.3E
Explanation of Solution
Need for Preliminary risk assessment and design assessment:
The activities undergoing in an organization for identifying and understanding the risk to system and data are known as system risk assessment.
When a new system is developed, throughout its development life cycle different stages of risk assessment are performed.
- Preliminary Risk assessment:
- Preliminary risk assessment stage is needed as it identifies the generic risks applicable to systems.
- Preliminary risk assessment also helps in deciding how to achieve an adequate level of security at a reasonable cost.
- Preliminary risk assessment consists of data management risk, technical risk, contractual risk and employee risk...
Expert Solution & Answer
Want to see the full answer?
Check out a sample textbook solutionStudents have asked these similar questions
In order to create an effective system security strategy, it is crucial to have a firm grasp of our system's current and future design.
Is it necessary to have a full discussion of different security management concepts and the underlying principles?
The following examples illustrate how a security framework might potentially aid in the design and execution of a solution. How does the governance of IT really work? Who is responsible for making preparations regarding the organization?
Knowledge Booster
Similar questions
- Explain in your own words why it is important to design information security into applications during each phase of the SDLC.arrow_forwardDo we need to have an in-depth conversation about the many concepts of security management as well as the principles that guide their implementation?arrow_forwardThe final step in the security risk assessment process is to _____. a. assess the feasibility of implementing each of the identified mitigation measures b. decide whether or not to implement particular countermeasures c. create a chart that identifies loss events, their frequency, and their monetary costs d. analyze the costs and benefits of various countermeasuresarrow_forward
- Why is it imperative that we have a complete understanding of the current and prospective architecture of our system before developing a security strategy?arrow_forwardA practical example from your own experience may help you make a compelling argument for and against the benefits of a division of duties in an organization's security policy.arrow_forwardWhen it comes to the importance of incorporating security techniques into the first stages of the system development lifecycle, what are your thoughts?arrow_forward
- Why should we understand our system's existing and future architecture before establishing a security strategy?arrow_forwardHow to Mapping the Security Development Lifecycle to the Software Development Lifecyclearrow_forwardresearch on computer-based risk management. Determine your resources, threats, weaknesses, risks, and mitigation. Include system parts in each category. What significant flaws were discovered? How can risk be diminished? own system security strategy? Will you carry out? If not, why not?arrow_forward
arrow_back_ios
arrow_forward_ios
Recommended textbooks for you
- Management Of Information SecurityComputer ScienceISBN:9781337405713Author:WHITMAN, Michael.Publisher:Cengage Learning,Principles of Information Security (MindTap Cours...Computer ScienceISBN:9781337102063Author:Michael E. Whitman, Herbert J. MattordPublisher:Cengage Learning
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning