2 cissp ® Official Study Guide Eighth Edition



Download 19,3 Mb.
Pdf ko'rish
bet824/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   820   821   822   823   824   825   826   827   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Gantt Charts and PERT
A Gantt chart is a type of bar chart that shows the interrelationships over time between 
projects and schedules. It provides a graphical illustration of a schedule that helps to plan, 
coordinate, and track specific tasks in a project. Figure 20.5 shows an example of a Gantt 
chart.
F I g u r e 2 0 . 5
Gantt chart
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19
Task Name
Do Initial Design
Price Design
Order Materials
Product Testing
Distribution
ID
1
2
3
4
5
Weeks
Program Evaluation Review Technique (PERT) is a project-scheduling tool used to judge 
the size of a software product in development and calculate the standard deviation (SD) for 
risk assessment. PERT relates the estimated lowest possible size, the most likely size, and 


888
Chapter 20 

Software Development Security
the highest possible size of each component. PERT is used to direct improvements to project 
management and software coding in order to produce more efficient software. As the capa-
bilities of programming and management improve, the actual produced size of software 
should be smaller.
Change and Configuration Management
Once software has been released into a production environment, users will inevitably 
request the addition of new features, correction of bugs, and other modifications to the 
code. Just as the organization developed a regimented process for developing software
they must also put a procedure in place to manage changes in an organized fashion. Those 
changes should then be logged to a central repository to support future auditing, investiga-
tion, and analysis requirements.
Change management as a Security Tool
Change management (also known as control management) plays an important role when 
monitoring systems in the controlled environment of a datacenter. One of the authors 
recently worked with an organization that used change management as an essential com-
ponent of its efforts to detect unauthorized changes to computing systems.
File integrity monitoring tools, such as Tripwire, allow you to monitor a system for 
changes. This organization used Tripwire to monitor hundreds of production servers. How-
ever, the organization quickly found itself overwhelmed by file modification alerts result-
ing from normal activity. The author worked with them to tune the Tripwire-monitoring 
policies and integrate them with the organization’s change management process. Now all 
Tripwire alerts go to a centralized monitoring center, where administrators correlate them 
with approved changes. System administrators receive an alert only if the security team 
identifies a change that does not appear to correlate with an approved change request.
This approach greatly reduced the time spent by administrators reviewing file integrity 
reports and improved the usefulness of the tool to security administrators.
The change management process has three basic components:

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   820   821   822   823   824   825   826   827   ...   881




Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling

kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha


yuklab olish