Ch 10 test
True or False: Planning for the implementation phase requires the creation of a detailed *request for proposal*, which is often assigned either to a project manager or the project champion.
False
True or False: The *parallel operations* strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole.
False
True or False: The Work Breakdown Structure (WBS) can be prepared with a simple desktop PC word processing program.
False
True or False: The security systems *implementation* life cycle involves collecting information about an organization's objectives, its technical architecture, and its information security environment.
False
True or False: Once a project is underway, it is managed using a process known as *gap analysis*, which ensures that progress is measured periodically.
True
True or False: The effective use of a DMZ is one of the primary methods of securing an organization's networks.
True
True or False: The primary drawback to the *direct changeover* approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.
True
True or False: The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.
True
True or False: Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures.
True
True or False: Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.
True
True or False: In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure.
False
True or False: In the early stages of planning, the project planner should attempt to specify completion dates only for major *employees* within the project.
False
The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. A) Policies B) Systems C) Networks D) Applications
A) Policies
The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. A) Networks B) Systems C) Policies D) Applications
B) Systems
The Lewin change model includes _______ A) Unfreezing B) Moving C) Refreshing D) All of the above
D) All of the above
In a _______ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. A) Parallel B) Loop C) Direct D) Pilot
D) Pilot
By managing the _______, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce. A) Wrap-up B) Conversion process C) Governance D) Process of change
D) Process of change
Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________. A) Automatically audited for questionable expenditures B) Not affected unless the deficit is repeated C) Increased by the unspent amount D) Reduced by the unspent amount
D) Reduced by the unspent amount
True or False: Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.
False
True or False: Every organization needs to develop an information security department or program of its own.
False
