PriCy Chapter 10
C
By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce. (A) conversion process (B) wrap-up (C) process of change (D) governance
moving
One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, ____________________, and refreezing.
B
Tasks or action steps that come after the task at hand are called __________. (A) predecessors (B) successors (C) children (D) parents
succesors
Tasks or action steps that come after the task at hand are called ____________________.
B
Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. (A) wrap-up (B) governance (C) turnover (D) changeover
governance
Technology _____________________ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.
B
A __________ is usually the best approach to security project implementation. (A) direct changeover (B) phased implementation (C) pilot implementation (D) parallel operation
plan
During the implementation phase, the organization translates its blueprint for information security into a project ____________________.
feedback
Once a project is underway, it is managed to completion using a process known as a negative ____________________ loop.
projectitis
____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.
milestone
A(n) ____________________ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.
changeover
A direct ____________________ involves stopping the old system and starting the new one without any overlap.
deliverable
A(n) _____________________ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.
B
A(n) __________ is a simple project management planning tool. (A) RFP (B) WBS (C) ISO 17799 (D) SDLC
D
A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan. (A) RFP (B) WBS (C) SDLC (D) CBA
phased
A(n) ____________________ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the system being brought out and disseminated across an organization before the next piece is implemented.
applications
At the center of the bull's-eye model are the ____________________ used by the organization to accomplish its work.
D
Effective planning for information security involves: (A) collecting information about an organization's objectives. (B) collecting information about an organization's information security environment. (C) collecting information about an organization's technical architecture. (D) All of the above
D
If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors. (A) WBS (B) CBA (C) SDLC (D) RFP
D
In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. (A) loop (B) direct (C) parallel (D) pilot
joint application
In systems development, JAD (____________________ development) means getting key representatives of user groups to serve as members of the development process.
A
In the __________ process, measured results are compared against expected results. (A) negative feedback loop (B) wrap-up (C) direct changeover (D) turnover
interest
Management should coordinate the organization's information security vision and objectives with the communities of ____________________ involved in the execution of the plan.
D
Many public organizations must spend all budgeted funds within the fiscal year-otherwise, the subsequent year's budget is __________. (A) increased by the unspent amount (B) not affected unless the deficit is repeated (C) automatically audited for questionable expenditures (D) reduced by the unspent amount
change
Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) ____________________ control process.
scope
Project ____________________ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.
D
Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________. (A) DMZ (B) SDLC (C) WBS (D) JAD
CBA
Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a ____________________ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.
B
Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. (A) phased implementation (B) direct changeover (C) pilot implementation (D) wrap-up
D
The Lewin change model includes __________. (A) unfreezing (B) moving (C) refreezing (D) All of the above
C
The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing. (A) Policies (B) Networks (C) Systems (D) Applications
D
The __________ layer of the bull's-eye model receives attention last. (A) Policies (B) Networks (C) Systems (D) Applications
A
The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. (A) Policies (B) Networks (C) Systems (D) Applications
C
The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. (A) parallel (B) direct changeover (C) bull's-eye (D) wrap-up
parallel
The ____________________ operations strategy involves running the new system concurrently with the old system.
C
The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete. (A) intermediate step (B) resource (C) milestone (D) deliverable
B
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. (A) direct changeover (B) wrap-up (C) phased implementation (D) pilot implementation
change
The level of resistance to ____________________ impacts the ease with which an organization is able to implement procedural and managerial changes.
resource
The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________.
predecessors
The tasks or action steps that come before the specific task at hand are called ____________________.