Chapter 10: Implementing Information Security
Wrap-Up
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
Milestone
The rate for spending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.
Phased Implementation
A __________ is usually the best approach to security project implementation.
Successors
Tasks or action steps that come after the task at hand are called __________.
Governance
Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded.
WBS
A(n) __________ is a simple project management planning tool.
CBA
A(n) __________ is used to justify that the project will be reviewed and verified prior to the development of the project plan.
Process of Change
By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.
All of the Above (Collecting Information about an organization's objective, information security environment, and technical architecture)
Effective planning for information security involves: __________.
RFP
If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
Pilot
In a __________ implementation, the entire security system is put in a single office, department , or division before expanding to the rest of the organization.
Negative Feedback Loop
In the __________ process, measured results are compared against expected results.
Reduced by the Unspent Amount
Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________.
JAD
Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________.
Direct Changeover
Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date.
All of the Above (Unfreezing, Moving, Refreezing)
The Lewin change model includes __________
Systems
The __________ layer of the bull's-eye model includes computers used as severs, desktop computers, and systems used for process control and manufacturing.
Applications
The __________ layer of the bull's-eye model receives attention last.
Policies
The __________ level of the bull's-eye model establishes the ground rules for the use of all system and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly.
Bull's-eye
The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.
