cyber module 11 quiz
during the _____ phase, specific technologies are selected too support the alternatives identified and evaluated in the prior phases
Physical Design
A(n) ____ is a simple project management planning tool used to break the project plan into smaller and smaller steps
Work breakdown structure (WBS)
at the center of the bull's-eye model are the ____ used by the organization to accomplish its work
applications
the _____ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead individual problems
bull's-eye
medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) _____ control process
change
Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore a ____________________ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.
cost benefit analysis
A(n) _____ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project
deliverable
Some cases of ____ are simple, such as requiring employees to use a new password beginning on an announced date.
direct changeover
Every organization needs to develop an information security department or program of its own
false
all organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan
false
the implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC)
false
the networks layer of the bull's eye is the outermost ring of the bull's eye
false
a direct changeover is also known as going "fast turnkey"
false, its cold turkey
the parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole
false, its pilot implementation
in project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as milestones
false, its predecessors
performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal
false, its project
the security development life cycle (SDLC) is a general methodology for the design and implementation of an information system
false, its systems
the physical design is the blueprint for the desired solution
false, its the logical design
planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion
false, just plan lol
Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded, and also facilitates communication about the technical advances and issues across the organization
governance
technology _____ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence
governance
during the ____ phase of the SDLC, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified
investigation
the ____ design phase of an SDLC methodology is implementation independent, meaning that it contains no reference to specific technologies, vendors, or products
logical
A(n) ____ is a formal approach to solving a problem by means of a structured sequence of procedures
methodology
In the early stages of planning, the project planner should attempt to specify completion dates only for major project ____.
milestones
one of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, _____, and refreezing
moving
the ____ operations strategy involves running the new system concurrently with the old system
parallel
A _____ is usually the best approach to security project implementation
phased implementation
In a _____ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization
pilot
during the implementation phase of the SDLC, the organization translates its blueprint for information security into a project _____
plan
the _____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly
policies
By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.
process of change
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
project wrap-up
_____ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work
projectitis
Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is __________.
reduced by the unspent amount
the level of ____ to change impacts the ease with which an organization is able to implement procedural and managerial changes
resistance
the ____ of any given project plan should be carefully reviewed and kept as small as possible, given the project's objectives
scope
organizations are moving toward more ____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product
security
tasks or actions steps that come after the task at hand are called
successors
the _____ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing
systems
A proven method for prioritizing a program of complex change is the bull's-eye method.
true
A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable.
true
In the physical design phase, specific technologies are selected
true
Planners need to estimate the effort required to complete each task, subtask, or action step.
true
The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.
true
Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.
true
When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change.
true
corrective action decisions are usually expressed in terms of trade-offs
true
once a project is underway, it is managed using a process known as gap analysis, which ensures that progress is measured periodically
true
planning for the implementation phase of a security project requires the creation of a detailed project plan
true
the budgets of public organizations are usually the product of legislation or public meetings
true
the bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan
true
the investigation phase of the SDLC involves specification of the objectives, constraints, and scope of the project
true
the project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes
true
the lewin change model includes
unfreezing, moving, refreezing
a type of SDLC in which each phase has results that flow into the next phase is called the _____ model
waterfall
In system development ____ means getting key representatives of user groups to serve as members of the development process
JAD
If the task is to write firewall specifications for the preparation of a(n) ____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
RFP
Effective planning for information security involves
- collecting information about an organizations objectives - collecting information about an organization's information security enviroment - collecting information about an organizations technical architecture (all of the above)
A methodology and formal development strategy for the design and implementation of an information system is referred to as a __________.
Systems development life cycle
