Chapter 9: Implementing Information Security
RFP
If the task is to write firewall specifications for the preparation of a(n) _____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.
gap analysis
In a _____ when significant deviation occurs, corrective action is taken to bring the deviating task back into compliance with the project plan; otherwise, the project is revised in light of the new information.
joint application development
In systems development _____ means getting key representatives of user groups to serve as members of the development process.
milestones
In the early stages of planning, the project planner should attempt to specify completion dates only for major project _____.
True
In the physical design phase, specific technologies are selected.
reduced by the unspent amount
Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is _____.
gap
Once a project is underway, it is managed to completion using a process known as _____ analysis.
moving
One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, _____, and refreezing.
security
Organizations are moving toward more _____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.
False
Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _____
False
Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _____
True
Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.
phased implementation
A _____ is usually the best approach to security project implementation.
False
A direct changeover is also known as going "fast turnkey." _____
systems development life cycle
A methodology and formal development strategy for the design and implementation of an information system is referred to as a _____.
True
A proven method for prioritizing a program of complex change is the bull's-eye method. _____
CBA
A(n) _____ determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.
deliverable
A(n) _____ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.
milestone
A(n) _____ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.
False
The work breakdown structure (WBS) can only be prepared with a complex, specialized desktop PC application.
True
"Unfreezing" in the Lewin change model involves thawing hard-and-fast habits and established procedures.
investigation
During the _____ phase of the SDLC, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified.
True
Each organization has to determine its own project management methodology for IT and information security projects.
scope
Project _____ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.
JAD
Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _____.
direct changeover
Some cases of _____ are simple, such as requiring employees to begin using a new password on an announced date.
False
The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _____
Applications
The _____ layer of the bull's-eye model receives attention last.
scope
The _____ of any given project plan should be carefully reviewed and kept as small as possible, given the project's objectives.
parallel
The _____ operations strategy involves running the new system concurrently with the old system.
analysis
The _____ phase of the SDLC consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.
True
The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.
project wrap-up
The goal of the _____ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.
False
The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).
False
The networks layer of the bull's eye is the outermost ring of the bull's eye.
True
The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.
True
The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.
False
The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.
Projectitis
_____ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.
