Chapter 9: Implementing Information Security

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

RFP

If the task is to write firewall specifications for the preparation of a(n) _____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

gap analysis

In a _____ when significant deviation occurs, corrective action is taken to bring the deviating task back into compliance with the project plan; otherwise, the project is revised in light of the new information.

joint application development

In systems development _____ means getting key representatives of user groups to serve as members of the development process.

milestones

In the early stages of planning, the project planner should attempt to specify completion dates only for major project _____.

True

In the physical design phase, specific technologies are selected.

reduced by the unspent amount

Many public organizations must spend all budgeted funds within the fiscal year—otherwise, the subsequent year's budget is _____.

gap

Once a project is underway, it is managed to completion using a process known as _____ analysis.

moving

One of the oldest models of change is the Lewin change model, which consists of three stages: unfreezing, _____, and refreezing.

security

Organizations are moving toward more _____-focused development approaches, seeking to improve not only the functionality of the systems they have in place, but consumer confidence in their product.

False

Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _____

False

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _____

True

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.

phased implementation

A _____ is usually the best approach to security project implementation.

False

A direct changeover is also known as going "fast turnkey." _____

systems development life cycle

A methodology and formal development strategy for the design and implementation of an information system is referred to as a _____.

True

A proven method for prioritizing a program of complex change is the bull's-eye method. _____

CBA

A(n) _____ determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.

deliverable

A(n) _____ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.

milestone

A(n) _____ is a specific point in the project plan when a task that has a noticeable impact on the plan's progress is complete.

False

The work breakdown structure (WBS) can only be prepared with a complex, specialized desktop PC application.

True

"Unfreezing" in the Lewin change model involves thawing hard-and-fast habits and established procedures.

investigation

During the _____ phase of the SDLC, the process begins by examining the event or plan that initiated the process. During this phase, the objectives, constraints, and scope of the project are specified.

True

Each organization has to determine its own project management methodology for IT and information security projects.

scope

Project _____ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.

JAD

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _____.

direct changeover

Some cases of _____ are simple, such as requiring employees to begin using a new password on an announced date.

False

The Security Development Life Cycle (SDLC) is a general methodology for the design and implementation of an information system. _____

Applications

The _____ layer of the bull's-eye model receives attention last.

scope

The _____ of any given project plan should be carefully reviewed and kept as small as possible, given the project's objectives.

parallel

The _____ operations strategy involves running the new system concurrently with the old system.

analysis

The _____ phase of the SDLC consists primarily of assessments of the organization, its current systems, and its capability to support the proposed systems.

True

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

project wrap-up

The goal of the _____ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

False

The implementation phase is the longest and most expensive phase of the systems development life cycle (SDLC).

False

The networks layer of the bull's eye is the outermost ring of the bull's eye.

True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

True

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

False

The water-ski model is a type of SDLC in which each phase of the process flows from the information gained in the previous phase, with multiple opportunities to return to previous phases and make adjustments.

Projectitis

_____ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.


Set pelajaran terkait

Med Surge Chap 65 Degenerative Neuro

View Set

Chapter 4: Beat Subdivisions and Syncopation

View Set