REQ SEC Chapter 10
Planning for the implementation phase of a security project requires the creation of a detailed project plan. (p. 540) True or False
True
The budgets of public organizations are usually the product of legislation or public meetings. (p. 545) True or False
True
The effective use of a DMZ is one of the primary methods of securing an organization's networks. (p. 553) True or False
True
The need for qualified, trained, and available personnel constrains the project plan. (p. 546) True or False
True
The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. (p. 551) True or False
True
The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes. (p. 539) True or False
True
The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies. (p. 546) True or False
True
When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change. (p. 548) True or False
True
A(n) __________ is a simple project management planning tool. (p.540) RFP - Request for Proposal WBS - Work Breakdown Structure ISO 17799 SDLC
WBS - Work Breakdown Structure
The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. (p. 553) parallel direct changeover bull's-eye wrap-up
bull's-eye
Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. (p. 551) phased implementation direct changeover pilot implementation wrap-up
direct changeover
In the __________ process, measured results are compared against expected results. (p. 548) negative feedback loop wrap-up direct changeover turnover
negative feedback loop (gap analysis)
In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. (p. 552) loop direct parallel pilot
pilot
The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. (p. 549) direct changeover wrap-up phased implementation pilot implementation
wrap-up
Effective planning for information security involves: (p. 539) collecting information about an organization's objectives collecting information about an organization's information security environment collecting information about an organization's technical architecture All of the above
All of the above
The networks layer of the bull's eye is the outermost ring of the bull's eye. (p. 553) True or False
False - the outer layer is policies, then networks, then systems, then applications.
The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. (p. 542) True or False
False- WBS encompasses both activities and deliverables
The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. (p. 552-553) Policies Networks Systems Applications
Policies
If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors. (P. 542) WBS - Work Breakdown Structure CBA - SDLC RFP - Request for Proposal
RFP - Request for Proposal
The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing. (p. 553) Policies Networks Systems Applications
Systems