CH 10 Implementing Information Security

Ace your homework & exams now with Quizwiz!

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

False

Every organization needs to develop an information security department or program of its own.

False

In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure

False

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project.

False

Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made towards the goal.

False

Tasks or action steps that come after the task at hand are called _ .

successors

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost.

False

The networks layer of the bull's eye is the outermost ring of the bull's eye.

False

The bull's-model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

True

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online.

True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out.

True

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies.

True

At the center of the bull's-eye model are the _ used by the organization to accomplish its work.

applications

The _ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

bull's-eye

The Lewin change model includes _.

All of the above

The _ layer of the bull's-eye model receives attention last.

Applications

A(n) _ is used to justify that the project will be reviewed and verified prior to the development of the project plan.

CBA

Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a _ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.

CBA

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole.

False

Most information security projects require a trained project developer.

False (Manager)

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as _.

JAD

_ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work.

Projectitis

A proven method for prioritizing a program of complex change is the bull's-eye method.

True

An ideal organization fosters resilience to change

True

Corrective action decisions are usually expressed in terms of trade-offs.

True

Each organization has to determine its own project management methodology for IT and information security projects.

True

Planners need to estimate the effort required to complete each task, subtask, or action step in the project plan.

True

Planning for the implementation phase of a security project requires the creation of a detailed project plan.

True

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure.

True

Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) _ control process.

change

A direct _ involves stopping the old system and starting the new one without any overlap.

changeover

Some cases of _ are simple, such as requiring employees to begin using a new password on an announced date.

direct changeover

Technology _ guides how frequently technical systems are updated, and how technical updates are approved and funded.

governance

Technology _ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.

governance

Management should coordinate the organization's information security vision and objectives with the communities of _ involved in the execution of the plan.

interest

The date for sending the final RFP to vendors is considered a(n) _, because it signals that all RFP preparation work is complete.

milestone

In the _ process, measured results are compared against expected results.

negative feedback loop

The _ operations strategy involves running the new system concurrently with the old system.

parallel

A(n) _ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the system being brought out and disseminated across an organization before the next piece is implemented.

phased

A _ is usually the best approach to security project implementation.

phased implementation

In a _ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

pilot

Many public organizations must spend all budgeted funds within the fiscal year- otherwise, the subsequent year's budget is

reduced by the unspent amount

The project planner should describe the skills or personnel needed for a task, often referred to as a(n)

resource

Project _ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.

scope


Related study sets

Biology Diffusion, Osmosis, Phagocytosis etc.

View Set

business ethics midterm (quiz questions)

View Set

Module 11 Review Quiz, Module 12 Review Quiz, Module 10 Review Quiz

View Set

Varcarolis: Chapter 17 Somatic Symptom Disorders

View Set

Information Systems: A manager's guide to harnessing technology: Chapter 2

View Set

Chapter 53: Assessment of Kidney and Urinary Function

View Set