Chapter 10 Quiz Question Bank - CIST1601-Information Security Fund

Ace your homework & exams now with Quizwiz!

A proven method for prioritizing a program of complex change is the bull's-eye method. _________________________ A) True B) False

A) True

Corrective action decisions are usually expressed in terms of trade-offs. _________________________ A) True B) False

A) True

Once a project is underway, it is managed using a process known as gap analysis, which ensures that progress is measured periodically. _________________________ A) True B) False

A) True

The budgets of public organizations are usually the product of legislation or public meetings. A) True B) False

A) True

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan. A) True B) False

A) True

The effective use of a DMZ is one of the primary methods of securing an organization's networks. A) True B) False

A) True

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________ A) True B) False

A) True

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. A) True B) False

A) True

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies. A) True B) False

A) True

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. A) True B) False

A) True

Weak management support, with overly delegated responsibility and no champion, sentences a project to almost-certain failure. A) True B) False

A) True

A __________ is usually the best approach to security project implementation. A) direct changeover B) phased implementation C) pilot implementation D) parallel operation

B) phased implementation

Tasks or action steps that come after the task at hand are called __________. A) predecessors B) successors C) children D) parents

B) successors

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. A) direct changeover B) wrap-up C) phased implementation D) pilot implementation

B) wrap-up

The __________ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate; it enables all other information security components to function correctly. A) Policies B) Networks C) Systems D) Applications

A) Policies

n the __________ process, measured results are compared against expected results. A) negative feedback loop B) wrap-up C) direct changeover D) turnover

A) negative feedback loop

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________ A) True B) False

B) False

A direct changeover is also known as going "fast turnkey." _________________________ A) True B) False

B) False

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan. A) True B) False

B) False

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way. A) True B) False

B) False

Every organization needs to develop an information security department or program of its own. A) True B) False

B) False

In general, the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure. A) True B) False

B) False

In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites. _________________________ A) True B) False

B) False

In the early stages of planning, the project planner should attempt to specify completion dates only for major employees within the project. _________________________ A) True B) False

B) False

Most information security projects require a trained project developer. _________________________ A) True B) False

B) False

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost. _________________________ A) True B) False

B) False

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. A) True B) False

B) False

The networks layer of the bull's-eye is the outermost ring of the bull's eye. A) True B) False

B) False

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole. _________________________ A) True B) False

B) False

The security systems implementation life cycle involves collecting information about an organization's objectives, its technical architecture, and its information security environment. _________________________ A) True B) False

B) False

Some cases of __________ are simple, such as requiring employees to begin using a new password on an announced date. A) phased implementation B) direct changeover C) pilot implementation D) wrap-up

B) direct changeover

Technology __________ guides how frequently technical systems are updated, and how technical updates are approved and funded. A) wrap-up B) governance C) turnover D) changeover

B) governance

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. A) Policies B) Networks C) Systems D) Applications

C) Systems

The __________ methodology has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems. A) parallel B) direct changeover C) bull's-eye D) wrap-up

C) bull's-eye

The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete. A) intermediate step B) resource C) milestone D) deliverable

C) milestone

By managing the __________, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce. A) conversion process B) wrap-up C) process of change D) governanc

C) process of change

The Lewin change model includes __________. A) unfreezing B) moving C) refreezing D) All of the above

D) All of the above

A(n) __________, used to justify the project is typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. A) RFP B) WBS C) SDLC D) CBA

D) CBA

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors. A) WBS B) CBA C) SDLC D) RFP

D) RFP

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization. A) loop B) direct C) parallel D) pilot

D) pilot

Many public organizations must spend all budgeted funds within the fiscal year - otherwise, the subsequent year's budget is __________. A) increased by the unspent amount B) not affected unless the deficit is repeated C) automatically audited for questionable expenditures D) reduced by the unspent amount

D) reduced by the unspent amount

The SecSDLC involves which of the following activities? A) ​collecting information about an organization's objectives B) ​​collecting information about an organization's information security environment C) ​​collecting information about an organization's technical architecture D) ​all of the above

D) ​all of the above


Related study sets

Pathophysiology Test 2 Objectives

View Set

Evolve - Chapter 20 (Cholinergic Drugs)

View Set

Internal Organ Functions & Locations

View Set

Anatomy and Physiology 2 Chapter 25

View Set

MGMT 309: Chapter 3 "Understanding the Organization's Environment"

View Set

Грамматика present perfect and past simple

View Set

Comm 88 Final Practice Questions

View Set

Lewis: Ch 31, 32, 33, 35 NCLEX questions

View Set