Info Sec Chapter 10 Implementing Security

The networks layer of the bull's-eye is the outermost ring of the bull's eye. A) True B) False

b) false [bulls-eye is the center]

A __________ is usually the best approach to security project implementation. A) direct changeover B) phased implementation C) pilot implementation D) parallel operation

b)phased implementation

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future. A) direct changeover B) wrap-up C) phased implementation D) pilot implementation

b)wrap up

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems. A) Policies B) Networks C) Systems D) Applications

c)systems

The first step in the work breakdown structure (WBS) approach encompasses activities, but not deliverables. A) True B) False

false

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost. _________________________ A) True B) False

false [CBA-cost benefit analysis]

A task or subtask becomes a(n) action step when it can be completed by one individual or skill set and when it includes a single deliverable. _________________________ A) True B) False

true

An ideal organization fosters resilience to change. _________________________ A) True B) False

true

Planners need to estimate the effort required to complete each task, subtask, or action step. A) True B) False

true

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. A) True B) False

true

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures. A) True B) False

true

Tasks or action steps that come after the task at hand are called __________. A) predecessors B) successors C) children D) parents

B)successors

The SecSDLC involves which of the following activities? A) ​collecting information about an organization's objectives B) ​​collecting information about an organization's information security environment C) ​​collecting information about an organization's technical architecture D) ​all of the above

D)all of above

__________ is a simple project management planning tool. A) RFP B) WBS C) ISO 17799 D) SDLC

B) WBS [work breakdown schedule]

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________. A) DMZ B) SDLC C) WBS D) JAD

D) JAD [joint application development]

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors. A) WBS B) CBA C) SDLC D) RFP

D) RFP [request for proposal]

A(n) __________, used to justify the project is typically prepared in the analysis phase of the SecSDLC, must be reviewed and verified prior to the development of the project plan. A) RFP B) WBS C) SDLC D) CBA

D)CBA

Every organization needs to develop an information security department or program of its own. A) True B) False

FALSE

A proven method for prioritizing a program of complex change is the bull's-eye method. _________________________ A) True B) False

true

Corrective action decisions are usually expressed in terms of trade-offs. _________________________ A) True B) False

true