Weak management support, with overdelegated responsibility and no champion, sentences the project to almost-certain failure.

Unfreezing in the Lewin change model involves thawing out hard-and-fast habits and established procedures.

Every organization needs to develop an information security department or program of its own.

The bull’s-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

Using a DMZ is among the primary ways used to secure an organization’s networks.

The networks layer of the bull’s-eye model needs attention first.

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system’s bugs are worked out.

When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change.

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies.

The goal of the project plan is to add new security components that negatively impact the day-to-day operations of individual employees.

The lack of enough qualified, trained, and available personnel constrains the project plan.

Each organization determines its capital budget and the rules for managing capital spending and expenses the same way.

The budgets of public organizations are usually based on the results of legislation, decisions by public officials, or public meetings.

Planners need to estimate the effort required to complete each task, subtask, or action step.

The first step in the WBS approach encompasses activities, but not deliverables.

To prepare the WBS, you need an ERP package.

Each organization has to determine its own project management methodology for IT and information security projects.

The project plan must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

In general, the design phase is accomplished by changing the configuration and operation of the organization’s information systems to make them more secure.

The ____ is a process for collecting information about an organization’s objectives, its technical architecture, and its information security environment.

Which of the following is a simple project planning tool?

If the task is to write firewall specifications for the preparation of a(n) ____, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

The date for sending the final RFP to vendors is considered a(n) ____, because it signals that all RFP preparation work is complete.

Tasks or action steps that come after the task at hand are called ____.

The ____ identifies the impact that a specific technology or approach can have on the organization’s information assets and what it may cost.

Public organizations often have “____” to spend all their remaining funds before the end of the fiscal year.

In the ____ process, measured results are compared to expected results.

A(n) ____ involves stopping the old method and beginning the new.

A(n) ____ is usually the best approach to security project implementation.

The goal of the ____ is to resolve any pending issues, critique the overall effort of the project, and draw conclusions about how to improve the process for the future.

The ____ implementation involves implementing all security improvements in a single office, department, or division, and resolving issues within that group before expanding to the rest of the organization.

The fundamental concept of the ____ method is that issues are addressed from the general to the specific and that the focus is on systematic solutions instead of individual problems.

Which of the following levels of the bull’s-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate, and enables all other information security components to function correctly and have the desired effects in improving the organization’s information security program?

Which of the following layers of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing systems?

Which of the following layers of the bull's-eye model receives attention last?

Technology ____ deals with how frequently technical systems are updated, and how technical updates are approved and funded.

By managing the ____, the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

The Lewin change model consists of ____.

Project managers can reduce resistance to change by involving employees in the project plan. In systems development, this is referred to as ____.

Management should articulate and coordinate the organization’s information security vision and objectives with the communities of _________________________ involved in the execution of the plan.

A(n) _________________________ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.

The project planner should describe the skill set or type of individual person, often called a(n) _________________________, needed to accomplish the task.

The tasks or action steps that come before the specific task at hand are called _________________________.

Tasks or action steps that come after the task at hand are called _________________________.

A concept known as project _________________________ concerns the boundaries (i.e., maximum and minimum levels) of time and effort-hours needed to deliver the planned features and quality level of the project deliverables.

A direct _________________________ involves stopping the old method and beginning the new.

A(n) _________________________ implementation is the most common conversion strategy and involves rolling out a piece of the system across the entire organization.

Medium and large organizations deal with the impact of technical change on the operation of the organization through a(n) _________________________ control process.

One of the oldest models of change is the _________________________ change model.