True/False Indicate whether the
statement is true or false.
|
|
1.
|
Weak management support, with overdelegated responsibility and no champion,
sentences the project to almost-certain failure.
|
|
2.
|
Unfreezing in the Lewin change model involves thawing out hard-and-fast habits
and established procedures.
|
|
3.
|
Every organization needs to develop an information security department or
program of its own.
|
|
4.
|
The bull’s-eye model can be used to evaluate the sequence of steps taken
to integrate parts of the information security blueprint into a project plan.
|
|
5.
|
Using a DMZ is among the primary ways used to secure an organization’s
networks.
|
|
6.
|
The networks layer of the bull’s-eye model needs attention first.
|
|
7.
|
The primary drawback to the direct changeover approach is that if the new system
fails or needs modification, users may be without services while the system’s bugs are worked
out.
|
|
8.
|
When an estimate is flawed, as when the number of effort-hours required is
underestimated, the plan should be corrected and downstream tasks updated to reflect the
change.
|
|
9.
|
All organizations should designate a champion from the general management
community of interest to supervise the implementation of an information security project plan.
|
|
10.
|
The size of the organization and the normal conduct of business may preclude a
single large training program on new security procedures or technologies.
|
|
11.
|
The goal of the project plan is to add new security components that negatively
impact the day-to-day operations of individual employees.
|
|
12.
|
The lack of enough qualified, trained, and available personnel constrains the
project plan.
|
|
13.
|
Each organization determines its capital budget and the rules for managing
capital spending and expenses the same way.
|
|
14.
|
The budgets of public organizations are usually based on the results of
legislation, decisions by public officials, or public meetings.
|
|
15.
|
Planners need to estimate the effort required to complete each task, subtask, or
action step.
|
|
16.
|
The first step in the WBS approach encompasses activities, but not
deliverables.
|
|
17.
|
To prepare the WBS, you need an ERP package.
|
|
18.
|
Each organization has to determine its own project management methodology for IT
and information security projects.
|
|
19.
|
The project plan must describe how to acquire and implement the needed security
controls and create a setting in which those controls achieve the desired outcomes.
|
|
20.
|
In general, the design phase is accomplished by changing the configuration and
operation of the organization’s information systems to make them more secure.
|
Multiple Choice Identify the
choice that best completes the statement or answers the question.
|
|
21.
|
The ____ is a process for collecting information about an organization’s
objectives, its technical architecture, and its information security environment.
a. | SISC | c. | DLC | b. | SecSDLC | d. | SIDLC |
|
|
22.
|
Which of the following is a simple project planning tool?
a. | RFP | c. | ISO 17799 | b. | WBS | d. | SDLC |
|
|
23.
|
If the task is to write firewall specifications for the preparation of a(n)
____, the planner would note that the deliverable is a specification document suitable for
distribution to vendors.
|
|
24.
|
The date for sending the final RFP to vendors is considered a(n) ____, because
it signals that all RFP preparation work is complete.
a. | intermediate step | c. | milestone | b. | resource | d. | deliverable |
|
|
25.
|
Tasks or action steps that come after the task at hand are called ____.
a. | predecessors | c. | children | b. | successors | d. | parents |
|
|
26.
|
The ____ identifies the impact that a specific technology or approach can have
on the organization’s information assets and what it may cost.
|
|
27.
|
Public organizations often have “____” to spend all their remaining
funds before the end of the fiscal year.
a. | end-of-fiscal-year-bonus | c. | end-of-fiscal-year-prizes | b. | end-of-year-spend-a-thons | d. | end-of-fiscal-year-spend-a-thons |
|
|
28.
|
In the ____ process, measured results are compared to expected results.
a. | negative feedback loop | c. | direct changeover | b. | wrap-up | d. | turnover |
|
|
29.
|
A(n) ____ involves stopping the old method and beginning the new.
a. | phased implementation | c. | pilot implementation | b. | direct changeover | d. | wrap-up |
|
|
30.
|
A(n) ____ is usually the best approach to security project
implementation.
a. | direct changeover | c. | pilot implementation | b. | phased implementation | d. | parallel
operation |
|
|
31.
|
The goal of the ____ is to resolve any pending issues, critique the overall
effort of the project, and draw conclusions about how to improve the process for the future.
a. | direct changeover | c. | phased implementation | b. | wrap-up | d. | pilot implementation |
|
|
32.
|
The ____ implementation involves implementing all security improvements in a
single office, department, or division, and resolving issues within that group before expanding to
the rest of the organization.
a. | loop | c. | parallel | b. | direct | d. | pilot |
|
|
33.
|
The fundamental concept of the ____ method is that issues are addressed from the
general to the specific and that the focus is on systematic solutions instead of individual
problems.
a. | parallel | c. | bull’s-eye | b. | direct changeover | d. | wrap-up |
|
|
34.
|
Which of the following levels of the bull’s-eye model establishes the
ground rules for the use of all systems and describes what is appropriate and what is inappropriate,
and enables all other information security components to function correctly and have the desired
effects in improving the organization’s information security program?
a. | Policies | c. | Systems | b. | Networks | d. | Applications |
|
|
35.
|
Which of the following layers of the bull's-eye model includes computers
used as servers, desktop computers, and systems used for process control and manufacturing
systems?
a. | Policies | c. | Systems | b. | Networks | d. | Applications |
|
|
36.
|
Which of the following layers of the bull's-eye model receives attention
last?
a. | Policies | c. | Systems | b. | Networks | d. | Applications |
|
|
37.
|
Technology ____ deals with how frequently technical systems are updated, and how
technical updates are approved and funded.
a. | wrap-up | c. | turnover | b. | governance | d. | changeover |
|
|
38.
|
By managing the ____, the organization can reduce unintended consequences by
having a process to resolve potential conflict and disruption that uncoordinated change can
introduce.
a. | changeover | c. | process of change | b. | wrap-up | d. | governance |
|
|
39.
|
The Lewin change model consists of ____.
a. | unfreezing | c. | refreezing | b. | moving | d. | All of the
above |
|
|
40.
|
Project managers can reduce resistance to change by involving employees in the
project plan. In systems development, this is referred to as ____.
|
Completion Complete each
statement.
|
|
41.
|
Management should articulate and coordinate the organization’s information
security vision and objectives with the communities of _________________________ involved in the
execution of the plan.
|
|
42.
|
A(n) _________________________ is a completed document or program module that
can either serve as the beginning point for a later task or become an element in the finished
project.
|
|
43.
|
The project planner should describe the skill set or type of individual person,
often called a(n) _________________________, needed to accomplish the task.
|
|
44.
|
The tasks or action steps that come before the specific task at hand are called
_________________________.
|
|
45.
|
Tasks or action steps that come after the task at hand are called
_________________________.
|
|
46.
|
A concept known as project _________________________ concerns the boundaries
(i.e., maximum and minimum levels) of time and effort-hours needed to deliver the planned features
and quality level of the project deliverables.
|
|
47.
|
A direct _________________________ involves stopping the old method and
beginning the new.
|
|
48.
|
A(n) _________________________ implementation is the most common conversion
strategy and involves rolling out a piece of the system across the entire organization.
|
|
49.
|
Medium and large organizations deal with the impact of technical change on the
operation of the organization through a(n) _________________________ control process.
|
|
50.
|
One of the oldest models of change is the _________________________ change
model.
|