Exam 10: Implementing Information Security

Medium- and large-sized organizations deal with the impact of technical change on the organization's operation through a(n) ____________________ control process.

Performance management is the process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal. _________________________

The primary drawback to the direct changeover approach is that if the new system fails or needs modification, users may be without services while the system's bugs are worked out. _________________________

A(n) __________ is a simple project management planning tool.

In project planning, the tasks or action steps that come before the specific task at hand are commonly referred to as prerequisites. _________________________

Technology _____________________ is a complex process that organizations use to manage the impact and costs of technology implementation, innovation, and obsolescence.

Planning for the implementation phase requires the creation of a detailed request for proposal, which is often assigned either to a project manager or the project champion. _________________________

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online. _________________________

The date for sending the final RFP to vendors is considered a(n) __________, because it signals that all RFP preparation work is complete.

If the task is to write firewall specifications for the preparation of a(n) __________, the planner would note that the deliverable is a specification document suitable for distribution to vendors.

During the implementation phase, the organization translates its blueprint for information security into a project ____________________.

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

The project planner should describe the skills or personnel needed for a task, often referred to as a(n) ____________________.

Regardless of an organization's information security needs, the amount of effort that can be expended depends on the available funds; therefore, a ____________________ is typically prepared in the analysis phase of the SecSDLC and must be reviewed and verified prior to the development of the project plan.

When an estimate is flawed, as when the number of effort-hours required is underestimated, the plan should be corrected and downstream tasks updated to reflect the change.

A direct ____________________ involves stopping the old system and starting the new one without any overlap.

What minimum attributes for project tasks does the WBS document

The parallel operations strategy works well when an isolated group can serve as a test area, which prevents any problems with the new system dramatically interfering with the performance of the organization as a whole. _________________________

Most information security projects require a trained project developer. _________________________

At the center of the bull's-eye model are the ____________________ used by the organization to accomplish its work.