Exam 10: Implementing Information Security

In a __________ implementation, the entire security system is put in place in a single office, department, or division before expanding to the rest of the organization.

In the __________ process, measured results are compared against expected results.

The __________ methodology  has been used by many organizations and requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.

By managing the __________, the organization can reduce unintended consequences by having a process to resolve the potential conflict and disruption that uncoordinated change can introduce.

Corrective action decisions are usually expressed in terms of trade-offs. _________________________

____________________ is a phenomenon in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project forecasts than accomplishing meaningful project work.

The size of the organization and the normal conduct of business may preclude a large training program on new security procedures or technologies.

The budgets of public organizations are usually the product of legislation or public meetings.

Tasks or action steps that come after the task at hand are called ____________________.

What can the organization do by managing the process of change

The need for qualified, trained, and available personnel constrains the project plan.

Each organization has to determine its own project management methodology for IT and information security projects.

Project ____________________ is a description of a project's features, capabilities, functions, and quality level, and is used as the basis of a project plan.

Tasks or action steps that come after the task at hand are called __________.

The tasks or action steps that come before the specific task at hand are called ____________________.

Project managers can reduce resistance to change by involving employees in the project plan. In the systems development parts of a project, this is referred to as __________.

The networks layer of the bull's eye is the outermost ring of the bull's eye.

Management should coordinate the organization's information security vision and objectives with the communities of ____________________ involved in the execution of the plan.

The goal of the __________ is to resolve any pending project-related issues, critique the overall effort of the project, and draw conclusions about how to improve the project management process for the future.

The __________ layer of the bull's-eye model includes computers used as servers, desktop computers, and systems used for process control and manufacturing.