Exam 10: Implementing Information Security

During the implementation phase,the organization translates its blueprint for information security into a concrete project ____________________.

The ____ layer of the bull's-eye model includes computers used as servers,desktop computers,and systems used for process control and manufacturing systems.

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

A direct ____________________ involves stopping the old method and beginning the new.

Once a project is underway,it is managed to completion using a process known as a negative ____________________ loop.

The WBS can be prepared with a simple desktop PC word processing program.

The primary drawback to the direct changeover approach is that if the new system fails or needs modification,users may be without services while the system's bugs are worked out._________________________

In a ____ implementation,the entire security system is put in place in a single office,department,or division,and issues that arise are dealt with before expanding to the rest of the organization.

When an estimate is flawed,as when the number of effort-hours required is underestimated,the plan should be corrected and downstream tasks updated to reflect the change.

If the task is to write firewall specifications for the preparation of a(n)____,the planner would note that the deliverable is a specification document suitable for distribution to vendors.

The budgets of public organizations are usually the product of legislation or public meetings.

Some cases of ____ are simple,such as requiring employees to use a new password beginning on an announced date.

The ____________________ operations strategy involves running the new methods alongside the old methods.

By managing the ____,the organization can reduce unintended consequences by having a process to resolve potential conflict and disruption that uncoordinated change can introduce.

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online._________________________

A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable._________________________

The ____ level of the bull's-eye model establishes the ground rules for the use of all systems and describes what is appropriate and what is inappropriate,it enables all other information security components to function correctly.

The ____ layer of the bull's-eye model receives attention last.

The need for qualified,trained,and available personnel constrains the project plan.

Each for-profit organization determines its capital budget and the rules for managing capital spending and expenses the same way.