Deck 10: Implementing Information Security

The networks layer of the bull's-eye is the outermost ring of the bull's eye.

The WBS can be prepared with a simple desktop PC word processing program.

Weak management support,with overly delegated responsibility and no champion,sentences the project to almost-certain failure.

Planning for the implementation phase of a security project requires the creation of a detailed project plan.

All organizations should designate a champion from the general management community of interest to supervise the implementation of an information security project plan.

Planners need to estimate the effort required to complete each task,subtask,or action step.

The size of the organization and the normal conduct of business may preclude a single large training program on new security procedures or technologies.

The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes.

The budgets of public organizations are usually the product of legislation or public meetings.

The first step in the WBS approach encompasses activities,but not deliverables.

The bull's-eye model can be used to evaluate the sequence of steps taken to integrate parts of the information security blueprint into a project plan.

DMZ is the primary way to secure an organization's networks.

Every organization needs to develop an information security department or program of its own.

Unfreezing in the Lewin change model involves thawing hard-and-fast habits and established procedures.

Each organization has to determine its own project management methodology for IT and information security projects.

When an estimate is flawed,as when the number of effort-hours required is underestimated,the plan should be corrected and downstream tasks updated to reflect the change.

In general,the design phase is accomplished by changing the configuration and operation of the organization's information systems to make them more secure.

The need for qualified,trained,and available personnel constrains the project plan.

The primary drawback to the direct changeover approach is that if the new system fails or needs modification,users may be without services while the system's bugs are worked out.

The task of creating a project plan is often assigned to either a project manager or the project leader._________________________

A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable._________________________

The RFP determines the impact that a specific technology or approach can have on the organization's information assets and what it may cost._________________________

Most information security projects require a trained project CEO._________________________

The parallel implementation works well when an isolated group can serve as the "guinea pig," which prevents any problems with the new system from dramatically interfering with the performance of the organization as a whole._________________________

The security systems implementation life cycle is a process for collecting information about an organization's objectives,its technical architecture,and its information security environment._________________________

The tasks or action steps that come before the specific task at hand are called successors._________________________

A direct changeover is also known as going "fast turnkey." _________________________

In the early stages of planning,the project planner should attempt to specify completion dates only for major employees within the project._________________________

An ideal organization fosters resilience to change._________________________

Corrective action decisions are usually expressed in terms of trade-offs._________________________

A proven method for prioritizing a program of complex change is the bull's-eye method._________________________

The optimal time frame for training is usually one to three weeks before the new policies and technologies come online._________________________

A cybernetic loop ensures that progress is measured periodically._________________________

The primary drawback to the direct changeover approach is that if the new system fails or needs modification,users may be without services while the system's bugs are worked out._________________________

A(n)____________________ is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project.

A(n)____________________ is a specific point in the project plan when a task that has a noticeable impact on the progress of the project plan is complete.

During the implementation phase,the organization translates its blueprint for information security into a concrete project ____________________.

Management should coordinate the organization's information security vision and objectives with the communities of ____________________ involved in the execution of the plan.

____________________ is a phenomenon in which the project manager spends more time documenting project tasks,collecting performance measurements,recording project task information,and updating project completion forecasts than in accomplishing meaningful project work.

What are the major steps in executing the project plan?

Project ____________________ describes the amount of time and effort-hours needed to deliver the planned features and quality level of the project deliverables.

The project planner should describe the skill set or person,often called a(n)____________________,needed to accomplish a task.

Once a project is underway,it is managed to completion using a process known as a negative ____________________ loop.

What major project tasks does the WBS document?

A(n)____________________ implementation is the most common conversion strategy and involves a measured rollout of the planned system with a part of the whole being brought out and disseminated across an organization before the next piece is implemented.

The tasks or action steps that come before the specific task at hand are called ____________________.

Technology ____________________ is a complex process that organizations use to manage the affects and costs of technology implementation,innovation,and obsolescence.

ERP stands for enterprise ____________________ planning.

One of the oldest models of change is the ____________________ change model.

A direct ____________________ involves stopping the old method and beginning the new.

What can the organization do by managing the process of change?

The ____________________ operations strategy involves running the new methods alongside the old methods.

Tasks or action steps that come after the task at hand are called ____________________.

Medium- and large-sized organizations deal with the impact of technical change on the operation of the organization through a(n)____________________ control process.

Regardless of where in the budget information security items are located,monetary ____________________ determine what can (and cannot)be accomplished.

The level of resistance to ____________________ impacts the ease with which an organization is able to implement the procedural and managerial changes.

JAD stands for ____________________ application development.