CSS 111 - Introduction to Information System Security

Review for Third Test

The following questions are provided to help you study for the third test. Do not expect to see these exact questions on the test.

  1. Why do we need to define the tasks that are to be done in a project?

  2. Why is it important to include people who will be doing various tasks in your project planning?

  3. If I asked you what resources a large project would require, what kinds of things should you tell me about?

  4. What do we mean when we say that a project task has a dependency on another task?

  5. Who should make the estimates of the amount of effort that a project task should require? Who might that person want to consult, to feel confident about that estimate?

  6. What is a capital expense? Why is it different from other project expenses?

  7. Some tasks are priorities. What are two definitions that the text offers for the word priority?

  8. What are two different kinds of training that might take place during the course of a project?

  9. The text talks about four conversion strategies that might be used when changing from an old system to a new one. Which one has the most risk, and why? Which one may have the highest cost?

  10. In terms of their scope, what is the difference between governance and change control?

  11. How is change management different from change control?

  12. Regarding certifications, what should you do before you consider building up specific knowledge for a specific certification test?

  13. It security staff are typically part of what company division?

  14. What are two other divisions that the text suggests might be proper placement for IT security?

  15. IT security staff typically come from two different employment backgrounds. What are they?

  16. How is the security of an IT system a management problem?

  17. How is IT or IT security certification part of a well planned job search?

  18. Assume we are pursuing the text's idea that we make IT security part of every job description. What might you put in the job description for a programmer? What about the job description of an IT manager? How about the job description of an office cleaner?

  19. Consider the background check list in the text. Which of them make the most sense to you? The least sense? Should a company make all of these checks for all IT positions?

  20. How should adding or removing assets from our inventory be handled with regard to IT security?

  21. If new vulnerabilities are discovered in our workstation operating systems, what should we expect to do shortly regarding device configuration?

  22. What should be done from a security perspective when adding new personnel?

  23. When the text tells us to do external monitoring, it means several things. What does it mean other than watching for external attacks on our systems?

  24. What has the text told us to do in previous chapters that is part of its recommended internal monitoring?

  25. We should make recommendations that would make new projects/systems more secure. What else should we make this kind of recommendation about?

  26. What is the purpose of penetration testing? Should we warn staff that it is going to be conducted?

  27. When we conduct readiness training, how is that different from penetration testing?

  28. When we conduct a forensic investigation, what kinds of devices might we take into our custody for examination?

  29. When taking copies of files or memory dumps we may have to establish a chain of custody. What is the purpose of that?

  30. When we conduct a forensic investigation, the definition of the word evidence changes when we enter the examine for evidence phase. Why is this?