Itm 6015 Final Exam Practice

Organizations' acceptable-use policies are now starting to address the usage of social media. This suggests that organizations are recognizing the need to regulate and set guidelines for employees' use of social media platforms during work hours. As social media becomes increasingly prevalent in the workplace, organizations are realizing the importance of addressing potential risks and ensuring that employees use social media responsibly and in line with the organization's values and policies.

The correct answer is "definition, construction, and implementation." This is because the generic systems development life cycle typically begins with the definition phase, where the requirements and objectives of the system are identified. This is followed by the construction phase, where the system is designed and developed based on the defined requirements. Finally, the implementation phase involves deploying the system and making it operational. The other options mentioned in the question do not accurately represent the phases of the systems development life cycle.

An IT project manager is typically responsible for overseeing multiple project phases, determining the duration of each development task, and forming a project team with the necessary knowledge and skills. However, approving funds for the project is not typically within their responsibilities. This task is usually handled by higher-level management or finance departments who have the authority and expertise to allocate and approve funds for various projects.

A "cookie" is a small record stored on the user's computer that identifies the user to a Web site. This record contains information such as user preferences, login credentials, and browsing activity. Cookies are used by websites to provide a personalized experience for the user, remember their preferences, and track their behavior. They are not worms or harmful to personal computers. Therefore, the correct answer is a small record stored on the user's computer that identifies the user to a Web site.

Hammer suggests that a basic principle of business process reengineering (BPR) is integrating information processing into the work that produces the information. This means that instead of having separate departments or individuals solely responsible for processing information, the information processing should be integrated into the actual work processes. By doing so, organizations can streamline their operations, reduce inefficiencies, and improve overall productivity. This principle emphasizes the importance of eliminating unnecessary steps and bottlenecks in information processing, ultimately leading to more effective and efficient business processes.

In the context of depicting a physical model of a system with a diagram, cylinders are commonly used to represent databases. Databases are used to store and organize large amounts of data, and the cylindrical shape is often used to symbolize this storage. The use of cylinders as a representation for major modules, data flows, or processes is not as common or widely recognized in this context.

In a logical data flow diagram, a rectangle (or open rectangle) is used to represent data at rest. This means that the data is stored or held in a static state, and is not currently being transferred or processed. The rectangle symbolizes a data entity or data store within the system.

Logical access controls are security measures that determine whether users can run an application, read a file, change data in a database, or modify access permissions for others' data. These controls are designed to restrict and manage user access to sensitive information and resources within a system. Unlike physical access controls, which focus on securing the physical environment and infrastructure, logical access controls specifically address the authorization and authentication mechanisms that govern user access to digital assets. Backup procedures and audit trails, although important for overall security, do not directly relate to the specific concern of controlling user access rights.

These steps are part of the Implementation phase.

RFP stands for "request for proposal." This acronym is commonly used in business and government sectors to solicit proposals from potential vendors or contractors. It is a formal document that outlines the requirements, specifications, and objectives of a project or initiative, and invites interested parties to submit their proposals for consideration. The purpose of an RFP is to gather competitive bids and select the best solution or provider that meets the organization's needs. Therefore, "request for proposal" accurately describes the meaning and purpose of RFP.

A company can change procedures to match those of the package, or implement the package "as is" and work around the differences.

Many individuals do not regularly review their personal financial credit reports, which is why inaccuracies are not usually spotted. This suggests that there is a lack of awareness or importance placed on reviewing these reports, leading to potential errors going unnoticed.

Being a Beta site means that the company is involved in user acceptance testing for the vendor. Beta testing is the phase in software development where the product is tested by real users in a real environment before its official release. The company acts as a testing ground for the vendor to gather feedback, identify bugs, and make necessary improvements to the software. This involvement allows the company to provide valuable insights and influence the functionality of the package.

According to Kappelman et al. (2006), inadequate business stakeholder involvement or participation in the project and subject matter experts (SMEs) in the business being overscheduled are both people-related early warning signs of IT project failure. These factors indicate a lack of key personnel involvement and availability, which can lead to miscommunication, delays, and ultimately project failure.

The goal of the IS manager responsible for information security is not to eliminate all information risk, but rather to manage and mitigate it. It is practically impossible to completely eliminate all information risk as there will always be potential vulnerabilities and threats. The role of the IS manager is to identify and assess risks, implement appropriate security measures, and develop strategies to minimize the impact of any potential risks.

Treating others as you would like them to treat you is recognized as an ethical behavior by most world religions because it promotes empathy, respect, and fairness. This principle, often referred to as the Golden Rule, encourages individuals to consider the impact of their actions on others and to treat them with kindness and compassion. By treating others in a manner that we would want to be treated ourselves, we uphold the values of empathy and fairness, which are central to many religious teachings.

The correct answer is "more than 10% but less than 25%". This answer suggests that a significant portion of students studying in U.S. colleges and universities believe that it is wrong to pirate music and movies, but it is not a majority opinion. It implies that there is a range of perspectives on this issue among students, with a sizeable minority holding this belief.

It is important for a system analyst to document formal as well as informal systems within an organization because the usage of an informal system by users indicates that the formal system is lacking in some aspect, and users have found alternative ways to overcome these deficiencies. By documenting both formal and informal systems, the analyst can identify areas where the formal system needs improvement or modification to better meet the needs of the users. This documentation also helps in understanding the workarounds and processes that users have developed, which can provide valuable insights for system enhancements and optimization.

Procedural-oriented approaches to systems design first involve analyzing and documenting the existing system, known as the As-Is model. This step helps in understanding the current processes, data flow, and functionalities of the system. By examining the As-Is model, designers can identify areas for improvement and develop a clear understanding of the system's strengths and weaknesses. Once the As-Is model is established, designers can then move on to creating a Logical To-Be model, which outlines the desired future state of the system. The Physical To-Be model represents the implementation of the Logical To-Be model, while the Want-To-Be model is not a recognized term in systems design.

The program chart is not a tool for representing the Logical To-Be model of an information system. The other options listed - data dictionary, entity-relationship diagram, and data flow diagram - are commonly used tools for representing different aspects of the logical model. A program chart, on the other hand, is typically used to represent the flow and organization of program code, rather than the logical structure of an information system.

Testing a new custom system before implementation is the responsibility of both users and IS analysts because both parties have unique roles to play in the testing process. Users are responsible for testing the system from a functional perspective, ensuring that it meets their specific requirements and performs as expected. On the other hand, IS analysts are responsible for testing the system from a technical perspective, checking for any bugs, errors, or compatibility issues. By involving both users and IS analysts in the testing process, a comprehensive evaluation of the system can be conducted, addressing both user needs and technical aspects.

When prototyping is incorporated into a traditional SDLC approach, it is most commonly included as part of the requirements definition step. This is because prototyping allows for the creation of a working model or prototype of the system, which can help stakeholders better understand and refine their requirements. By incorporating prototyping at this early stage, potential issues or misunderstandings can be identified and addressed before moving on to the next steps of the SDLC.

One potential disadvantage of purchasing packaged systems is that they can cost more than if they were custom developed in-house or by a contractor. This is because packaged systems often come with additional features and functionalities that may not be necessary for the specific needs of the organization, leading to higher costs. Additionally, customization options may be limited in packaged systems, requiring the organization to pay for additional modifications or workarounds.

A common pitfall in developing a master schedule for a project is a failure to understand the interdependencies among project tasks and subtasks. This means that when creating a schedule, it is important to consider how different tasks and subtasks are related to each other and how they may impact the overall timeline of the project. Failing to understand these interdependencies can result in a schedule that is unrealistic or does not accurately reflect the necessary sequence of tasks.

The U.S. position on privacy is characterized as being favorable toward consumer data being viewed as a saleable, usable asset that belongs to the corporation that collected the data. This suggests that in the U.S., there is a tendency to prioritize the interests of corporations over the control and protection of personal data by individuals.

The correct answer is eavesdropping on spoken personal conversation. This is because the only federal law in the U.S. that limits employer surveillance of its workers specifically pertains to eavesdropping on spoken personal conversations. While there may be other laws or regulations that address privacy concerns in the workplace, this particular law focuses on protecting the privacy of conversations that are not work-related and are conducted in private areas.

A check digit is a numerical digit that is calculated based on the other digits within a numerical identifier. It is used to verify the accuracy and integrity of the identifier. It is commonly used in various systems such as barcodes, credit card numbers, and identification numbers to prevent errors during data entry or transmission. Therefore, the correct answer is check digit.

A data flow diagram (DFD) is a graphical representation of the flow of data within a system. It shows how data is input, processed, and output in a system. In a DFD, the sender is not graphically represented because it is not a component or element that directly interacts with the flow of data. The sender is typically considered as an external entity or a source of data inputs to the system, but it is not visually depicted in a DFD.

The percentage of resources devoted to the maintenance of a system generally increases over time. This is because as a system ages, it becomes more prone to issues and requires more frequent repairs and updates. Additionally, as technology advances, new features and functionalities are introduced, which require additional maintenance efforts. As a result, the proportion of resources allocated to maintenance gradually increases to ensure the system's smooth operation and to address any potential problems that may arise.

When an application is developed by a business user rather than an IS professional, users typically pay more attention to system controls for ensuring data quality and security. This means that they are likely to invest more in developing robust security measures and implementing data quality checks, which can increase the development costs. This is not a potential disadvantage of having an application developed by a business user, rather it is a benefit as it ensures better data quality and security.

A contract with a vendor typically includes details about the number of licenses required, the payment schedule, and the software specifications. However, it usually does not include a feasibility analysis. Feasibility analysis is a separate process that assesses the practicality and viability of a project or solution, and is typically conducted before entering into a contract with a vendor.

In a fixed-price contract, the vendor assumes the greatest risk. This is because the vendor agrees to provide the goods or services at a fixed price, regardless of any increase in costs or unforeseen circumstances. If the costs of production or delivery exceed the agreed-upon price, the vendor absorbs the additional expenses. On the other hand, if the costs are lower than expected, the vendor still receives the fixed price, resulting in potential profit for them. Therefore, the vendor bears the risk of potential financial loss or gain in a fixed-price contract.

All of the options listed - risk identification, risk assessment, and risk monitoring - are tasks that fall under the umbrella of risk management. Risk identification involves identifying potential risks that may impact a project or organization. Risk assessment involves analyzing and evaluating the identified risks to determine their likelihood and impact. Risk monitoring involves continuously monitoring and tracking the identified risks to ensure that appropriate actions are taken to mitigate or manage them. Therefore, all of these tasks are essential in effectively managing risks.

In the U.S., there is a significant amount of legislation that claims to provide some level of privacy protection. This suggests that there are laws in place that aim to safeguard individuals' privacy rights. However, the statement does not imply that these laws are comprehensive or fully effective in protecting privacy.

North America has the lowest rate of software piracy compared to Western Europe, Asia/Pacific, and Latin America. This could be due to stricter copyright laws and enforcement, higher purchasing power, and a strong culture of respecting intellectual property rights in the region. Additionally, the presence of major software companies and a well-developed technology industry in North America may contribute to a lower rate of software piracy.

The correct order in which a system is tested is module testing, subsystem testing, integration testing, and finally acceptance testing. Module testing involves testing individual components or modules of the system to ensure they function correctly. Subsystem testing involves testing a group of related modules to ensure they work together properly. Integration testing involves testing the entire system to ensure all the modules and subsystems integrate seamlessly. Finally, acceptance testing is conducted to verify that the system meets the requirements and is ready for deployment.

During the feasibility analysis phase of the SDLC, the types of feasibility that are assessed include economic feasibility, operational feasibility, and technical feasibility. Time-driven feasibility, on the other hand, is not assessed during this phase. Time-driven feasibility refers to the assessment of whether the project can be completed within the given time constraints. While it is an important consideration, it is typically evaluated during the project planning and scheduling phase rather than the feasibility analysis phase.

Prototyping is a development approach that involves creating a working model of a system before fully developing it. One advantage of prototyping is that only basic system requirements are needed at the front-end of the project, allowing for flexibility and adaptability during the development process. Another advantage is that strong top-down commitment may be less necessary at the outset of the project, as prototyping allows for iterative feedback and adjustments. Additionally, user acceptance is likely to be higher with prototyping compared to a system developed using a traditional SDLC process. However, the given statement suggests that an end-prototype typically has more security and control features than a system developed with an SDLC process, which is not an advantage of prototyping.

When evaluating candidate software packages, a firm should consider all of the above criteria. The functional capabilities of the packaged system are important to ensure that it meets the specific needs and requirements of the firm. The technical requirements that the software must satisfy are crucial to ensure compatibility and integration with existing systems. Additionally, considering the business characteristics of the vendor firm is essential to evaluate their reputation, reliability, and long-term viability. Therefore, all of these criteria should be taken into account when evaluating candidate software packages.

A project sponsor typically participates in the development of the initial project proposal, as they are responsible for identifying and defining the project's objectives and scope. They also ensure that resources, such as funding and personnel, are available for the project team to successfully execute the project. Therefore, the correct answer is both A and C.

A recommended practice when planning projects is to use conservative estimates to ensure that enough time, resources, and budget are allocated. Additionally, control mechanisms should be implemented to address the greatest project uncertainties, such as risks and potential issues. These control mechanisms should also focus on organizational vulnerabilities, such as weaknesses in processes or resources. Therefore, the answer "all of the above" is correct as it encompasses all the recommended practices mentioned.

Virtual teamwork introduces IT project risk due to differences in communication norms across working groups, unfamiliarity with a team member's culture, and lack of trusting relationships across team members. These factors can hinder effective communication, collaboration, and coordination among team members, leading to misunderstandings, delays, and conflicts. It is important for virtual teams to address these challenges through clear communication channels, cultural awareness and sensitivity, and building trust among team members to mitigate project risks.

Determining a Return Benefit for a specific security action is based on annualized Expected Losses and Annualized Cost of Actions. This means that in order to determine the return benefit of a security action, one needs to consider the expected losses that could occur if the action is not taken, as well as the cost of implementing the action. By comparing these two factors, one can assess whether the potential benefits outweigh the costs, and thus determine the return benefit of the security action. The other options mentioned, such as benefits of remote PC access and electronic records management, are not relevant to determining the return benefit of a security action.

Both historical experiences of the organization and industry averages are sources that can be used to calculate a single loss expectancy as part of a risk assessment. By considering the organization's past experiences and industry-wide data, a more accurate estimation of potential losses can be made. This allows for a comprehensive assessment of risks and helps in developing effective risk management strategies.

Software piracy typically is not rigorously deterred by governments in less developed countries. This is because these countries may have limited resources and priorities, making it difficult for them to allocate resources to enforce copyright laws and combat piracy effectively. Additionally, there may be a lack of awareness or understanding of the negative impact of piracy on the software industry. As a result, piracy rates tend to be higher in these countries compared to more developed nations where governments have the means and motivation to enforce anti-piracy measures.

The explanation for the answer being False is that the implementation phase of the SDLC (Software Development Life Cycle) is not typically the phase that requires the greatest percentage of the total cost for a custom development project. The implementation phase involves actually building and coding the software, which may require resources and effort, but other phases like planning, requirements gathering, and testing can also incur significant costs. Therefore, it is not accurate to say that the implementation phase always requires the greatest percentage of the total cost.

PERT chart

The customer orders and customer returns of goods are examples of inputs in a sales tracking system. Inputs refer to the data or information that is entered into a system for processing. In this case, the customer orders and returns are the data that are received by the system to track and manage the sales process.

A logical system description focuses on describing the function and purpose of the system without specifying how it will be implemented. It provides a high-level overview of the system's behavior, structure, and interactions, without getting into the details of the physical components or network connections. This type of description helps to understand the system conceptually and is often used during the initial stages of system design and requirements gathering.

The construction phase of the SDLC typically requires the greatest percentage of the total cost for a custom development project. This phase involves the actual coding and development of the software, which can be time-consuming and resource-intensive. It requires skilled developers, project management, and testing efforts. The cost of hiring developers and allocating resources for this phase can significantly contribute to the overall cost of the project.

In addition to evaluating the vendors' responses from the formal RFP process, it is recommended to collect data through a software demonstration of the package. This will allow the evaluators to see the features and functionalities of the package in action and assess its suitability for their needs. Additionally, references from users of the software package in other companies should be collected to gather insights about their experience with the package, its performance, and any potential issues they encountered. Collecting both types of data will provide a comprehensive understanding of the leading candidate package.

All of the above types of employees may be involved in a purchased software project. Business unit representatives who will use the system may provide input on the requirements and functionality needed. Attorneys may be involved in reviewing and negotiating contracts related to the software purchase. Purchasing specialists may handle the procurement process and ensure compliance with organizational policies and procedures.

Purchasing packaged systems provides a long-term advantage by offering an infusion of external expertise. This means that the organization can benefit from the knowledge and experience of the vendors who developed the packaged systems. Additionally, purchasing packaged systems also leads to higher application quality. This implies that the systems are likely to be more reliable, efficient, and effective in meeting the organization's needs. Therefore, both A and C are correct as they explain the long-term advantages of purchasing packaged systems.

Open source software typically has the advantage of complete documentation being freely available. This means that users can easily access and understand how the software works, facilitating its use and troubleshooting. However, the given answer states that this is not an advantage of open source software, suggesting that complete documentation may not be freely available for open source software.

Project planning involves various components, including project scheduling, project budgeting, and project staffing. Project scheduling involves creating a timeline and determining the sequence of activities to be completed. Project budgeting involves estimating and allocating resources and costs for the project. Project staffing involves identifying and assigning the necessary personnel and resources for the project. Therefore, all of the above options are major components of project planning.

The highest level of project risk typically occurs during the beginning of a project because this is when there is the most uncertainty and ambiguity. During this stage, project objectives and requirements may not be fully defined, and there may be limited information available to make informed decisions. Additionally, there may be a lack of clear roles and responsibilities, and potential risks and obstacles may not have been identified or addressed yet. As the project progresses and moves into the planning and execution stages, more information becomes available, risks are identified and managed, and the project team gains experience and knowledge, reducing the overall level of risk.

All of the above options are major change management activities associated with successful IT projects. Communication about the project to all affected employees is crucial to ensure everyone is informed and on board with the changes. Training on the system and process changes is necessary to ensure employees have the necessary skills and knowledge to adapt to the new technology. Incentives to key team members can help motivate and reward their efforts during the project. All three activities play a significant role in managing change effectively in IT projects.

Ethical problems associated with the use of IT can affect managers, stockholders, and customers. This means that all of the options listed are potentially affected by ethical issues. Therefore, the correct answer is "all of the above."

DoubleClick is the correct answer because it is a large Internet advertising company that has caused concerns among privacy organizations due to its purchase or alliance with other companies. DoubleClick's acquisition by Google in 2007 raised concerns about the potential for data collection and privacy violations, as DoubleClick had access to a vast amount of user information through its advertising services. This acquisition prompted privacy organizations to voice their concerns and advocate for stricter regulations to protect user privacy in online advertising.

The correct answer is "first gained widespread popularity with the advent of Napster." This is because Napster was one of the first widely used platforms for sharing music on the internet. It allowed users to share and download music files for free, which led to its widespread popularity and sparked a significant shift in the music industry. While Napster faced legal challenges and was eventually shut down, its influence on the music-sharing culture cannot be denied.

Hierarchical decomposition involves breaking down a complex system into smaller, more manageable subsystems. One of the goals of this approach is to analyze or change only part of the system. By decomposing the system into smaller components, it becomes easier to focus on specific areas for analysis or modification without affecting the entire system. This goal helps in achieving a better understanding of the system and enables targeted improvements or changes to be made efficiently.

Both the number of users of the application and the potential impact on operations or decisions based on the application are important characteristics for determining the potential risks of developing a new business application by an employee with no professional IS training. The number of users can indicate the scale and complexity of the application, which can affect its stability and security. The potential impact on operations or decisions can determine the level of criticality and sensitivity of the application, which can impact the overall success and reputation of the business. Therefore, considering both A and B is crucial for assessing the risks involved in this scenario.

Modifications made to a package will indeed impact what modifications may need to be made when the vendor releases an upgraded version of the package. This is because any modifications made to the package will need to be re-implemented or re-integrated when the upgraded version is released. Therefore, the statement that modifications to a package will not impact future modifications is false.

Work breakdown analysis is the correct answer because it refers to the process of breaking down a project into smaller, manageable tasks or activities. It involves identifying the phases, tasks, and sub-tasks required to complete the project successfully. This analysis helps in understanding the scope of work, estimating resources and time required for each task, and determining the sequence in which tasks should be executed. Timeboxing is a technique used for managing time in Agile project management. Project scheduling involves creating a timeline and assigning resources to tasks. Milestone analysis focuses on identifying key milestones or significant events in a project.

It is difficult for companies to manage their e-mail on their own private subnets because individuals within the organization can make copies and save them, they can forward copies to others, and they do not completely remove them from their storage devices. These actions make it challenging for companies to control and monitor the dissemination and storage of sensitive information, potentially leading to security breaches and unauthorized access to confidential data.

Ethics discussions are important in an IT management forum because IT is having a growing impact on people's lives. As technology becomes more integrated into society, it is crucial for managers to consider the ethical implications of their decisions regarding IT usage within an organization and in interactions with suppliers and customers. By including ethics discussions, IT managers can ensure that their actions align with ethical standards and address potential concerns related to privacy, security, and social impact.

The given correct answer is "system quality much higher than with SDLC." This means that using RAD methodology does not necessarily result in higher system quality compared to using SDLC. RAD methodology is known for its focus on rapid development and flexibility to accommodate changes in system design at user request. It emphasizes on delivering a functional system quickly by focusing on essential system requirements. However, it does not guarantee a higher system quality compared to SDLC, which is a more structured and rigorous approach to software development.

The correct answer is "hire offshore legal expertise for writing contracts." This option is not a key guideline for managing day-to-day interactions with outsourced staff. It is important to communicate frequently, create a centralized project management office, and closely monitor and manage the work of the outsourcer's staff to ensure effective management and successful outcomes. However, hiring offshore legal expertise for writing contracts is not directly related to day-to-day interactions with outsourced staff but rather a separate aspect of managing outsourcing contracts.

When matching a company's needs with the capabilities of a software package, if there is a mismatch, the company can choose to modify the software package or change their business procedures to align with the software. This means that both options A and B are viable alternatives to address the mismatch. The company can either make changes to the software to meet their needs or adapt their business procedures to fit the capabilities of the software.

In a cost-reimbursement type of contract, the purchasing company assumes the greatest risk. This is because the purchasing company agrees to reimburse the vendor for all allowable costs incurred during the project, regardless of the outcome. This means that if the project ends up exceeding the budget or if the vendor incurs unforeseen expenses, the purchasing company is responsible for covering these costs. On the other hand, the vendor is not at risk as they are guaranteed reimbursement for their expenses. Therefore, the purchasing company bears the greatest risk in this type of contract.

While it is ideal for vendors to continue supporting all prior versions of a package, it is not always the case. Vendors may choose to discontinue support for older versions, especially if they have released newer versions with significant changes or improvements. Therefore, the statement that vendors continue to support all prior versions of a package is false.

A PERT chart is a project management chart that graphically models the sequence of project tasks and their interrelationships using flowchart diagrams. It stands for Program Evaluation and Review Technique and is commonly used in project management to analyze and plan the tasks involved in a project. The PERT chart helps to identify the critical path, dependencies, and time estimates for each task, allowing project managers to effectively schedule and allocate resources.

Spoofing refers to the act of creating a website that imitates a legitimate site with the intention of deceiving or defrauding internet users. This can involve copying the design, layout, and content of the original site to make it appear authentic. Spoofing is a form of cybercrime where the attacker aims to trick users into providing sensitive information such as passwords, credit card details, or personal information. Unlike identity theft, which involves stealing someone's personal information, spoofing specifically targets the act of creating fake websites to deceive users. Phishing is a type of spoofing attack commonly used to trick users into revealing their sensitive information.

The correct answer is "all of the above" because the COSO framework is a comprehensive framework that covers all areas of controls assessment. The framework includes principles and components for evaluating the control environment, risk assessment, and monitoring. Therefore, auditors assess controls in all of these areas when using the COSO framework.

The given answer "all of the above" is correct because it encompasses all the means to deal with key information security management issues mentioned in the previous statements. Managers need to identify and assign values to their information assets, determine the organization's ability to function without specific assets, and collaborate with departmental managers and asset owners to implement security procedures. By considering all of these factors, organizations can effectively manage information security risks and protect their valuable assets.

The correct answer is "all of the above". This means that all of the mentioned BCP (Business Continuity Planning) shortcomings have been identified during recent crises. The backup IT sites being too close to data centers can pose a risk as both locations may be affected by the same disaster. Plans for alternative workplaces for human resources are necessary to ensure business operations can continue even if the primary workplace is inaccessible. Evacuation plans should be practiced to ensure that employees know what to do in case of an emergency.

Creating a Business Continuity Plan (BCP) in the U.S. requires identifying interdependencies between critical business processes and business units. This is because a BCP aims to ensure that essential functions can continue during and after a disruption. By identifying interdependencies, organizations can determine which processes and units are crucial for their operations and prioritize them accordingly in the BCP. This helps in developing strategies to mitigate risks and ensure the continuity of critical business functions.

Both A and C are true about investigations of identity theft in the U.S. today. Banks often do not pursue all potential cases due to the high cost involved in investigating these crimes. Additionally, identity theft is indeed considered a U.S. federal crime, making it subject to federal investigation and prosecution.

The correct answer is "all of the above" because all three options - methodology standards, system testing, and system backup - are types of controls that contribute to the development of a high quality, reliable information system. Methodology standards provide a framework and guidelines for developing the system, system testing ensures that the system functions properly and meets the required standards, and system backup helps in protecting and recovering the data in case of any failures or disasters. Together, these controls work together to ensure the overall quality and reliability of the information system.

Hierarchical decomposition refers to the process of breaking down a system into successive levels of subsystems. This approach allows for a systematic and organized analysis of the system, where each subsystem is analyzed and designed separately. By breaking down the system into smaller components, it becomes easier to understand and manage the system as a whole. The term "hierarchical" implies that the subsystems are organized in a hierarchical structure, with higher-level subsystems encompassing lower-level ones. Therefore, hierarchical decomposition is the correct term for this process in basic systems terminology.

A context diagram is not part of the Unified Modeling Language (UML) for object-oriented (O-O) modeling. UML is a standardized modeling language used to visualize, specify, construct, and document the artifacts of a software system. It primarily focuses on the structure and behavior of the system, represented by class diagrams, sequence diagrams, and use case diagrams. However, a context diagram is a high-level diagram used in systems engineering to depict the interactions between a system and its external entities, providing an overview of the system's boundaries and interfaces.

The initiation phase of a project involves defining the project's objectives, scope, and stakeholders. A project charter is a document that formally authorizes the project and provides a clear understanding of its purpose, goals, and key stakeholders. It outlines the project's objectives, scope, deliverables, and constraints. Therefore, a project charter is a key deliverable for the initiation phase as it serves as a foundation for the project, ensuring that all stakeholders are aligned and have a common understanding of the project's purpose and goals.

The correct answer is "all of the above" because assigning the best human resources available to reduce a specific type of project risk, choosing an alternative technical approach to avoid risk exposure, and subcontracting a specific deliverable to a third-party are all common strategies used to avoid and mitigate risks in a project. These strategies help in minimizing the impact of potential risks and ensuring the successful completion of the project.

The organization's acceptable use policy typically includes all of the statements mentioned. The first statement establishes that the organization's computing resources are considered company property. The second statement clarifies that employees do not have privacy rights over their usage of these resources. Lastly, the third statement states that specific types of computing behavior are prohibited by federal or state laws. Therefore, the correct answer is "all of the above."

Having written privacy policies in organizations provides several benefits. Firstly, it helps in quickly removing employees who behave improperly by providing clear guidelines and standards for acceptable behavior. Secondly, it ensures compliance with one part of the Sarbanes-Oxley Act (SOX), which requires companies to establish and maintain internal controls, including privacy policies. Lastly, having written privacy policies improves the organization's ability to be insured by demonstrating that they have taken steps to protect sensitive information and mitigate potential risks. Therefore, all of the given options are correct and provide benefits to organizations with written privacy policies.

The recommended means for disseminating an organization's information security policy is through all of the above methods. Hardcopy distributions ensure that all employees, including new ones, receive a physical copy of the policy. Email distributions allow for easy and efficient dissemination to all employees. Posting the policy on the organization's intranet ensures that it is easily accessible to all employees at any time. Using all of these methods together ensures that the policy reaches all employees and increases the likelihood of awareness and compliance.

Advances in artificial intelligence can raise social and ethical issues because computers have the ability to sift through vast amounts of data more efficiently than humans, which can lead to concerns about privacy, security, and the potential for bias. Additionally, computers can be programmed to replace human experts in certain job roles, raising questions about unemployment and the impact on the workforce. Lastly, the ethical behavior of a robot depends on its programming, highlighting the need for careful consideration and regulation to ensure that AI systems act ethically and responsibly.

A software tool used to automate one or more steps of a software development methodology is referred to as CASE (Computer-Aided Software Engineering). CASE tools assist in various activities such as requirements gathering, design, coding, testing, and maintenance. These tools help streamline the software development process, improve productivity, and ensure better quality control. They provide functionalities like code generation, documentation generation, project management, and version control. Therefore, CASE is the correct answer as it specifically refers to the automation of software development steps.

The correct answer is procurement (including contract management). This competency has been developed recently by the Project Management Institute.

The project champion is typically a person within the company who takes on the responsibility of advocating for and driving a specific project forward. This individual is usually someone with influence and power within the organization, such as an influential business manager. They play a crucial role in securing resources, gaining support, and overcoming obstacles for the project's success. The CIO, CSO, and outside consultants may also play important roles in projects, but the project champion is specifically responsible for leading and championing the project from within the company.

Phishing is the correct answer because it refers to the act of sending deceptive emails that appear to be from a trusted source, with the intention of tricking the recipient into revealing personal or sensitive information. This is typically done by impersonating a legitimate enterprise, such as a bank or an online service provider, and requesting the user to provide confidential data like passwords or credit card details. Spoofing, cracking, and hacking are related terms but do not specifically involve the act of luring users into sharing private information through deceptive emails.

During the definition phase of the systems life cycle, business and systems professionals document the needs and feasibility of the system. This involves gathering requirements, understanding the goals and objectives of the system, and assessing whether it is technically and economically feasible to develop and implement the system. This phase sets the foundation for the rest of the life cycle by ensuring that the system is aligned with the organization's needs and can be successfully implemented.

An ASP (Application Service Provider) purchasing option involves the purchasing organization paying upfront costs for software licenses for all potential users. The software is typically already installed on the ASP's host computer, which makes the implementation faster. However, the statement that a third-party organization delivers the software functionality via the internet is not true. In an ASP purchasing option, the software functionality is delivered by the ASP itself, not a third-party organization.

In the context of purchasing a software package, a successful definition phase refers to the stage where the requirements and specifications of the software are clearly defined. At the end of this phase, a vendor contract is typically established. This contract outlines the terms and conditions of the agreement between the purchaser and the vendor, including the scope of the software package, pricing, support services, and any other relevant details. Therefore, a vendor contract is the appropriate outcome of a successful definition phase in software package procurement.

The correct answer is "all of the above" because when modifying the code of a purchased package, options include having a contract with the vendor, having a contract with a third party, or obtaining the source code from the vendor. These options cover all possible ways to modify the code of a purchased package.

The success of an installation plan for a purchased package can be affected by various factors. One such factor is the level of vendor support before the installation. If the vendor provides adequate support and guidance during the planning phase, it increases the chances of a successful installation. Similarly, vendor support after Go Live is crucial as it ensures any issues or problems that arise post-installation are promptly addressed. Additionally, the number of different business units implementing the software and their locations can also impact the success of the installation plan, as it introduces complexity and coordination challenges. Therefore, all of the above factors can affect the success of the installation plan.

When extensive changes in business processes and procedures are required to effectively implement purchased software, the role of a project manager is typically assigned to business managers. A project manager is responsible for planning, organizing, and overseeing the implementation of a project, ensuring that it is completed successfully within the defined scope, budget, and timeline. In this case, the business managers are asked to take on the role of a project manager to ensure that the necessary changes are implemented smoothly and efficiently.

An organization's management must assign a person or persons to be responsible for HIPAA compliance if it applies to its activities. This is necessary to ensure that the organization understands and follows the regulations set forth by HIPAA. This individual or team will be responsible for implementing policies and procedures, training employees, conducting audits, and handling any breaches or violations of HIPAA regulations. By assigning someone to be responsible for HIPAA compliance, the organization demonstrates its commitment to protecting patient privacy and maintaining the security of health information.

Patents prevent someone else from creating another computer program that does the same thing as a copyrighted program. Patents provide legal protection for inventions, including software, and grant exclusive rights to the inventor to prevent others from making, using, or selling the patented invention without permission. Copyrights, on the other hand, protect original works of authorship, such as literary, musical, and artistic works, but do not prevent others from creating similar programs. Therefore, the correct answer is patents.

During the implementation phase of the systems life cycle, one of the early steps is to convert the data and procedures from the old system. This involves transferring the existing data and procedures from the old system to the new system in order to ensure continuity and functionality. This step is crucial as it allows for a smooth transition from the old system to the new system without losing any important data or procedures.