This preview has intentionally blurred parts. Sign up to view the full document

View Full Document

Unformatted Document Excerpt

Outline chapter 10 Implementing Information Security The implementation phase is accomplished by changing the configuration and operation of the organizations information system to make them more secure, it includes changes to the following: Procedures, People, Hardware, Software, and Data Development Life Cycle (SecSDLC) SecSDLC involves collecting information about an organizations objectives, its technical architecture, and its information security environment. There elements are used to form the information security blueprint, which is the foundation for the protection of the confidentiality, integrity, and availability of the organizations information. 437 Project Plan The project plan instructs the individuals who are executing the implementation phase. These instruction focus on the security control changes that are needed to improve the security of the hardware, software, procedures, data, and people that make up the organizations information systems. 437 Major steps in executing project plan 1-Planing, 2-Supervising tasks and action steps, 3-Wrapping up. 438 The task of creating such a project plan is often assigned to either a project manager or the project champion. Often project manager is from the IT community of interest. Work breakdown structure (WBS) A planning tool to accomplish a project plan 438 The major project tasks are placed into WBS, along with the following attributes for each: Work to be accomplished (activities and deliverables) Individuals (or skill set) assigned to perform the task Start and end dates for the task (when known) Amount of effort required for completion in hours or work days Estimated capital expenses for the task Estimated noncapital expenses for the task Identification of dependencies between and among tasks 438 A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable. Deliverable Is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project. If the task is to write firewall specifications for the preparation of a request for proposal (RFP), the planner should note that the deliverable is a specification document suitable for distribution to vendors. 439 Assignee The project planner should describe the skill set or person, often called a resource , needed to accomplish the task. If any of the engineers in the networks group can write the specifications for a router, the assigned resource would be noted as network engineer on the WBS. When only the manager of the networks group can evaluate the responses for the RFP and make an award for a contract, the project planner should identify the network manager as the resource assigned to this task.... View Full Document

End of Preview

Sign up now to access the rest of the document