Outline chapter 10 - Outline chapter 10 Implementing...

Download Document
Showing pages : 1 - 2 of 7
This preview has blurred sections. Sign up to view the full version! View Full Document
Outline chapter 10 Implementing Information Security The implementation phase is accomplished by changing the configuration and operation of the organization’s information system to make them more secure, it includes changes to the following: Procedures, People, Hardware, Software, and Data Development Life Cycle (SecSDLC) SecSDLC involves collecting information about an organization’s objectives, its technical architecture, and its information security environment. There elements are used to form the information security blueprint, which is the foundation for the protection of the confidentiality, integrity, and availability of the organization’s information. 437 Project Plan The project plan instructs the individuals who are executing the implementation phase. These instruction focus on the security control changes that are needed to improve the security of the hardware, software, procedures, data, and people that make up the organization’s information systems. 437 Major steps in executing project plan 1-Planing, 2-Supervising tasks and action steps, 3-Wrapping up. 438 The task of creating such a project plan is often assigned to either a project manager or the project champion. Often project manager is from the IT community of interest. Work breakdown structure (WBS) A planning tool to accomplish a project plan 438 The major project tasks are placed into WBS, along with the following attributes for each: Work to be accomplished (activities and deliverables) Individuals (or skill set) assigned to perform the task Start and end dates for the task (when known) Amount of effort required for completion in hours or work days Estimated capital expenses for the task Estimated noncapital expenses for the task Identification of dependencies between and among tasks 438
Background image of page 1
A task or subtask becomes an action step when it can be completed by one individual or skill set and when it includes a single deliverable. Deliverable Is a completed document or program module that can either serve as the beginning point for a later task or become an element in the finished project. If the task is to write firewall specifications for the preparation of a request for proposal (RFP), the planner should note that the deliverable is a specification document suitable for distribution to vendors. 439 Assignee The project planner should describe the skill set or person, often called a resource , needed to accomplish the task. If any of the engineers in the networks group can write the specifications for a router, the assigned resource would be noted as “network engineer” on the WBS. When only the manager of the networks group can evaluate the responses for the RFP and make an award for a contract, the project planner should identify the network manager as the resource assigned to this task.
Background image of page 2
Image of page 3
This is the end of the preview. Sign up to access the rest of the document.