Scribd Logo
Upload

Welcome to Scribd!

  • 59 views

    Project Management in IT Security - EC Council Course

    Uploaded by

    CSK
    The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content

    You might also like

    Project Management in IT Security - EC Council Course

    Uploaded by

    CSK
    59 views4 pages
    The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    59 views4 pages

    Project Management in IT Security - EC Council Course

    Uploaded by

    CSK
    The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 4

    Components of PMITS

     Define the project


     Determine what role network security plays
     Brainstorm various security solutions
     Determine the limitations of these solutions
     Draft a corporate security project plan
     Prepare the success metrics
     Determine the limitations of the project
     Check the business strategy and that of IT security
     Check feasibility of IT security project implementation with work culture and
    policies

    Organizing or initiating the IT security


    project

     List the stakeholders in PMITS


     Evaluate and summarize the team development plan
     Determine the requirements specification for the IT security project
     Determine the objectives
     Determine the processes
     Check and determine the issue tracking and management systems
     Understand the approval filters and processes

    Setting up the IT security project team

     Determine the PMITS team requirements


     Determine the skill set needed to execute the IT security project
     Determine the roles and responsibilities of the individual team members
     Check the reporting structure needed
     Check for the budget and policies when it comes to recruiting for the team
     Identify the limitation involved in staffing for the IT security project
     Chalk out the process of hiring (with HR)
     Determine how you will develop the IT team
    Planning the IT security project

     Determine the amount and magnitude of the work to be carried out in PMITS
     Check the scope of the project defined
     Break down the activities to be conducted in smaller tasks and sub-tasks
     Put up descriptions for each task and sub-task
     Determine the quality and value adding stream and the value depreciating stream
     Check adherence to government rules and regulations
     Determine the risks, budget, schedule, and communication plans before
    commencing

    Managing the IT security project

     Start the project with a bang


     Determine how to calculate piece by piece of success
     Determine how to organize and present data on success
     Check for the documentation and guidelines necessary for the IT security project
     Indulge in risk management
     Determine how change management will take place with PMITS
     Determine the testing units and sessions

    Implementing quality into the IT security


    project

     Determine the level of quality needed by the business


     Determine the gap between current process quality and optimum or ideal process
    quality
     Put in place quality metrics
     Enforce standard operational quality for the IT security project
     Put in place systems to measure and flag quality milestones
     Enforce quality control and assurance parameters
    Closing the IT security project

     Determine what slates the IT security project as completed with regard to PMITS
     Brainstorm how to close or pending, open issues and requests for changes
     Prepare a closure statement and report
     Prepare for deployment/implementation of the success of the IT security project
     Handover the reins to operation managers to carry out the change implemented
     Prepare a solid compliance report

    Defining a monitoring and controlling


    system for the IT project implementation

     Define a continuous monitoring strategy for the project


     Clearly check for all legal adherences and feasibilities
     Understand laws pertaining to unauthorized access
     Understand penetration testing and security auditing
     Know the reasons for security breaches
     Know the factors compromising corporate IT data security
     Understand IT infrastructure security assessment
     Determine the mitigations strategies and risks involved
     Understand the Health Insurance Portability and Accountability Act 195 Sarbanes-
    Oxley Act

    Generalized IT security plans

    Generalized IT security planning would include many generic actions that are needed as
    key actions for the successful completion and implementation of the IT security project as
    the PMITS. These would include the following:

     Stages of auditing
     The role that security assessment and auditing carried out during the length of
    the project
     The resources that need these set of audits
     Risk assessment processes such as penetration testing and scanning for
    vulnerability
     Authentication and access control
     Entries within reports to different stakeholders and executives
     Project parameters and metrics
     Work breakdown structure (WBS)
     Assessment and audit reports
     Impact analysis of the IT security project plan
     Constraints of the set project plan
     Guidelines for all processes
     Guidelines for wireless audits
     Wireless threats and solutions

    Operational IT security plans

     The role of operational security assessment and auditing carried out during the
    length of the project
     Set up incident reporting and response processes
     Build a response team for operational security
     Understand all regulatory issues
     Understand all operational security policies
     Determine disaster recovery processes for IT operational security
     Explain the different IT operational security parameters
     Risks and mitigation strategies to be employed
     Constraints that can hamper the operational security and assumptions that need
    to be made
     Determine the impact of Health Insurance Portability and Accountability Act,
    Gramm-Leach-Bliley Act, and Sarbanes-Oxley Act on IT operational security

    You might also like