SlideShare a Scribd company logo

Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

The document discusses the implementation phase of a security project life cycle. It explains that an organization's security blueprint must be translated into a detailed project plan that addresses leadership, budget, timelines, staffing needs, and organizational considerations. An effective project plan uses a work breakdown structure and considers financial, priority, scheduling, procurement, and change management factors. The project manager plays a key role in planning, supervising, and wrapping up the project successfully.

Education
1 of 15
Principles of Information Security, Fifth Edition Chapter 10 Implementing Information Security Lesson 1 – Implementation Phase
Learning Objectives • Upon completion of this material, you should be able to: – Explain how an organization’s information security blueprint becomes a project plan – Discuss the many organizational considerations that a project plan must address – Explain the significance of the project manager’s role in the success of an information security project – Describe the need for professional project management for complex projects Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Describe technical strategies and models for implementing a project plan – List and discuss the nontechnical problems that organizations face in times of rapid change Principles of Information Security, Fifth Edition 3
Introduction • SecSDLC implementation phase is accomplished by changing the configuration and operation of an organization’s information systems. • Implementation includes changes to: – Procedures (through policy) – People (through training) – Hardware (through firewalls) – Software (through encryption) – Data (through classification) • Organization translates blueprint for information security into a project plan. Principles of Information Security, Fifth Edition 4
Information Security Project Management • Project plan must address project leadership, managerial/technical/budgetary considerations, and organizational resistance to change. • Major steps in executing a project plan are: – Planning the project – Supervising tasks and action steps – Wrapping up • Each organization must determine its own project management methodology for IT and information security projects. Principles of Information Security, Fifth Edition 5
Developing the Project Plan • Creation of a project plan can be done using work breakdown structure (WBS). • Major project tasks in WBS are: – Work to be accomplished – Assignees – Start and end dates – Amount of effort required – Estimated capital and noncapital expenses – Identification of dependencies between/among tasks • Each major WBS task is further divided into smaller tasks or specific action steps. Principles of Information Security, Fifth Edition 6
Principles of Information Security, Fifth Edition 7
Project Planning Considerations • As project plan is developed, adding detail is not always straightforward. • Special considerations include financial, priority, time and schedule, staff, procurement, organizational feasibility, training and indoctrination, and scope. Principles of Information Security, Fifth Edition 8
Project Planning Considerations (cont’d) • Financial considerations – Regardless of existing information security needs, the amount of effort that can be expended depends on available funds. – Cost-benefit analysis must be reviewed and verified prior to the development of a project plan. – Both public and private organizations have budgetary constraints, though of a different nature. – To justify an amount budgeted for a security project at either public or for-profit organizations, it may be useful to benchmark expenses of similar organizations. Principles of Information Security, Fifth Edition 9
Project Planning Considerations (cont’d) • Priority considerations – In general, the most important information security controls should be scheduled first. – Implementation of controls is guided by prioritization of threats and value of threatened information assets. Principles of Information Security, Fifth Edition 10
Project Planning Considerations (cont’d) • Time and scheduling considerations – Time impacts project plans at dozens of points, including: • Time to order, receive, install, and configure security control • Time to train the users • Time to realize control’s return on investment Principles of Information Security, Fifth Edition 11
Project Planning Considerations (cont’d) • Staffing considerations – Need for qualified, trained, and available personnel constrains project plan – Experienced staff is often needed to implement technologies and develop and implement policies and training programs. • Procurement considerations – Often constraints on the selection of equipment/services • Some organizations require use of particular service vendors/manufacturers/suppliers. – These constraints may limit which technologies can be acquired. Principles of Information Security, Fifth Edition 12
Project Planning Considerations (cont’d) • Organizational feasibility considerations – Changes should be transparent to system users unless the new technology is intended to change procedures (e.g., requiring additional authentication or verification). – Successful project requires that organization be able to assimilate proposed changes. – New technologies sometimes require new policies, employee training, and education. Principles of Information Security, Fifth Edition 13
Project Planning Considerations (cont’d) • Training and indoctrination considerations – Size of organization and normal conduct of business may preclude a large training program for new security procedures/technologies. – If so, the organization should conduct phased-in or pilot implementation. Principles of Information Security, Fifth Edition 14
Project Planning Considerations (cont’d) • Scope considerations – Project scope: description of project’s features, capabilities, functions, and quality level, used as the basis of a project plan – Organizations should implement large information security projects in stages. Principles of Information Security, Fifth Edition 15

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion Detection
MLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk Managment
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPS
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solution
Vivek Maurya
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
MLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
MLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
MLG College of Learning, Inc
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
Dan Michaluk
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
MLG College of Learning, Inc
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
MLG College of Learning, Inc
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
John Gilligan
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
Erik Taavila
 
Implementing security
Implementing securityImplementing security
Implementing security
Dhani Ahmad
 
System and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxSystem and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptx
PangeranSilalahi
 

More Related Content

What's hot

Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
Krist Davood - Principal - CIO
 

What's hot (20)

Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Similar to Lesson 1

CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
Ahmad Ammari
 
Project Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project iProject Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project i
davieec5f
 
Lessons learned comm_industry
Lessons learned comm_industryLessons learned comm_industry
Lessons learned comm_industry
frmichler
 
PurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilitPurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilit
TakishaPeck109
 
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile ProjectsDOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
Gene Kim
 
I need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course pI need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course p
doylymaura
 
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docxRunning Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
jeanettehully
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
AxmedMaxamuud6
 

Similar to Lesson 1 (20)

Implementing security
Implementing securityImplementing security
Implementing security
 
System and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxSystem and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptx
 
Software engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharmaSoftware engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharma
 
Module 2 - IDP.pptx
Module 2 - IDP.pptxModule 2 - IDP.pptx
Module 2 - IDP.pptx
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
 
Project Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project iProject Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project i
 
Lessons learned comm_industry
Lessons learned comm_industryLessons learned comm_industry
Lessons learned comm_industry
 
Chapter 02
Chapter 02Chapter 02
Chapter 02
 
4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdf4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdf
 
Sadchap02
Sadchap02Sadchap02
Sadchap02
 
PurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilitPurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilit
 
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile ProjectsDOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
 
Itrisksisaudit1
Itrisksisaudit1Itrisksisaudit1
Itrisksisaudit1
 
I need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course pI need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course p
 
Mg6088 spm unit-1
Mg6088 spm unit-1Mg6088 spm unit-1
Mg6088 spm unit-1
 
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docxRunning Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
 
Proj Mgmt.ppt
Proj Mgmt.pptProj Mgmt.ppt
Proj Mgmt.ppt
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
ZurliaSoop
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
KarakKing
 

Recently uploaded (20)

Towards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptxTowards a code of practice for AI in AT.pptx
Towards a code of practice for AI in AT.pptx
 
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
Jual Obat Aborsi Hongkong ( Asli No.1 ) 085657271886 Obat Penggugur Kandungan...
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
80 ĐỀ THI THỬ TUYỂN SINH TIẾNG ANH VÀO 10 SỞ GD – ĐT THÀNH PHỐ HỒ CHÍ MINH NĂ...
 
Salient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functionsSalient Features of India constitution especially power and functions
Salient Features of India constitution especially power and functions
 
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
NO1 Top Black Magic Specialist In Lahore Black magic In Pakistan Kala Ilam Ex...
 
Python Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docxPython Notes for mca i year students osmania university.docx
Python Notes for mca i year students osmania university.docx
 
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
2024-NATIONAL-LEARNING-CAMP-AND-OTHER.pptx
 
How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17How to Give a Domain for a Field in Odoo 17
How to Give a Domain for a Field in Odoo 17
 
This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.This PowerPoint helps students to consider the concept of infinity.
This PowerPoint helps students to consider the concept of infinity.
 
On National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan FellowsOn National Teacher Day, meet the 2024-25 Kenan Fellows
On National Teacher Day, meet the 2024-25 Kenan Fellows
 
Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)Jamworks pilot and AI at Jisc (20/03/2024)
Jamworks pilot and AI at Jisc (20/03/2024)
 
REMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptxREMIFENTANIL: An Ultra short acting opioid.pptx
REMIFENTANIL: An Ultra short acting opioid.pptx
 
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
Kodo Millet PPT made by Ghanshyam bairwa college of Agriculture kumher bhara...
 
Application orientated numerical on hev.ppt
Application orientated numerical on hev.pptApplication orientated numerical on hev.ppt
Application orientated numerical on hev.ppt
 
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdfUnit 3 Emotional Intelligence and Spiritual Intelligence.pdf
Unit 3 Emotional Intelligence and Spiritual Intelligence.pdf
 
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptxHMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
HMCS Vancouver Pre-Deployment Brief - May 2024 (Web Version).pptx
 
Sociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning ExhibitSociology 101 Demonstration of Learning Exhibit
Sociology 101 Demonstration of Learning Exhibit
 
How to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POSHow to Manage Global Discount in Odoo 17 POS
How to Manage Global Discount in Odoo 17 POS
 
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptxCOMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
COMMUNICATING NEGATIVE NEWS - APPROACHES .pptx
 

Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 10 Implementing Information Security Lesson 1 – Implementation Phase
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Explain how an organization’s information security blueprint becomes a project plan – Discuss the many organizational considerations that a project plan must address – Explain the significance of the project manager’s role in the success of an information security project – Describe the need for professional project management for complex projects Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Describe technical strategies and models for implementing a project plan – List and discuss the nontechnical problems that organizations face in times of rapid change Principles of Information Security, Fifth Edition 3
  • 4. Introduction • SecSDLC implementation phase is accomplished by changing the configuration and operation of an organization’s information systems. • Implementation includes changes to: – Procedures (through policy) – People (through training) – Hardware (through firewalls) – Software (through encryption) – Data (through classification) • Organization translates blueprint for information security into a project plan. Principles of Information Security, Fifth Edition 4
  • 5. Information Security Project Management • Project plan must address project leadership, managerial/technical/budgetary considerations, and organizational resistance to change. • Major steps in executing a project plan are: – Planning the project – Supervising tasks and action steps – Wrapping up • Each organization must determine its own project management methodology for IT and information security projects. Principles of Information Security, Fifth Edition 5
  • 6. Developing the Project Plan • Creation of a project plan can be done using work breakdown structure (WBS). • Major project tasks in WBS are: – Work to be accomplished – Assignees – Start and end dates – Amount of effort required – Estimated capital and noncapital expenses – Identification of dependencies between/among tasks • Each major WBS task is further divided into smaller tasks or specific action steps. Principles of Information Security, Fifth Edition 6
  • 7. Principles of Information Security, Fifth Edition 7
  • 8. Project Planning Considerations • As project plan is developed, adding detail is not always straightforward. • Special considerations include financial, priority, time and schedule, staff, procurement, organizational feasibility, training and indoctrination, and scope. Principles of Information Security, Fifth Edition 8
  • 9. Project Planning Considerations (cont’d) • Financial considerations – Regardless of existing information security needs, the amount of effort that can be expended depends on available funds. – Cost-benefit analysis must be reviewed and verified prior to the development of a project plan. – Both public and private organizations have budgetary constraints, though of a different nature. – To justify an amount budgeted for a security project at either public or for-profit organizations, it may be useful to benchmark expenses of similar organizations. Principles of Information Security, Fifth Edition 9
  • 10. Project Planning Considerations (cont’d) • Priority considerations – In general, the most important information security controls should be scheduled first. – Implementation of controls is guided by prioritization of threats and value of threatened information assets. Principles of Information Security, Fifth Edition 10
  • 11. Project Planning Considerations (cont’d) • Time and scheduling considerations – Time impacts project plans at dozens of points, including: • Time to order, receive, install, and configure security control • Time to train the users • Time to realize control’s return on investment Principles of Information Security, Fifth Edition 11
  • 12. Project Planning Considerations (cont’d) • Staffing considerations – Need for qualified, trained, and available personnel constrains project plan – Experienced staff is often needed to implement technologies and develop and implement policies and training programs. • Procurement considerations – Often constraints on the selection of equipment/services • Some organizations require use of particular service vendors/manufacturers/suppliers. – These constraints may limit which technologies can be acquired. Principles of Information Security, Fifth Edition 12
  • 13. Project Planning Considerations (cont’d) • Organizational feasibility considerations – Changes should be transparent to system users unless the new technology is intended to change procedures (e.g., requiring additional authentication or verification). – Successful project requires that organization be able to assimilate proposed changes. – New technologies sometimes require new policies, employee training, and education. Principles of Information Security, Fifth Edition 13
  • 14. Project Planning Considerations (cont’d) • Training and indoctrination considerations – Size of organization and normal conduct of business may preclude a large training program for new security procedures/technologies. – If so, the organization should conduct phased-in or pilot implementation. Principles of Information Security, Fifth Edition 14
  • 15. Project Planning Considerations (cont’d) • Scope considerations – Project scope: description of project’s features, capabilities, functions, and quality level, used as the basis of a project plan – Organizations should implement large information security projects in stages. Principles of Information Security, Fifth Edition 15