SlideShare a Scribd company logo

Lesson 1

Download as PPT, PDF
M
MLG College of Learning, Inc

The document discusses the implementation phase of a security project life cycle. It explains that an organization's security blueprint must be translated into a detailed project plan that addresses leadership, budget, timelines, staffing needs, and organizational considerations. An effective project plan uses a work breakdown structure and considers financial, priority, scheduling, procurement, and change management factors. The project manager plays a key role in planning, supervising, and wrapping up the project successfully.

Education
1 of 15
Principles of Information Security, Fifth Edition Chapter 10 Implementing Information Security Lesson 1 – Implementation Phase
Learning Objectives • Upon completion of this material, you should be able to: – Explain how an organization’s information security blueprint becomes a project plan – Discuss the many organizational considerations that a project plan must address – Explain the significance of the project manager’s role in the success of an information security project – Describe the need for professional project management for complex projects Principles of Information Security, Fifth Edition 2
Learning Objectives (cont’d) – Describe technical strategies and models for implementing a project plan – List and discuss the nontechnical problems that organizations face in times of rapid change Principles of Information Security, Fifth Edition 3
Introduction • SecSDLC implementation phase is accomplished by changing the configuration and operation of an organization’s information systems. • Implementation includes changes to: – Procedures (through policy) – People (through training) – Hardware (through firewalls) – Software (through encryption) – Data (through classification) • Organization translates blueprint for information security into a project plan. Principles of Information Security, Fifth Edition 4
Information Security Project Management • Project plan must address project leadership, managerial/technical/budgetary considerations, and organizational resistance to change. • Major steps in executing a project plan are: – Planning the project – Supervising tasks and action steps – Wrapping up • Each organization must determine its own project management methodology for IT and information security projects. Principles of Information Security, Fifth Edition 5
Developing the Project Plan • Creation of a project plan can be done using work breakdown structure (WBS). • Major project tasks in WBS are: – Work to be accomplished – Assignees – Start and end dates – Amount of effort required – Estimated capital and noncapital expenses – Identification of dependencies between/among tasks • Each major WBS task is further divided into smaller tasks or specific action steps. Principles of Information Security, Fifth Edition 6
Principles of Information Security, Fifth Edition 7
Project Planning Considerations • As project plan is developed, adding detail is not always straightforward. • Special considerations include financial, priority, time and schedule, staff, procurement, organizational feasibility, training and indoctrination, and scope. Principles of Information Security, Fifth Edition 8
Project Planning Considerations (cont’d) • Financial considerations – Regardless of existing information security needs, the amount of effort that can be expended depends on available funds. – Cost-benefit analysis must be reviewed and verified prior to the development of a project plan. – Both public and private organizations have budgetary constraints, though of a different nature. – To justify an amount budgeted for a security project at either public or for-profit organizations, it may be useful to benchmark expenses of similar organizations. Principles of Information Security, Fifth Edition 9
Project Planning Considerations (cont’d) • Priority considerations – In general, the most important information security controls should be scheduled first. – Implementation of controls is guided by prioritization of threats and value of threatened information assets. Principles of Information Security, Fifth Edition 10
Project Planning Considerations (cont’d) • Time and scheduling considerations – Time impacts project plans at dozens of points, including: • Time to order, receive, install, and configure security control • Time to train the users • Time to realize control’s return on investment Principles of Information Security, Fifth Edition 11
Project Planning Considerations (cont’d) • Staffing considerations – Need for qualified, trained, and available personnel constrains project plan – Experienced staff is often needed to implement technologies and develop and implement policies and training programs. • Procurement considerations – Often constraints on the selection of equipment/services • Some organizations require use of particular service vendors/manufacturers/suppliers. – These constraints may limit which technologies can be acquired. Principles of Information Security, Fifth Edition 12
Project Planning Considerations (cont’d) • Organizational feasibility considerations – Changes should be transparent to system users unless the new technology is intended to change procedures (e.g., requiring additional authentication or verification). – Successful project requires that organization be able to assimilate proposed changes. – New technologies sometimes require new policies, employee training, and education. Principles of Information Security, Fifth Edition 13
Project Planning Considerations (cont’d) • Training and indoctrination considerations – Size of organization and normal conduct of business may preclude a large training program for new security procedures/technologies. – If so, the organization should conduct phased-in or pilot implementation. Principles of Information Security, Fifth Edition 14
Project Planning Considerations (cont’d) • Scope considerations – Project scope: description of project’s features, capabilities, functions, and quality level, used as the basis of a project plan – Organizations should implement large information security projects in stages. Principles of Information Security, Fifth Edition 15

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 

Recommended

Lesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionLesson 1- Intrusion Detection
Lesson 1- Intrusion DetectionMLG College of Learning, Inc
 
Lesson 1- Risk Managment
Lesson 1- Risk ManagmentLesson 1- Risk Managment
Lesson 1- Risk ManagmentMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSLesson 3- Effectiveness of IDPS
Lesson 3- Effectiveness of IDPSMLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Ise viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionIse viii-information and network security [10 is835]-solution
Ise viii-information and network security [10 is835]-solutionVivek Maurya
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical ControlsMLG College of Learning, Inc
 
Lesson 3
Lesson 3Lesson 3
Lesson 3MLG College of Learning, Inc
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application LayerMLG College of Learning, Inc
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 4
Lesson 4Lesson 4
Lesson 4MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationMLG College of Learning, Inc
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair ApproachMLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction MLG College of Learning, Inc
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Lesson 1
Lesson 1Lesson 1
Lesson 1MLG College of Learning, Inc
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography toolsMLG College of Learning, Inc
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesKrist Davood - Principal - CIO
 
Lesson 2
Lesson 2Lesson 2
Lesson 2MLG College of Learning, Inc
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 
Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
System and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxSystem and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxPangeranSilalahi
 

More Related Content

What's hot

Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4MLG College of Learning, Inc
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2MLG College of Learning, Inc
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsDan Michaluk
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSJohn Gilligan
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellenceErik Taavila
 

What's hot (20)

Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3Information Assurance And Security - Chapter 1 - Lesson 3
Information Assurance And Security - Chapter 1 - Lesson 3
 
Lesson 1 - Technical Controls
Lesson 1 - Technical ControlsLesson 1 - Technical Controls
Lesson 1 - Technical Controls
 
Lesson 3
Lesson 3Lesson 3
Lesson 3
 
Lessson 2 - Application Layer
Lessson 2 - Application LayerLessson 2 - Application Layer
Lessson 2 - Application Layer
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 4
Lesson 4Lesson 4
Lesson 4
 
Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4Information Assurance And Security - Chapter 1 - Lesson 4
Information Assurance And Security - Chapter 1 - Lesson 4
 
Lesson 2- Information Asset Valuation
Lesson 2- Information Asset ValuationLesson 2- Information Asset Valuation
Lesson 2- Information Asset Valuation
 
Lesson 3- Fair Approach
Lesson 3- Fair ApproachLesson 3- Fair Approach
Lesson 3- Fair Approach
 
Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2Information Assurance And Security - Chapter 1 - Lesson 2
Information Assurance And Security - Chapter 1 - Lesson 2
 
Lesson 1 - Introduction
Lesson 1 - Introduction Lesson 1 - Introduction
Lesson 1 - Introduction
 
The privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analyticsThe privacy and security implications of AI, big data and predictive analytics
The privacy and security implications of AI, big data and predictive analytics
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Lesson 1
Lesson 1Lesson 1
Lesson 1
 
Lesson 2 Cryptography tools
Lesson 2 Cryptography toolsLesson 2 Cryptography tools
Lesson 2 Cryptography tools
 
Cybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for ExecutivesCybersecurity Roadmap Development for Executives
Cybersecurity Roadmap Development for Executives
 
Lesson 2
Lesson 2Lesson 2
Lesson 2
 
Cybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHSCybersecurity Priorities and Roadmap: Recommendations to DHS
Cybersecurity Priorities and Roadmap: Recommendations to DHS
 
Roadmap to security operations excellence
Roadmap to security operations excellenceRoadmap to security operations excellence
Roadmap to security operations excellence
 

Similar to Lesson 1

Implementing security
Implementing securityImplementing security
Implementing securityDhani Ahmad
 
System and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxSystem and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxPangeranSilalahi
 
Software engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharmaSoftware engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharmaVishnu Sharma
 
Module 2 - IDP.pptx
Module 2 - IDP.pptxModule 2 - IDP.pptx
Module 2 - IDP.pptxRAJESH S
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2Ahmad Ammari
 
Project Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project iProject Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project idavieec5f
 
Lessons learned comm_industry
Lessons learned comm_industryLessons learned comm_industry
Lessons learned comm_industryfrmichler
 
4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdf4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdfJose thomas
 
PurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilitPurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilitTakishaPeck109
 
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile ProjectsDOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile ProjectsGene Kim
 
I need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course pI need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course pdoylymaura
 
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docxRunning Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docxjeanettehully
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfAxmedMaxamuud6
 

Similar to Lesson 1 (20)

Implementing security
Implementing securityImplementing security
Implementing security
 
System and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptxSystem and Infrastructure Lifecycle Management.pptx
System and Infrastructure Lifecycle Management.pptx
 
Software engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharmaSoftware engineering by Dr. vishnu sharma
Software engineering by Dr. vishnu sharma
 
Module 2 - IDP.pptx
Module 2 - IDP.pptxModule 2 - IDP.pptx
Module 2 - IDP.pptx
 
Whitman_Ch10.pptx
Whitman_Ch10.pptxWhitman_Ch10.pptx
Whitman_Ch10.pptx
 
ch11.ppt
ch11.pptch11.ppt
ch11.ppt
 
CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2CIS 2303 LO2 Part 2
CIS 2303 LO2 Part 2
 
Project Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project iProject Access Control ProposalPurposeThis course project i
Project Access Control ProposalPurposeThis course project i
 
Lessons learned comm_industry
Lessons learned comm_industryLessons learned comm_industry
Lessons learned comm_industry
 
Chapter 02
Chapter 02Chapter 02
Chapter 02
 
4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdf4 reasons why your staff should keep time records.pdf
4 reasons why your staff should keep time records.pdf
 
Sadchap02
Sadchap02Sadchap02
Sadchap02
 
PurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilitPurposeThis course project is intended to assess your abilit
PurposeThis course project is intended to assess your abilit
 
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile ProjectsDOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
DOES14 - Pat Reed - Project Labor Cost Accounting for Agile Projects
 
Itrisksisaudit1
Itrisksisaudit1Itrisksisaudit1
Itrisksisaudit1
 
I need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course pI need 10 pages of report and 10 slides PurposeThis course p
I need 10 pages of report and 10 slides PurposeThis course p
 
Mg6088 spm unit-1
Mg6088 spm unit-1Mg6088 spm unit-1
Mg6088 spm unit-1
 
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docxRunning Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
Running Head PROJECT PLAN-BUSINESS REQUIREMENT DOCUMENT .docx
 
chapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdfchapter02-120827115348-phpapp01.pdf
chapter02-120827115348-phpapp01.pdf
 
Proj Mgmt.ppt
Proj Mgmt.pptProj Mgmt.ppt
Proj Mgmt.ppt
 

More from MLG College of Learning, Inc

More from MLG College of Learning, Inc (20)

PC111.Lesson2
PC111.Lesson2PC111.Lesson2
PC111.Lesson2
 
PC111.Lesson1
PC111.Lesson1PC111.Lesson1
PC111.Lesson1
 
PC111-lesson1.pptx
PC111-lesson1.pptxPC111-lesson1.pptx
PC111-lesson1.pptx
 
PC LEESOON 6.pptx
PC LEESOON 6.pptxPC LEESOON 6.pptx
PC LEESOON 6.pptx
 
PC 106 PPT-09.pptx
PC 106 PPT-09.pptxPC 106 PPT-09.pptx
PC 106 PPT-09.pptx
 
PC 106 PPT-07
PC 106 PPT-07PC 106 PPT-07
PC 106 PPT-07
 
PC 106 PPT-01
PC 106 PPT-01PC 106 PPT-01
PC 106 PPT-01
 
PC 106 PPT-06
PC 106 PPT-06PC 106 PPT-06
PC 106 PPT-06
 
PC 106 PPT-05
PC 106 PPT-05PC 106 PPT-05
PC 106 PPT-05
 
PC 106 Slide 04
PC 106 Slide 04PC 106 Slide 04
PC 106 Slide 04
 
PC 106 Slide no.02
PC 106 Slide no.02PC 106 Slide no.02
PC 106 Slide no.02
 
pc-106-slide-3
pc-106-slide-3pc-106-slide-3
pc-106-slide-3
 
PC 106 Slide 2
PC 106 Slide 2PC 106 Slide 2
PC 106 Slide 2
 
PC 106 Slide 1.pptx
PC 106 Slide 1.pptxPC 106 Slide 1.pptx
PC 106 Slide 1.pptx
 
Db2 characteristics of db ms
Db2 characteristics of db msDb2 characteristics of db ms
Db2 characteristics of db ms
 
Db1 introduction
Db1 introductionDb1 introduction
Db1 introduction
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 
Lesson 3.1
Lesson 3.1Lesson 3.1
Lesson 3.1
 
Lesson 1.6
Lesson 1.6Lesson 1.6
Lesson 1.6
 
Lesson 3.2
Lesson 3.2Lesson 3.2
Lesson 3.2
 

Recently uploaded

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingTechSoup
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdfQucHHunhnh
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingTeacherCyreneCayanan
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxheathfieldcps1
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...EduSkills OECD
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3JemimahLaneBuaron
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...PsychoTech Services
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfAyushMahapatra5
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajanpragatimahajan3
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphThiyagu K
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfagholdier
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024Janet Corral
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 

Recently uploaded (20)

Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
Grant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy ConsultingGrant Readiness 101 TechSoup and Remy Consulting
Grant Readiness 101 TechSoup and Remy Consulting
 
1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf1029 - Danh muc Sach Giao Khoa 10 . pdf
1029 - Danh muc Sach Giao Khoa 10 . pdf
 
fourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writingfourth grading exam for kindergarten in writing
fourth grading exam for kindergarten in writing
 
The basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptxThe basics of sentences session 2pptx copy.pptx
The basics of sentences session 2pptx copy.pptx
 
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
Presentation by Andreas Schleicher Tackling the School Absenteeism Crisis 30 ...
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3Q4-W6-Restating Informational Text Grade 3
Q4-W6-Restating Informational Text Grade 3
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
IGNOU MSCCFT and PGDCFT Exam Question Pattern: MCFT003 Counselling and Family...
 
Class 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdfClass 11th Physics NEET formula sheet pdf
Class 11th Physics NEET formula sheet pdf
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
social pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajansocial pharmacy d-pharm 1st year by Pragati K. Mahajan
social pharmacy d-pharm 1st year by Pragati K. Mahajan
 
Z Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot GraphZ Score,T Score, Percential Rank and Box Plot Graph
Z Score,T Score, Percential Rank and Box Plot Graph
 
Holdier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdfHoldier Curriculum Vitae (April 2024).pdf
Holdier Curriculum Vitae (April 2024).pdf
 
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
General AI for Medical Educators April 2024
General AI for Medical Educators April 2024General AI for Medical Educators April 2024
General AI for Medical Educators April 2024
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 

Lesson 1

  • 1. Principles of Information Security, Fifth Edition Chapter 10 Implementing Information Security Lesson 1 – Implementation Phase
  • 2. Learning Objectives • Upon completion of this material, you should be able to: – Explain how an organization’s information security blueprint becomes a project plan – Discuss the many organizational considerations that a project plan must address – Explain the significance of the project manager’s role in the success of an information security project – Describe the need for professional project management for complex projects Principles of Information Security, Fifth Edition 2
  • 3. Learning Objectives (cont’d) – Describe technical strategies and models for implementing a project plan – List and discuss the nontechnical problems that organizations face in times of rapid change Principles of Information Security, Fifth Edition 3
  • 4. Introduction • SecSDLC implementation phase is accomplished by changing the configuration and operation of an organization’s information systems. • Implementation includes changes to: – Procedures (through policy) – People (through training) – Hardware (through firewalls) – Software (through encryption) – Data (through classification) • Organization translates blueprint for information security into a project plan. Principles of Information Security, Fifth Edition 4
  • 5. Information Security Project Management • Project plan must address project leadership, managerial/technical/budgetary considerations, and organizational resistance to change. • Major steps in executing a project plan are: – Planning the project – Supervising tasks and action steps – Wrapping up • Each organization must determine its own project management methodology for IT and information security projects. Principles of Information Security, Fifth Edition 5
  • 6. Developing the Project Plan • Creation of a project plan can be done using work breakdown structure (WBS). • Major project tasks in WBS are: – Work to be accomplished – Assignees – Start and end dates – Amount of effort required – Estimated capital and noncapital expenses – Identification of dependencies between/among tasks • Each major WBS task is further divided into smaller tasks or specific action steps. Principles of Information Security, Fifth Edition 6
  • 7. Principles of Information Security, Fifth Edition 7
  • 8. Project Planning Considerations • As project plan is developed, adding detail is not always straightforward. • Special considerations include financial, priority, time and schedule, staff, procurement, organizational feasibility, training and indoctrination, and scope. Principles of Information Security, Fifth Edition 8
  • 9. Project Planning Considerations (cont’d) • Financial considerations – Regardless of existing information security needs, the amount of effort that can be expended depends on available funds. – Cost-benefit analysis must be reviewed and verified prior to the development of a project plan. – Both public and private organizations have budgetary constraints, though of a different nature. – To justify an amount budgeted for a security project at either public or for-profit organizations, it may be useful to benchmark expenses of similar organizations. Principles of Information Security, Fifth Edition 9
  • 10. Project Planning Considerations (cont’d) • Priority considerations – In general, the most important information security controls should be scheduled first. – Implementation of controls is guided by prioritization of threats and value of threatened information assets. Principles of Information Security, Fifth Edition 10
  • 11. Project Planning Considerations (cont’d) • Time and scheduling considerations – Time impacts project plans at dozens of points, including: • Time to order, receive, install, and configure security control • Time to train the users • Time to realize control’s return on investment Principles of Information Security, Fifth Edition 11
  • 12. Project Planning Considerations (cont’d) • Staffing considerations – Need for qualified, trained, and available personnel constrains project plan – Experienced staff is often needed to implement technologies and develop and implement policies and training programs. • Procurement considerations – Often constraints on the selection of equipment/services • Some organizations require use of particular service vendors/manufacturers/suppliers. – These constraints may limit which technologies can be acquired. Principles of Information Security, Fifth Edition 12
  • 13. Project Planning Considerations (cont’d) • Organizational feasibility considerations – Changes should be transparent to system users unless the new technology is intended to change procedures (e.g., requiring additional authentication or verification). – Successful project requires that organization be able to assimilate proposed changes. – New technologies sometimes require new policies, employee training, and education. Principles of Information Security, Fifth Edition 13
  • 14. Project Planning Considerations (cont’d) • Training and indoctrination considerations – Size of organization and normal conduct of business may preclude a large training program for new security procedures/technologies. – If so, the organization should conduct phased-in or pilot implementation. Principles of Information Security, Fifth Edition 14
  • 15. Project Planning Considerations (cont’d) • Scope considerations – Project scope: description of project’s features, capabilities, functions, and quality level, used as the basis of a project plan – Organizations should implement large information security projects in stages. Principles of Information Security, Fifth Edition 15