plz like and review

1. Information security project
management

2. Introduction:
• SecSDLC implementation phase is accomplished
through changing configuration and operation of
organization’s information systems
• Implementation includes changes to procedures,
people, hardware, software, and data
• Organization translates blueprint for information
security into a concrete project plan

3. Overview:
• The Trustworthy Computing Security
Development Lifecycle provides an example of
a pragmatic way to incorporate security into
development.
• The objective of the SDL is not to overhaul an
existing process totally but to add well-
defined security checkpoints and security
deliverables.

4. Objectives:
• Understand the definition of information security
•
• Comprehend the history of computer security and how it
evolved into information security
•
• Understand the key terms and concepts of information
security
•
• Outline the phases of the security systems development life
cycle
•
• Understand the roles of professionals involved in information
security within an organization
•

5. Information Security Project
Management
• Once organization’s vision and objectives are
understood, process for creating project plan can be
defined
• Major steps in executing project plan are:
Planning the project
Supervising tasks and action steps
Wrapping up
• Each organization must determine its own project
management methodology for IT and information
security projects

6. What is Security:
• The quality or state of being secure--to be free from
danger”
• To be protected from adversaries
• A successful organization should have multiple
layers of security in place:
Physical security
Personal security
Operations security

7. Project managers need:
• requirements and scope
• the technical plan
• resources
• estimates
• project and product risks

8. What is Information Security:
• Information security is designed to protect the
confidentially, integrity, availability of malicious
intentions.
• Information security in today’s enterprise is a “well-
informed sense of assurance that the information risks
and controls are in balance
• The protection of information and its critical elements,
including systems and hardware that use, store, and
transmit that information
•
• Necessary tools: policy, awareness, training, education,
technology
•

9. Components of an Information
System:
• To fully understand the importance of information
security, you need to know the elements of an
information system
• An Information System (IS) is much more than
computer hardware; it is the entire set of software,
hardware, data, people, and procedures necessary
to use information as a resource in the organization

10. Balancing Security and Access:
• It is impossible to obtain perfect security - it is not
an absolute; it is a process
• Security should be considered a balance between
protection and availability
• To achieve balance, the level of security must allow
reasonable access, yet protect against threats

11. Bottom Up Approach
• Security from a grass-roots effort - systems
administrators attempt to improve the security of
their systems
• Key advantage - technical expertise of the individual
administrators
• Seldom works, as it lacks a number of critical
features:
• participant support
• organizational staying power

12. Top-down Approach:
• Initiated by upper management:
• issue policy, procedures, and processes
• determine who is accountable for each of the
required actions
• This approach has strong upper management
support, a dedicated champion, dedicated funding,
clear planning, and the chance to influence
organizational culture
• May also involve a formal development strategy
• referred to as a systems development life cycle
Most successful top-down approach

13. Project management
• Application of knowledge, skills, tools, and
techniques to project activities to meet project
requirements
• Project management is accomplished through use
of processes such as: initiating, planning, executing,
controlling, and closing
• Benefits for project management:
– Implementation of a methodology
– Improved planning
– Less ambiguity about roles
– Simplify project monitoring
– Early identification of deviations in quality, time,budget

14. The Need for Project Management
• Project management requires a unique set of skills
and thorough understanding of a broad body of
specialized knowledge
•
• Most information security projects require a trained
project manager (a CISO) or skilled IT manager
versed in project management techniques

15. Developing the Project Plan
• Creation of project plan can be done using work
breakdown structure (WBS)
• Major project tasks in WBS are work to be
accomplished; individuals assigned; start and end
dates; amount of effort required; estimated capital
and noncapital expenses; and identification of
dependencies between/among tasks
• Process of integrating all project elements into
cohesive plan with goal of completing project
within allotted work time using no more than
allotted project resources

16. Project planning steps
• Project Planning Considerations
• Financial Considerations
• Priority Considerations
• Time and Scheduling Considerations
• Staffing Considerations
• Procurement Considerations
• Organizational Feasibility Considerations
• Training and Indoctrination Considerations
• Scope Considerations