WD
Uploaded byWilliam Dunbar
PPTX, PDF129 views

Security as a foundation

The document outlines a planning model for projects consisting of three phases - Plan, Develop, and Execute. It then provides examples of how to apply this model to both a general project and a specific project involving developing fundraising software. The planning model emphasizes establishing clear intent, requirements, timelines, and risk analysis in the Plan phase. It stresses mapping out the intent, gathering resources, and creating a written strategy in the Develop phase. Finally, it notes the importance of adhering to the plan while allowing for adaptation, and debriefing after project execution in the Execute phase. Applying this model and prioritizing security from the beginning is positioned as a foundation for success.

Technology
Related topics:
Information Security

Embed presentation

Download to read offline
SECURITY AS A FOUNDATION How to apply security in everything you do Designed by William Dunbar
THE PLANNING MODEL Plan •What’s the intent? •What’s required? •What’s the timeline? •Risk analysis Develop •Map out intent •Gather resources •Written strategy / policy / plan Execute •Words into actions •Adhere to plan •Adapt and amend •Debrief / How did it go?
PLANNING MODEL EXPLAINED Every project goes through a process of completion, whether it be organized or not. You can justify every project as having been through one part of each phase of planning; Plan, Develop, Execute. Planning any project can greatly increase the success rate and ensure a smooth process that promotes cohesion, good practices, and good decision making Poorly planned projects may fail, exceed budget, produce sub par results, or become a burden to maintenance.
PLAN Plan • What’s the intent? • What’s required? • What’s the timeline? • Risk analysis The “Plan” phase is the first step to any project. This phase can be verbal or written but typically includes everyone who intend on working on the project. During the plan phase the intent of the project should be made clear. If you are unsure of why a project exists then steering it in a desired direction becomes difficult and makes it harder for team to stand behind a project. The requirements and what is required are different but equally as important. The requirements are functions, objects, policies and standards that a project has or meets to be considered complete according to the original intent. What is required are resources such as budget, man power, and necessities needed to complete the project to standard. The timeline is important because it often decides the priority of events completed. Clear and reasonable dates should be set for deliverables of a project to know if a project is on time or not. Timelines are adjustable and are best put in a visual representation using a story board or Microsoft Project. A risk analysis is very often overlooked but is imperative. A risk analysis is a collection of identified risks and the controls that will be in place to mitigate these risks. A risk analysis is a recurring cycle and can be implemented
DEVELOP Develop • Map out intent • Gather resources • Written strategy / policy / plan Resource gathering is exactly what is sounds like. Part of project development is gathering up your materials and do a pre inspection to ensure everything is accounted for before beginning the execution of the created plan. The plan at this point should be written out and available to those creating the project to ensure everyone is on the same page. The intent of the project was discussed in the Plan phase. In the develop phase the intent should be mapped out, meaning take the overall intent and show what effect it may have. This can be graphic based or written out in an outline. Example: The overall intent is to create a revolutionary campaign software. The software will allow smaller non-profits, charitable associations, and chambers to effectively generate revenue based campaigns. The develop phase should not be confused with development in the sense of programming. This planning model can be applied to programming projects however actual coding does not always occur.
EXECUTE Execute • Words into actions • Adhere to plan • Adapt and amend • Debrief / How did it go? Executing a plan may be one of the most complex aspects of a project, depending on what it is. Imagine you have a Dev team of 100 people managed by 1 senior developer. After the pre planning everyone begins creating their assigned modules, without the senior developer facilitating the communication do you think all the modules will work instantly when integrated? Not likely. The key to a successful execution is adhering to the plan, to include the policies and procedures put in place during the previous phases. There is one part called adapt and amend, meaning if something can not work or there is a change in plan deploy a solution and amend the policy. Imagine going through the whole project and after the project is in place nobody talked about it. The next project that comes up you would be more likely to make the same mistakes as you did on a previous project if you do not talk to the project members about how the project went. Input from each member is invaluable and contributes greatly on the success of your next project.
SECURITY AND THE PLANNING MODEL What does the planning model have to do with security being the foundation of anything you do? The planning model can be used for anything you do so if we made security the first thing you plan for, does that count? Take a look at this process that I created for myself and apply to every project, mission, or intent I embark on. Security • Plan • Develop • Execute Project • Plan • Develop • Execute Maintain • Plan • Develop • Execute
SECURITY PLANIn order to make security a foundation you only need to know what the intent of your project is and how it will be put into place. For example, if you are planning a customer facing support system then it should be web driven and the security plan should reflect the risks associated to this. The security plan should also contain the do’s and don’ts that should be adhered to during the project planning phase, such as do not disclose this information outside a specific work area, do incorporate training, and so on. What is the intent? How will it be delivered? What are the risks? How can it be secured from start to finish?
PUTTING IT ALL TOGETHER Learning a new approach can be confusing but remember, models show a general perspective and a good model can be adapted by providing merely a means to see the overall layout and not be a standard for all projects. Project leaders write standards not models but models can be a tool to get a 360 view of an intent and not the 180 view provided by poor planning. So let’s look at an example intent or project and using our planning model create a diagram what could be used to brief a real project team learning of a project for the first time. Scenario: You are part of a fundraising team who wishes to create a software that goes beyond what is currently available in the market today. The software will be web driven and have an admin dashboard to manage it all. The overall intent is to develop fundraising software that delivers a new experience that can take non-profits, charitable associations, and chambers to the next level. How can this be briefed or pitched to a new team?
PROJECT: NEW LEVEL FUNDRAISING Deliver a web based product to allow next level managed fundraising. Plan •Risks of web based software? •Users intent? •Admin account ability? •Database interaction? Develop •Designate roles and capabilities of users •Password requirements outlined •Acquire an IDS Execute •All outlines will be written as a standard procedure and adhered to during the software development phase Security Project Plan •Features? •Team roles? •Programming language? •Beta or release date? •Obstacles / risks? Develop •Develop workstations •Setup testing environment •Install / configure IDS Execute •Begin module creation / testing •Weekly team reports delivered to lead •Beta test to public Plan •Update intervals? •Method of delivery? •Down time? •Obstacles / risks? Develop •Change management policy outline •Create the scripts or configure mechanism Execute •Execute the scripts as prescribed by the guidelines created in the security phase Maintain
SUMMARY The information provided is a foundation and again is not a standard. You can use any visual aide you deem necessary but the point is to really look at a project for more than its face value. The most important thing I could say is years of planning is meaningless if the plan is never adhered to. There will be more presentations about projects and how they can be secured in the future, to include a composite risk assessment / analysis which is more in- depth than some would like to believe. Check me out at: Linkedin.com/in/WilliamKDunbar

More Related Content

PPTX
Top Ten Reasons For Project Failure - PMP Webinar
byWhizlabs
 
PPT
Projectmanagement Refresher for Trainees
bySiep Littooij
 
PPTX
10 tips to avoid a project failure
bygianarosetti
 
PDF
Web 2.0 Tools For Project Management
byDouglas Tokuno
 
PDF
Project Management: Your Guide in Acing the Project
byOrchestrate Mortgage and Title Solutions, LLC
 
PDF
Project Management Best Practices: Brock Boddie/General Assembly
byGeneral Assembly
 
PPTX
Managing Multiple Projects: 5 Most Common Mistakes and Strategies to Resolve ...
bydevans00
 
PDF
Do You Hear Me Now?
byMichael Kaplan
 
Top Ten Reasons For Project Failure - PMP Webinar
byWhizlabs
 
Projectmanagement Refresher for Trainees
bySiep Littooij
 
10 tips to avoid a project failure
bygianarosetti
 
Web 2.0 Tools For Project Management
byDouglas Tokuno
 
Project Management: Your Guide in Acing the Project
byOrchestrate Mortgage and Title Solutions, LLC
 
Project Management Best Practices: Brock Boddie/General Assembly
byGeneral Assembly
 
Managing Multiple Projects: 5 Most Common Mistakes and Strategies to Resolve ...
bydevans00
 
Do You Hear Me Now?
byMichael Kaplan
 

What's hot

PDF
Program and Change Management
byJohn Carter
 
PDF
10 Project Management Mistakes
byOrangescrum
 
PDF
How to manage project deadlines in 2021
byOrangescrum
 
PPT
Identifying a project in trouble and re-planning
bymfarbstein
 
PDF
10 Classic Website Blunders
byDesignHammer
 
PPTX
Tatiana Gaidamaka: Paradigm shift. From Project Manager to Program Manager
byLviv Startup Club
 
PDF
Applying the checklist manifesto for project management success
byGlen Alleman
 
PDF
Simple & Practical Project Management for Digital Marketing Teams
byDigitangle
 
PDF
Why Projects Fail: Obstacles and Solutions
byMichael Krigsman
 
PDF
Managing your projects effectively in a shared resource environment
byStephen Hightower
 
PPTX
assingnment 56
byBhas Karan
 
PDF
M23_Construction Risk ebook
byKanchana Bishop
 
PPTX
Project management - Basics for all
bySurgyy Design
 
PPTX
Project management - a practical overview Sue Greener
bySue Greener
 
PDF
Communicator’s Pivotal Role in Project Management
byGreg Trexler
 
PPTX
Project management 101
byDavid Brown
 
PDF
Agile based project management
byWGroup
 
PPT
12 Step Program and 12 Reasons why PRojects Fail
byellefsonj
 
PPT
Top Ten Obstacles To Project Success
byLou Gasco
 
PDF
Project Planning: How to Achieve the Impossible
byMindGenius
 
Program and Change Management
byJohn Carter
 
10 Project Management Mistakes
byOrangescrum
 
How to manage project deadlines in 2021
byOrangescrum
 
Identifying a project in trouble and re-planning
bymfarbstein
 
10 Classic Website Blunders
byDesignHammer
 
Tatiana Gaidamaka: Paradigm shift. From Project Manager to Program Manager
byLviv Startup Club
 
Applying the checklist manifesto for project management success
byGlen Alleman
 
Simple & Practical Project Management for Digital Marketing Teams
byDigitangle
 
Why Projects Fail: Obstacles and Solutions
byMichael Krigsman
 
Managing your projects effectively in a shared resource environment
byStephen Hightower
 
assingnment 56
byBhas Karan
 
M23_Construction Risk ebook
byKanchana Bishop
 
Project management - Basics for all
bySurgyy Design
 
Project management - a practical overview Sue Greener
bySue Greener
 
Communicator’s Pivotal Role in Project Management
byGreg Trexler
 
Project management 101
byDavid Brown
 
Agile based project management
byWGroup
 
12 Step Program and 12 Reasons why PRojects Fail
byellefsonj
 
Top Ten Obstacles To Project Success
byLou Gasco
 
Project Planning: How to Achieve the Impossible
byMindGenius
 

Similar to Security as a foundation

PPTX
4 how to plan project for health universities
byseabdelbagi
 
PPT
5 project management project planning
byYasirHamour
 
PDF
Project Governance Framework Powerpoint Presentation Slides
bySlideTeam
 
PDF
Governance Model PowerPoint Presentation Slides
bySlideTeam
 
PDF
Project Governance Framework PowerPoint Presentation Slides
bySlideTeam
 
PPTX
OIT Project Management - Day 1
byeph-hr
 
PPTX
OIT Project Management - Day 1
byKevin Thomas
 
PPT
3. PAE AcFn621 Ch-3 Project Planning.ppt
byProfDrAnbalaganChinn
 
PPT
Project Management of Information Security area (Slide 1)
byNgHiAnh12
 
PPT
Project Planning.ppt
byselam49
 
PPT
Project Management
byahmad bassiouny
 
PPTX
Lec 06 planning
bySAJID ALI RUK
 
PPT
Ch5
byL&T Technology Services Limited
 
PPT
Ch5
byL&T Technology Services Limited
 
PPT
Chapitulo 5
byITSP
 
PPT
Ch5
bySaad Gabr
 
PPT
Managing the information system project
byalpha1unity
 
PPT
PROJECT MANAGEMENT
bySeif Shaame
 
PPTX
Software management...for people who just want to get stuff done
byCiff McCollum
 
PDF
Twelve Risks to Enterprise Software Projects—And What to Do about Them
byTechWell
 
4 how to plan project for health universities
byseabdelbagi
 
5 project management project planning
byYasirHamour
 
Project Governance Framework Powerpoint Presentation Slides
bySlideTeam
 
Governance Model PowerPoint Presentation Slides
bySlideTeam
 
Project Governance Framework PowerPoint Presentation Slides
bySlideTeam
 
OIT Project Management - Day 1
byeph-hr
 
OIT Project Management - Day 1
byKevin Thomas
 
3. PAE AcFn621 Ch-3 Project Planning.ppt
byProfDrAnbalaganChinn
 
Project Management of Information Security area (Slide 1)
byNgHiAnh12
 
Project Planning.ppt
byselam49
 
Project Management
byahmad bassiouny
 
Lec 06 planning
bySAJID ALI RUK
 
Ch5
byL&T Technology Services Limited
 
Ch5
byL&T Technology Services Limited
 
Chapitulo 5
byITSP
 
Ch5
bySaad Gabr
 
Managing the information system project
byalpha1unity
 
PROJECT MANAGEMENT
bySeif Shaame
 
Software management...for people who just want to get stuff done
byCiff McCollum
 
Twelve Risks to Enterprise Software Projects—And What to Do about Them
byTechWell
 

Recently uploaded

PPTX
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
PDF
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
PPTX
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
PDF
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
PDF
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
PPTX
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
PDF
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
PDF
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
PDF
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
PDF
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
PDF
threat-hunters-cookbook for cybersecurity
bylobster6719
 
PDF
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
PDF
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
PPTX
Google Cloud Platform Compute Engine Capabilities
byKrishkrish440307
 
PPT
Information and Communication Technologies and Power
byJeffrey Hart
 
PPTX
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
PPTX
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
PDF
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
PPTX
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
PPTX
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 
DATALIVA-Presentation-EN_2026 Budgeting SAP Odoo ERP
byMustafa Kuğu
 
Building Software in the AI Era: Spec-Driven Development with Kiro IDE
byHaim Michael
 
Digital transformation success powered by EPM and NexInfo.pptx
byjayasuryanexinfo
 
Top 10 API Automation Testing Tools: Features, Pros & Cons
byhenrycavill30521
 
splunk-peak-threat-hunting-framework.pdf
bylobster6719
 
Large Language Model. LLM Audit Artificial Intelligence
byMANASCHOUDHARY22
 
How to Connect HP LaserJet MFP M234dwe to WiFi
byPrinter Tales
 
Top Benefits of Using KVM VPS Hosting for Growing Businesses
byEthernet Servers
 
Xemelgo - RFID Industry Predictions for 2026
byRich Rogers
 
A Brief Introduction About Christopher Elwell Woburn
byChristopher Elwell Woburn
 
threat-hunters-cookbook for cybersecurity
bylobster6719
 
Strengthening cybern resilience for a leading indian Financial Services group
bypandeydevika621
 
Benefits of Using the IAC 500 Sensor for Ambient Conditions
byCS Instruments
 
Google Cloud Platform Compute Engine Capabilities
byKrishkrish440307
 
Information and Communication Technologies and Power
byJeffrey Hart
 
Scrape YouTube Video Data for Influencer Analytics.pptx
byWeb Data Crawler
 
Pizza Chain Market Data Scraping for Better Insights Report.pptx
byWeb Data Crawler
 
Achieving Interoperability in Healthcare IT: A Strategic Guide
byHart, Inc.
 
Cesium formate brine - A brief history - prepared by John Downs in May 2011
byJohn Downs
 
Route_Inspection_Problem_Presentation.pptx
byIqraHanif27
 

Security as a foundation

  • 1.
    SECURITY AS A FOUNDATION Howto apply security in everything you do Designed by William Dunbar
  • 2.
    THE PLANNING MODEL Plan •What’sthe intent? •What’s required? •What’s the timeline? •Risk analysis Develop •Map out intent •Gather resources •Written strategy / policy / plan Execute •Words into actions •Adhere to plan •Adapt and amend •Debrief / How did it go?
  • 3.
    PLANNING MODEL EXPLAINED Everyproject goes through a process of completion, whether it be organized or not. You can justify every project as having been through one part of each phase of planning; Plan, Develop, Execute. Planning any project can greatly increase the success rate and ensure a smooth process that promotes cohesion, good practices, and good decision making Poorly planned projects may fail, exceed budget, produce sub par results, or become a burden to maintenance.
  • 4.
    PLAN Plan • What’s theintent? • What’s required? • What’s the timeline? • Risk analysis The “Plan” phase is the first step to any project. This phase can be verbal or written but typically includes everyone who intend on working on the project. During the plan phase the intent of the project should be made clear. If you are unsure of why a project exists then steering it in a desired direction becomes difficult and makes it harder for team to stand behind a project. The requirements and what is required are different but equally as important. The requirements are functions, objects, policies and standards that a project has or meets to be considered complete according to the original intent. What is required are resources such as budget, man power, and necessities needed to complete the project to standard. The timeline is important because it often decides the priority of events completed. Clear and reasonable dates should be set for deliverables of a project to know if a project is on time or not. Timelines are adjustable and are best put in a visual representation using a story board or Microsoft Project. A risk analysis is very often overlooked but is imperative. A risk analysis is a collection of identified risks and the controls that will be in place to mitigate these risks. A risk analysis is a recurring cycle and can be implemented
  • 5.
    DEVELOP Develop • Map outintent • Gather resources • Written strategy / policy / plan Resource gathering is exactly what is sounds like. Part of project development is gathering up your materials and do a pre inspection to ensure everything is accounted for before beginning the execution of the created plan. The plan at this point should be written out and available to those creating the project to ensure everyone is on the same page. The intent of the project was discussed in the Plan phase. In the develop phase the intent should be mapped out, meaning take the overall intent and show what effect it may have. This can be graphic based or written out in an outline. Example: The overall intent is to create a revolutionary campaign software. The software will allow smaller non-profits, charitable associations, and chambers to effectively generate revenue based campaigns. The develop phase should not be confused with development in the sense of programming. This planning model can be applied to programming projects however actual coding does not always occur.
  • 6.
    EXECUTE Execute • Words intoactions • Adhere to plan • Adapt and amend • Debrief / How did it go? Executing a plan may be one of the most complex aspects of a project, depending on what it is. Imagine you have a Dev team of 100 people managed by 1 senior developer. After the pre planning everyone begins creating their assigned modules, without the senior developer facilitating the communication do you think all the modules will work instantly when integrated? Not likely. The key to a successful execution is adhering to the plan, to include the policies and procedures put in place during the previous phases. There is one part called adapt and amend, meaning if something can not work or there is a change in plan deploy a solution and amend the policy. Imagine going through the whole project and after the project is in place nobody talked about it. The next project that comes up you would be more likely to make the same mistakes as you did on a previous project if you do not talk to the project members about how the project went. Input from each member is invaluable and contributes greatly on the success of your next project.
  • 7.
    SECURITY AND THEPLANNING MODEL What does the planning model have to do with security being the foundation of anything you do? The planning model can be used for anything you do so if we made security the first thing you plan for, does that count? Take a look at this process that I created for myself and apply to every project, mission, or intent I embark on. Security • Plan • Develop • Execute Project • Plan • Develop • Execute Maintain • Plan • Develop • Execute
  • 8.
    SECURITY PLANIn orderto make security a foundation you only need to know what the intent of your project is and how it will be put into place. For example, if you are planning a customer facing support system then it should be web driven and the security plan should reflect the risks associated to this. The security plan should also contain the do’s and don’ts that should be adhered to during the project planning phase, such as do not disclose this information outside a specific work area, do incorporate training, and so on. What is the intent? How will it be delivered? What are the risks? How can it be secured from start to finish?
  • 9.
    PUTTING IT ALLTOGETHER Learning a new approach can be confusing but remember, models show a general perspective and a good model can be adapted by providing merely a means to see the overall layout and not be a standard for all projects. Project leaders write standards not models but models can be a tool to get a 360 view of an intent and not the 180 view provided by poor planning. So let’s look at an example intent or project and using our planning model create a diagram what could be used to brief a real project team learning of a project for the first time. Scenario: You are part of a fundraising team who wishes to create a software that goes beyond what is currently available in the market today. The software will be web driven and have an admin dashboard to manage it all. The overall intent is to develop fundraising software that delivers a new experience that can take non-profits, charitable associations, and chambers to the next level. How can this be briefed or pitched to a new team?
  • 10.
    PROJECT: NEW LEVELFUNDRAISING Deliver a web based product to allow next level managed fundraising. Plan •Risks of web based software? •Users intent? •Admin account ability? •Database interaction? Develop •Designate roles and capabilities of users •Password requirements outlined •Acquire an IDS Execute •All outlines will be written as a standard procedure and adhered to during the software development phase Security Project Plan •Features? •Team roles? •Programming language? •Beta or release date? •Obstacles / risks? Develop •Develop workstations •Setup testing environment •Install / configure IDS Execute •Begin module creation / testing •Weekly team reports delivered to lead •Beta test to public Plan •Update intervals? •Method of delivery? •Down time? •Obstacles / risks? Develop •Change management policy outline •Create the scripts or configure mechanism Execute •Execute the scripts as prescribed by the guidelines created in the security phase Maintain
  • 11.
    SUMMARY The information providedis a foundation and again is not a standard. You can use any visual aide you deem necessary but the point is to really look at a project for more than its face value. The most important thing I could say is years of planning is meaningless if the plan is never adhered to. There will be more presentations about projects and how they can be secured in the future, to include a composite risk assessment / analysis which is more in- depth than some would like to believe. Check me out at: Linkedin.com/in/WilliamKDunbar