Syngress IT Security Project Management Handbook

The First and Last Word on Managing IT Security Projects As the late management guru Peter Drucker once said, "Plans are only good intentions unless they immediately degenerate into hard work." The intent of this book is not to lead you through long, arduous planning processes while hackers are stealing your network out from under you. The intent is to provide you with effective network security planning tools so that you can "degenerate into hard work" as quickly as possible to keep your network secure with the least amount of effort. Rather than losing sleep at night wondering who's wandering around your network in the dark, you can create a comprehensive security solution for your company that will meet your security needs today and will allow you to address new security requirements in the future. This book is designed to help you do exactly that. Analyze the Cost of Prevention Versus Remediation How to determine if preventing a security breach is less costly than fixing it once it occurs. Identify the Right Project Management Team Determine who will be affected and make certain they are on board from the start. Monitor IT Security Project Quality Many companies must comply with specific monitoring requirements to meet industry or governmental regulations. Create a Work Breakdown Structure (WBS) Be sure that your WBS tasks are at the same level by keeping the level of detail consistent. Create Reliable Documentation Your documentation should be well defined and completed in as near real time as possible. Implement Individual Security Analysis Programs (ISAPs) Testing requires an active "push" against security areas to ensure they don't collapse. Close the Issues Log, Change Requests, and Error Reports Addressing known issues in a reasonable manner and documenting those resolutions are important elements of reducing risk. Review Legal Standards Relevant to Your Project Failure to understand the legal implications may leave your company at substantial legal risk. Walk Through a Complete Plan Includes a step-by-step security project plan for a security assessment and audit project