1. What is a project plan? Project plan: The project plan instructs the individuals who are executing the implementation phase. These instructions focus on the security control changes that are needed to improve the security of the hardware, software, procedures, data, and people that make up the organization’s information systems. The project plan as a whole must describe how to acquire and implement the needed security controls and create a setting in which those controls achieve the desired outcomes. List what a project plan can accomplish. n general, the implementation phase is accomplished by changing the configuration and operation of the organization’s information information systems to make them more secure. t includes changes to the following! "rocedures #for example, through policy$, "eople #for example, through training$, %ardware #for example, through firewalls$, &oftware #for example, through encryption$, and 'ata #for example, through classification$ (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals &ecurity. Principals Of Information Security, Security, 4th Edition. Edition. /ourse&mart0/engage 1earning, 2345. (eb. 46 )ay 2347. /hapter 43 "age 587 2. What is the value of a statement of vision and objectives? 9efore developing a project plan, however, management should coordinate the organization’s information security vision and objectives with objectives with the communities of interest involved in the execution of the plan. This type of coordination ensures that only controls that add value to the organization’s information security program are incorporated into the project plan. Why is it needed before a project plan is developed? f a statement of the vision and objectives for the organization’s security program does not exist, one must be developed and incorporated into the project plan. The vision statement should be concise. t should state the mission of the information security program and its objectives. n other words, the project plan is built up on the vision statement, which serves as a c ompass for guiding the changes necessary for the implementation phase. The components of the project plan should never conflict with the organization’s vision and objectives. (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals &ecurity. Principals Of Information Security, Security, 4th Edition. Edition. /ourse&mart0/engage 1earning, 2345. (eb. (eb. 46 )ay 2347. /hapter 43 "age 587 cons traints to project plan implementation are noted in the chapter? )onetary 3. What categories of constraints constraints, budgetary constraints, constraints on the equipment and services selection processes, procurement constraints. Explain each of them. Monetary constraints: determine what can #and cannot$ be accomplished. "rivate #for:profit$ organizations have budgetary constraints that are determined by the marketplace. There are often constraints on the equipment and services selection processes ;for example, some organizations require the use of particular service vendors or manufacturers and suppliers. Procurement constraints , designed to control losses from occasional abuses, may actually inc rease costs when the lack of operating ope rating agility is taken into consideration. (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals Of Information Security, Security, 4th Edition. Edition. /ourse&mart0/engage 1earning, 2345. (eb. 46 )ay 2347. /hapter 43 "ages 554:552
4. List and describe the three major steps in executing the project plan. The major steps in executing the project plan are as follows! Planning follows! Planning the project , Supervising tasks and action steps, steps, and Wrapping up. up. "roject "lanning /onsiderations!
5. What is a work breakdown structure (W!"? The project plan can be created using a simple planning tool such as the work breakdown structure #(9&$. To use the (9& approach, you first break down the project p lan into its major tasks. The major project tasks are placed into the (9&, along with the following attributes for each! Work to be accomplished #activities and deliverables$, #ndividuals #or skill set$ assigned to perform the task, !tart and end dates for the task #when known$, $mount of effort re%uired for completion in hours or ork days, Estimated capital expenses for the task, Estimated noncapital expenses for the task, and #dentification of dependencies beteen and among tasks! #s it the only way to organi&e a project plan? Project Planning ith Post!"t #otes: f you have a whiteboard, a stack of sticky notes and some markers, you have the basis for an abundance of project planning tools. 1earn how these humble squares of paper can help your project be a success. 'o you really need elaborate software to plan a project effectively and efficiently= >f course, access to one or two professional tools and methods can definitely help, but sometimes keeping it simple is the way to go. n fact, you might have a few rudimentary implements within reach that you can use to start ?and even complete;the planning you need to successfully begin and accomplish your project. That little pad of sticky notes on your desk could be just the visualization tool you need. (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals Of Information Security, 4th Edition. /ourse&mart0/engage 1earning, 2345. (eb. 46 )ay 2347. /hapter 43 "age 58@ Aoss, Tricia. "roject "lanning (ith &ticky -otes! Tips for ")s on an *asy "roject )anagement Tool. "righthub Project #anagement . *d. /arly &tockwell. B 2347 9righthubpm.com :
planning progresses, however, the specific tasks and action steps can and should be assigned to individuals. or example, when only the manager of the networks group can evaluate the responses to the C" and make an award for a contract, the project planner should identify the network manager as the resource assigned to this task. What are the two types? Cealistically, most information security projects require a trained project manager ;a /&> or a skilled T manager who is trained in project management techniques. *ven experienced project managers are advised to seek expert assistance when engaging in a formal bidding process to select advanced or integrated technologies or outsourced services. (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals Of Information Security, 4th Edition. /ourse&mart0/engage 1earning, 2345. (eb. 46 )ay 2347. /hapter 43 "age 586:558 11. Why is it a good practice to delay naming specific individuals as resources early in the planning process?
The naming of individuals should be avoided in the early planning efforts. nstead of assigning individuals, the project plan should focus on organizational roles or known skill sets. or example, if any of the engineers in the networks group can write the specifications for a router, the assigned resource would be noted as Dnetwork engineerE on the (9&.
13. Why is it good practice to assign start and end dates sparingly in the early stages of project planning?
*ven when an organization has formal governance, technical review processes, and change control procedures, it is always good practice to ask the people who are most familiar with the tasks or with similar tasks to make these estimates.
15. Within project management) what is a dependency? Task 'ependencies! "lanners should note wherever possible the dependencies of other tasks or action steps on the task or action step at hand. What is a predecessor? Tasks or action steps that come before the specific task at hand are called predecessors. What is a successor?
1'. What is technology governance? Technology governance, a complex process that organizations use to manage the effects and costs of technology implementation, innova tion, and obsolescence, guides how frequently technical systems are updated and how technical updates are approved and funded. Technology governance also facilitates communication about technical advances and issues across the organization. What is change control? )edium: and large:sized organizations deal with the impact of technical change on the operation of the organization through a change control process. 'ow are they related? 9y managing the process of change, the organization can do the following! mprove communication about change across the organization, *nhance coordination between groups within the organization as change is scheduled, and completed, Ceduce unintended consequences by having a process to resolve conflict and disruption that change can introduce mprove quality of service as po tential failures are eliminated and groups work together rganization standard &> 26334 and 26332, discussed in /hapter 7. Cecall that the standards were originally created to provide a foundation for 9ritish certification of information security management systems #&)&$. >rganizations wishing to demonstrate their systems have met this international standard must follow the certification process. (hitman, )ichael *., and %erbert +. )attford. The -eed or &ecurity. Principals Of Information Security, 4th Edition. /ourse&mart0/engage 1earning, 2345. (eb. 46 )ay 2347. /hapter 43 "ages 574:5@8