Learning Unit 10: Implementing Information Security

Descripción

Upon completion of this material you should be able to: Understand how the organization’s security blueprint becomes a project plan Identify the main components of a project using the work breakdown structure (WBS) method Grasp the significant role and importance of the project manager in the success of an information security project Understand the need for professional project management for complex projects
malzsoj@gmail.com
Fichas por malzsoj@gmail.com, actualizado hace más de 1 año
malzsoj@gmail.com
Creado por malzsoj@gmail.com hace más de 9 años
44
0

Resumen del Recurso

Pregunta Respuesta
how is SecSDLC implementation phase is accomplished ? through changing configuration and operation of organization’s information systems
name the 5 Implementation changes *Procedures (through policy) *People (through training) *Hardware (through firewalls) *Software (through encryption) *Data (through classification)
Name 3 Major steps in executing project plan ? *Planning the project *Supervising tasks and action steps *Wrapping up
Name 6 Major project tasks in WBS *Work to be accomplished *Assignees *Start and end dates *Amount of effort required *Estimated capital and noncapital expenses *Identification of dependencies between/among tasks
WBS Example
Name 3 Time impacts in the development of a project plan? *Time to order, receive, install, and configure security control *Time to train the users *Time to realize return on investment of control
Project scope: concerns boundaries of time and effort-hours needed to deliver planned features and quality level of project deliverables
what does Project management require? a unique set of skills and thorough understanding of a broad body of specialized knowledge
The Bull’s-Eye Model
2 Steps that can be taken to make organizations more amenable to change are *Reducing resistance to change from beginning of planning process *Develop culture that supports change
Tiered Risk Management Framework
Security Control Allocation
Accreditation: what authorizes an IT system to process, store, or transmit information.
Bull’s-eye method: requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.
Certification: “the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.”
Change control: how medium- and large-sized organizations deal with the impact of technical change on the operation of the organization.
Cost benefit analysis (CBA): determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost.
Direct changeover: involves stopping the old method and beginning the new.
Joint application development: getting key representatives from user groups to serve as members of the SecSDLC development process.
Milestone: a specific point in the project plan when a task that has a noticeable impact on the progress of the project plan is complete.
Negative feedback loop (cybernetic loop): ensures that progress is measured periodically.
Parallel operations: involves running the new methods alongside the old methods.
Phased implementation: the most common conversion strategy and involves a measured rollout of the planned system, with a part of the whole being brought out and disseminated across an organization before the next piece is implemented.
Pilot implementation: the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.
Predecessors: tasks or action steps that come before the specific task at hand.
Project plan: instructs the individuals who are executing the implementation phase.
Project wrap-up: usually handled as a procedural task and assigned to a mid-level IT or information security manager.
Projectitis: when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work.
Request for proposal (RFP): a specification document suitable for distribution to vendors.
Successors: tasks or action steps that come after the task at hand.
Technology governance: a complex process that organizations use to manage the affects and costs of technology implementation, innovation, and obsolescence; guides how frequently technical systems are updated and how technical updates are approved and funded.
Work breakdown structure (WBS): simple planning tool.
Mostrar resumen completo Ocultar resumen completo

Similar

Ciudades Europeas. Nivel 1
Diego Santos
Integrales Indefinidas
Rupert012
Práctica de Biología para la Prepa 2
Raúl Fox
Leyes de Mendel
crisferroeldeluna
Test Ortografía
Omar Vazquez Flores
Fechas Clave del Franquismo
ausalgu
Marketing Digital
Diego Santos
Estructura del Estado Colombiano
Omar N. Grisales
FÓRMULAS Geométricas...
Ulises Yo
MAPA MENTAL TRASTORNO DE LA PERSONALIDAD
EIRA CEGARRA SANGUINO
EL IMPERIALISMO
andrea acosta