Learning Unit 10: Implementing Information Security

Descrição

Upon completion of this material you should be able to: Understand how the organization’s security blueprint becomes a project plan Identify the main components of a project using the work breakdown structure (WBS) method Grasp the significant role and importance of the project manager in the success of an information security project Understand the need for professional project management for complex projects
malzsoj@gmail.com
FlashCards por malzsoj@gmail.com, atualizado more than 1 year ago
malzsoj@gmail.com
Criado por malzsoj@gmail.com mais de 9 anos atrás
44
0

Resumo de Recurso

Questão Responda
how is SecSDLC implementation phase is accomplished ? through changing configuration and operation of organization’s information systems
name the 5 Implementation changes *Procedures (through policy) *People (through training) *Hardware (through firewalls) *Software (through encryption) *Data (through classification)
Name 3 Major steps in executing project plan ? *Planning the project *Supervising tasks and action steps *Wrapping up
Name 6 Major project tasks in WBS *Work to be accomplished *Assignees *Start and end dates *Amount of effort required *Estimated capital and noncapital expenses *Identification of dependencies between/among tasks
WBS Example
Name 3 Time impacts in the development of a project plan? *Time to order, receive, install, and configure security control *Time to train the users *Time to realize return on investment of control
Project scope: concerns boundaries of time and effort-hours needed to deliver planned features and quality level of project deliverables
what does Project management require? a unique set of skills and thorough understanding of a broad body of specialized knowledge
The Bull’s-Eye Model
2 Steps that can be taken to make organizations more amenable to change are *Reducing resistance to change from beginning of planning process *Develop culture that supports change
Tiered Risk Management Framework
Security Control Allocation
Accreditation: what authorizes an IT system to process, store, or transmit information.
Bull’s-eye method: requires that issues be addressed from the general to the specific, and that the focus be on systematic solutions instead of individual problems.
Certification: “the comprehensive evaluation of the technical and nontechnical security controls of an IT system to support the accreditation process that establishes the extent to which a particular design and implementation meets a set of specified security requirements.”
Change control: how medium- and large-sized organizations deal with the impact of technical change on the operation of the organization.
Cost benefit analysis (CBA): determines the impact that a specific technology or approach can have on the organization’s information assets and what it may cost.
Direct changeover: involves stopping the old method and beginning the new.
Joint application development: getting key representatives from user groups to serve as members of the SecSDLC development process.
Milestone: a specific point in the project plan when a task that has a noticeable impact on the progress of the project plan is complete.
Negative feedback loop (cybernetic loop): ensures that progress is measured periodically.
Parallel operations: involves running the new methods alongside the old methods.
Phased implementation: the most common conversion strategy and involves a measured rollout of the planned system, with a part of the whole being brought out and disseminated across an organization before the next piece is implemented.
Pilot implementation: the entire security system is put in place in a single office, department, or division, and issues that arise are dealt with before expanding to the rest of the organization.
Predecessors: tasks or action steps that come before the specific task at hand.
Project plan: instructs the individuals who are executing the implementation phase.
Project wrap-up: usually handled as a procedural task and assigned to a mid-level IT or information security manager.
Projectitis: when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than in accomplishing meaningful project work.
Request for proposal (RFP): a specification document suitable for distribution to vendors.
Successors: tasks or action steps that come after the task at hand.
Technology governance: a complex process that organizations use to manage the affects and costs of technology implementation, innovation, and obsolescence; guides how frequently technical systems are updated and how technical updates are approved and funded.
Work breakdown structure (WBS): simple planning tool.

Semelhante

Questões - Lei 8112/90
Lucas Ávila
Assistência de Enfermagem
Caíque Jordan
Temas mais cobrados em Física
Marina Faria
ORTOGRAFIA - emprego das letras
GoConqr suporte .
Direito ambiental
GoConqr suporte .
Mitose
Igor -
Idade Média
Duda moschen
EA-HSG-2008 Questões achadas no app QUIZADA na playstore
carloshenriquetorrez .
HISTÓRIA DA EDUCAÇÃO
Luciana Amaral Pereira Freire
Tutorial de Mapas Mentais em GoConqr
Lilian Arruda