Scribd
Upload
207 views4 pages

Project Management in IT Security - EC Council Course

The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

Uploaded by

CSK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
207 views4 pages

Project Management in IT Security - EC Council Course

The document outlines the key components and processes involved in planning, organizing, managing and implementing an IT security project. It discusses determining requirements and objectives, setting up a project team, planning tasks and quality measures, managing risks and changes, closing the project, and defining monitoring systems. Generic security plans should include auditing processes, risk assessments, access controls and compliance with regulations. Operational security plans require incident response, policies, disaster recovery and addressing impacts of privacy laws.

Uploaded by

CSK
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Components of PMITS

 Define the project


 Determine what role network security plays
 Brainstorm various security solutions
 Determine the limitations of these solutions
 Draft a corporate security project plan
 Prepare the success metrics
 Determine the limitations of the project
 Check the business strategy and that of IT security
 Check feasibility of IT security project implementation with work culture and
policies

Organizing or initiating the IT security


project

 List the stakeholders in PMITS


 Evaluate and summarize the team development plan
 Determine the requirements specification for the IT security project
 Determine the objectives
 Determine the processes
 Check and determine the issue tracking and management systems
 Understand the approval filters and processes

Setting up the IT security project team

 Determine the PMITS team requirements


 Determine the skill set needed to execute the IT security project
 Determine the roles and responsibilities of the individual team members
 Check the reporting structure needed
 Check for the budget and policies when it comes to recruiting for the team
 Identify the limitation involved in staffing for the IT security project
 Chalk out the process of hiring (with HR)
 Determine how you will develop the IT team
Planning the IT security project

 Determine the amount and magnitude of the work to be carried out in PMITS
 Check the scope of the project defined
 Break down the activities to be conducted in smaller tasks and sub-tasks
 Put up descriptions for each task and sub-task
 Determine the quality and value adding stream and the value depreciating stream
 Check adherence to government rules and regulations
 Determine the risks, budget, schedule, and communication plans before
commencing

Managing the IT security project

 Start the project with a bang


 Determine how to calculate piece by piece of success
 Determine how to organize and present data on success
 Check for the documentation and guidelines necessary for the IT security project
 Indulge in risk management
 Determine how change management will take place with PMITS
 Determine the testing units and sessions

Implementing quality into the IT security


project

 Determine the level of quality needed by the business


 Determine the gap between current process quality and optimum or ideal process
quality
 Put in place quality metrics
 Enforce standard operational quality for the IT security project
 Put in place systems to measure and flag quality milestones
 Enforce quality control and assurance parameters
Closing the IT security project

 Determine what slates the IT security project as completed with regard to PMITS
 Brainstorm how to close or pending, open issues and requests for changes
 Prepare a closure statement and report
 Prepare for deployment/implementation of the success of the IT security project
 Handover the reins to operation managers to carry out the change implemented
 Prepare a solid compliance report

Defining a monitoring and controlling


system for the IT project implementation

 Define a continuous monitoring strategy for the project


 Clearly check for all legal adherences and feasibilities
 Understand laws pertaining to unauthorized access
 Understand penetration testing and security auditing
 Know the reasons for security breaches
 Know the factors compromising corporate IT data security
 Understand IT infrastructure security assessment
 Determine the mitigations strategies and risks involved
 Understand the Health Insurance Portability and Accountability Act 195 Sarbanes-
Oxley Act

Generalized IT security plans

Generalized IT security planning would include many generic actions that are needed as
key actions for the successful completion and implementation of the IT security project as
the PMITS. These would include the following:

 Stages of auditing
 The role that security assessment and auditing carried out during the length of
the project
 The resources that need these set of audits
 Risk assessment processes such as penetration testing and scanning for
vulnerability
 Authentication and access control
 Entries within reports to different stakeholders and executives
 Project parameters and metrics
 Work breakdown structure (WBS)
 Assessment and audit reports
 Impact analysis of the IT security project plan
 Constraints of the set project plan
 Guidelines for all processes
 Guidelines for wireless audits
 Wireless threats and solutions

Operational IT security plans

 The role of operational security assessment and auditing carried out during the
length of the project
 Set up incident reporting and response processes
 Build a response team for operational security
 Understand all regulatory issues
 Understand all operational security policies
 Determine disaster recovery processes for IT operational security
 Explain the different IT operational security parameters
 Risks and mitigation strategies to be employed
 Constraints that can hamper the operational security and assumptions that need
to be made
 Determine the impact of Health Insurance Portability and Accountability Act,
Gramm-Leach-Bliley Act, and Sarbanes-Oxley Act on IT operational security

You might also like