TABLE OF CONTENTS This chapter discusses the initial steps for creating an Information Technology (IT) security project plan using standard project management methods. This chapter introduces the concepts you need to create both the overall corporate IT security project plan and the individual plans (ISAPs) that you ll find toward the end of this book beginning in Chapter 9. As we step through the project management elements in this chapter, we re going to keep it short and sweet because each of these elements will be repeated again in each of the security project plans included starting in Chapter 9.
The first step in developing a solid IT security project plan is to define the problem. We can easily state that the problem is that our networks are not secure or that there are assets in the organization that need to be protected from intentional and unintentional attack. Those statements are true on the macro level, meaning that these general statements apply to almost every organization (and computer) in the world. However, every company is different and every organization has its own unique set of security vulnerabilities to consider. Applying a one-size-fits-all approach to network security will simply not work.
As discussed in Chapter 1, an effective way to approach IT security is to create a corporate security plan that includes the individual focus areas of security (e.g., infrastructure, wireless). Breaking down each of the segments into smaller, individual focus areas allows you to better manage each aspect...
