TABLE OF CONTENTS All projects require organization before they can be fully planned and implemented. This chapter looks at some of the most common methods used for organizing Information Technology (IT) security project plans. Once the organizing phase for the corporate IT security plan is complete, we will begin identifying the details of the project.
Project planning and management are iterative processes. This chapter steps through the numerous processes that are part of organizing an IT security project plan. However, that being said, you may not be able to clearly articulate some of these elements until you have done additional work (e.g., you cannot clearly define all of your IT security project requirements until you have performed a network risk assessment or thorough audit). Sometimes in the planning phase, you cannot define certain elements until you have gone a few steps further in the process. If there are elements you cannot define, create a placeholder and go back to them when you have more detail. Also, you may need to complete one or more individual security area project plans before you can finalize your overall corporate IT security plan.
There are often two distinct groups within a project team: one helps with the definition phase and the other one implements the project. Typically, the definition phase of an IT project requires outside input, which is where many IT projects start to go bad. A lot of these phases are planned in the back of the server...
