Introduction

We often think of quality as something to check for in workmanship (e.g., whether a chair or a car is well-made). Quality in software projects is also easy to spot. A program that has few bugs and works as advertised is considered a higher quality product than one that keeps crashing or one that generates errors. When we think of Information Technology (IT) security, we typically think of secure versus vulnerable, protected versus unprotected, and safe versus at-risk. None of these really evoke thoughts of quality, but if you think about what will make a network secure, protected, and safe, it is the quality of several processes.

How well you perform your risk assessment will result in how well-protected your network ultimately is. How well you delineate the steps necessary to harden your servers or your network infrastructure ultimately leads to how secure your network is. Quality should be at the forefront of your mind as you define, organize, plan, and manage your IT security project plans. In this chapter, we look at some of the elements you should address in your IT security project plans.

Quality and security have a lot of common traits. Just as with quality, security is difficult to quantify or recognize, because the measure of its success is the absence of failure. Much like insurance, you never want to have to use it, but unlike insurance, if you have your security systems in place, the expectation is zero failure, not 98 percent success. The...