It s time now to plan your infrastructure security project. We ve covered a lot of detail, and now we ll try to focus it down into a project plan that you can use to secure your infrastructure. Let s start with our problem and mission (outcome) statements. Remember, this is a good time to gather your core IT project team together to help you begin defining the basic project parameters. You probably could do some (or all) of this preliminary work on your own, but there s a lot to be said for getting the core team fired up and engaged with the project from the very start. You re less likely to have gaps in the project plan if you start relying on the two heads are better theory right from the start. Here are two sample problem statements you can use to begin developing your own:

Our network infrastructure is vulnerable to attack because our security technologies have not kept pace with changes in the external environment. We currently do not have a meaningful approach to security, and all measures in place have been ad hoc or reactive. We are not confident of our level of security across the enterprise.

We recently experienced a security breach that caused a network outage for three days. We were fortunate that no sensitive data appears to have been stolen or compromised. We took remedial measures, but we are not confident that our data or our network is secure.

Next, let s look at the mission...