IT Security Project Management Handbook

Your approach to creating your work breakdown structure (WBS) might be different from the method we provide; that s fine as long as you cover the basics. Our recommended approach is to start with your mission statement and your selected solution and create three to five high-level objectives. From there, you can parse each of those objectives down into smaller components until you have tasks that actually make sense and are understandable. Tasks should be broken down until they represent an understandable and manageable unit of work. The 80/8 rule is a good one to keep in mind; it states that no task should exceed 80 hours or be less than 8 hours. If a task is longer than 80 hours, it needs to be broken down into smaller components. If you define tasks of less than 8 hours, you ll end up with a scheduling nightmare on your hands.
We ll start with the four major areas we discussed at the opening of this chapter:
Devices and media
Topologies
Intrusion detection/intrusion prevention
System hardening
If you recall from prior chapters, these are not properly written as tasks or even as objectives; they re topic labels. So, let s fix that and create the top-level objectives based on these four areas of concern:
Audit and secure devices and media
Audit and secure network topology
Implement or harden intrusion prevention/detection systems
Harden systems
Now we have a better starting point for our WBS. From here, we can break these down into smaller...