Professional Documents
Culture Documents
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management Characteristics
Solving Problems
(contd.)
Step 1: Recognize and define the problem
Step 2: Gather facts and make assumptions
Step 3: Develop possible solutions
Step 4: Analyze and compare possible solutions
Step 5: Select, implement, and evaluate a solution
Principles of Information
Planning
Security Management
The extended characteristics of information security Planning as part of InfoSec management
are known as the six Ps An extension of the basic planning model
Planning discussed earlier in this chapter
Policy Included in the InfoSec planning model
Programs Activities necessary to support the design,
Protection creation, and implementation of information
People security strategies
Project Management
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Planning (contd.) Policy
Policy
Types of InfoSec plans The set of organizational guidelines that dictates
certain behavior within the organization
Incident response planning
Three general categories of policy
Business continuity planning
Enterprise information security policy (EISP)
Disaster recovery planning
Sets the tone for the InfoSec department across the
Policy planning organization
Personnel planning Issue-specific security policy (ISSP)
Technology rollout planning Sets of rules of acceptable behavior within a specific
technology
Risk management planning
System-specific policies (SysSPs)
Security program planning
Technical in nature and control the equipments or
includes education, training and awareness
technology.
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Programs Protection
Programs Executed through risk management activities
InfoSec operations that are specifically managed Including risk assessment and control, protection
as separate entities mechanisms, technologies, and tools
Example: a security education training and Each of these mechanisms represents some
awareness (SETA) program aspect of the management of specific controls in
Other types of programs the overall information security plan
Physical security program
complete with fire, physical access, gates, guards, etc.
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
People Project Management
People Project management
The most critical link in the information security Identifying and controlling the resources applied to
program the project
Managers must recognize the crucial role that Measuring progress
people play in the information security program Adjusting the process as progress is made
This area of InfoSec includes security personnel
and the security of personnel, as well as aspects
of a SETA program
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
PMBoK Knowledge Areas PMBoK Knowledge Areas
(contd.) (contd.)
Project time management Project time management includes the following
Ensures that project is finished by identified processes
completion date while meeting objectives Activity definition
Failure to meet project deadlines is among most Activity sequencing
frequently cited failures in project management Activity duration estimating
Many missed deadlines are caused by poor planning
Schedule development
Schedule control
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
PMBoK Knowledge Areas PMBoK Knowledge Areas
(contd.) (contd.)
Project human resource management Project communications management
Ensures personnel assigned to project are Conveys details of project activities to all involved
effectively employed Includes the creation, distribution, classification,
Staffing a project requires careful estimates of storage, and destruction of documents, messages,
effort required and other associated project information
Unique complexities Includes communications planning, information
Extended clearances distribution, performance reporting and
Deploying technology new to the organization administrative closure
Includes organizational planning, staff acquisition
and team development
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Project Management Tools
Project Management Tools
(contd.)
Many tools exist Projectitis
Most project managers combine software tools Occurs when the project manager spends more
that implement one or more of the dominant time documenting project tasks, collecting
modeling approaches performance measurements, recording project
Project management certification task information, and updating project completion
The Project Management Institute (PMI) forecasts than accomplishing meaningful project
work
Leading global professional association
Sponsors two certificate programs: The Project Precursor to projectitis
Management Professional (PMP) and Certified Associate Developing an overly elegant, microscopically
in Project Management (CAPM) detailed plan before gaining consensus for the
work required
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Work Breakdown Structure Work Breakdown Structure
(contd.) (contd.)
As the project plan develops, additional attributes can
be added
Estimated capital and noncapital expenses for the
task
Task assignment according to specific skills
Start and end dates
Work to be accomplished
Amount of effort
Task dependencies
Start and ending dates
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Task-Sequencing Approaches
Many possibilities for task assignment and
scheduling
For modest and large size projects
A number of approaches can assist the project
manager in this sequencing effort
Network scheduling
Refers to the web of possible pathways to project
completion
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Task Sequencing Approaches Task Sequencing Approaches
(contd.) (contd.)
Slack time
How much time is available for starting a
noncritical task without delaying the project as a
whole
Tasks which have slack time are logical
candidates for accepting a delay
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition
Task Sequencing Approaches Task Sequencing Approaches
(contd.) (contd.)
Gantt chart
Easy to read and understand; easy to present to
management
Easier to design and implement than the PERT
diagrams, yielding much of the same information
Lists activities on the vertical axis of a bar chart,
and provides a simple time line on the horizontal
axis
Management of Information Security, 3rd Edition Management of Information Security, 3rd Edition