IT Security Project Plan Outline and Template
Defining the Security Problem
All projects should start by defining the problem to be solved. If you cannot state the problem to be solved, you need to give additional thought to the subject before proceeding.
Confidentiality, integrity, and availability (CIA) are the three areas that security must address.
Additional security data regarding known security problems are addressed in the security assessment performed later in the process.
Defining the Security Mission or Outcome
The mission or outcome statement should state the desired or required result of your security project plan.
At this stage in the planning process, the statement should describe the outcome desired (or required) for your corporate IT security project plan. Individual security topic areas will be defined later.
If you cannot state the desired outcome clearly and concisely, you may not have a clear idea of what you are trying to achieve. Clarity at this stage of the planning process is critical to success.
Defining the problem and mission should take a relatively short time.
Defining Potential Security Project Solutions
Your planning process should include a brainstorming session to identify all possible security solutions.
Do not filter solutions because they initially seem to be too expensive or too innovative. List all solutions at the outset. Defining the Optimal Security Project Solution
Look at all potential solutions and decide which one appears to be the optimal solution. It is not always the first solution you think of.
Be sure the optimal solution fits the problem and mission statements.
Applying Security Project Constraints
Every security project has four constraints: scope, time, cost, and quality.
Review your optimal solution in light of the known security project constraints.
Since constraints are not always known at this juncture, list any assumptions you have made about security project constraints so that you can verify them later.
Be prepared to discuss the security project constraints based on your security project proposal. If you state the business case clearly, your higher budget or longer schedule may be approved with little push back.
Developing the Security Project Proposal
Be sure to capture the key elements of the security project proposal. This includes security project name, project manager, date, problem, mission, potential solutions, optimal solution, and constraints (known or assumed).
The proposal can be formal or informal, depending on your company’s culture.
Be sure to have the proposal approved by your sponsor before proceeding.
Identifying the Security Project Sponsor
The security project sponsor can be your supervisor, manager, or a company executive.
The security project sponsor approves the security project plan, budget, and schedule, and helps clear roadblocks to the project’s success.
The security project proposal is the first opportunity you have to check and align expectations with the security project sponsor.
Schedule a meeting with the security project sponsor to discuss the initial proposal.
If your security project sponsor is too busy or unwilling to participate, try to find a new security project sponsor. A good security project sponsor can pave the way to success; a poor security project sponsor can create roadblocks and delays.
Take time at this juncture to understand the best way to communicate with your security project sponsor. Setting clear expectations now will save time later.
Syngress IT Security Project Management 2006 by Syngress Publishing
