Project Management

Ensure that sufficient project documentation and software development process documentation (if applicable) have been created. Ensure that the company's project methodology standards are being followed.
Review procedures for ensuring that project documentation is kept up-to-date.
Evaluate security and change-management processes for critical project documentation.
Evaluate procedures for backing up critical project software and documentation. Ensure that backups are stored offsite and that documented procedures exist for recovery.
Ensure that an effective process exists for capturing project issues, escalating those issues as appropriate, and tracking them to resolution.
Ensure that an effective process exists for capturing project change requests, prioritizing them, and dispositioning them.
Verify that a project schedule has been created and that it contains sufficient detail based on the size of the project. Ensure that there is a process in place for monitoring progress and reporting significant delays.
Ensure that there is a method for tracking project costs and reporting overruns. Ensure that all project costs, including labor, are considered and tracked.
Evaluate the project leadership structure to ensure that both the business and IT are represented adequately.

Alignment – Provide for strategic direction of IT and the alignment of IT and the business with respect to services and projects.

Value Delivery – Confirm that the IT/Business organisation is designed to
drive maximum business value from IT. Oversee the delivery of value by IT to the
business, and assess ROI.

Risk Management – Ascertain that processes are in place to ensure that risks
have been adequately managed. Include assessment of the risk aspects of IT
investments.

Resource Management – Provide high-level direction for sourcing and use of IT resources. Oversee the aggregate funding of IT at enterprise level. Ensure there is an adequate IT capability and infrastructure to support current and expected future business requirements.

Defining the Security Problem
All projects should start by defining the problem to be solved. If you cannot state the problem to be solved, you need to give additional thought to the subject before proceeding.

Confidentiality, integrity, and availability (CIA) are the three areas that security must address.

Additional security data regarding known security problems are addressed in the security assessment performed later in the process.

Defining the Security Mission or Outcome
The mission or outcome statement should state the desired or required result of your security project plan.
At this stage in the planning process, the statement should describe the outcome desired (or required) for your corporate IT security project plan. Individual security topic areas will be defined later.