SLS Information Security First Draft WBS

Task or Subtask 1 Resources Start & End Dates S: 4/15 E: 4/17

2

Contact network engineering team Network Architect to ensure hardware device is compatible with network infrastructure Purchase Web Filter Network Architect & Purchasing Group Order Web Filter thru purchasing group Order Web Filter from manufacturer Web Filter delivered Network Architect

2.1

S: 4/18 E: 4/18 S: 4/19 E: 4/19 E: 5/10

2.2

Purchasing Group

2.3

Purchasing Group

3

Purchase Technical Support Contract Purchase additional software components Submit change request to implement hardware Administrator attends training on new hardware device Installallation/configuration of hardware and software components.

Purchasing Group

S: 4/19 E: 4/19 S:4/19 E:4/19 S: 5/10 E: 5/27 S:5/27 E:6/01 S:5/27 E:6/10

4

Purchasing Group

5

Change control board

6

Training department and administrator Contracted vendors

7

SLS Ongoing Support WBS
Task or Subtask 1 2 Resources Start & End Dates Ongoing Ongoing

Ongoing Administrative Functions Administrator Monthly subscription Administrator and Purchasing Group

http://webfuse.cqu.edu.au/Courses/2008/T1/COIT13211/Study_Schedule/tute10.htm http://webfuse.cqu.edu.au/Courses/2008/T1/COIT13211/Study_Schedule/tute10.htm

curity First Draft WBS
Estimated Effort Hours 2 Estimated Capital Expense $0 Estimated Non-Capital Expense $200 Dependancies

1

$0

$0

1

2

$18,000

$0

2.1

1

$0

2.2

1

$3,240

$0

1

1

$550

$0

1

1

$0

$0

2

40

$0

$0

3

150

$0

$21,000

2,4

g Support WBS
Estimated Effort Hours 4 per week Estimated Capital Expense $0 $250 per month Estimated Non-Capital Expense $0 $0 Dependancies

1 2 3 4 5 6 7 8 9 10

A.Control access by applying the following concepts/methodologies/techniques

1 Threat modelingnew 1.g.AUnderstand secure network architecture and design (e..Certfied Information Systems Security Professional CISSP Exam (10 domain areas) Access Control Application Security (changed to "Software Development Security") Business Continuity and Disaster Recovery Planning Cryptography Information Security and Risk Management Legal Regulations. and Investigations Operations Security Physical (Environment) Security Security Architecture and Design Telecommunications and Network Security 1.4 Access aggregationnew 1.1OSI and TCP/IP modelsnew2.B.A.3Implications of multilayer protocols A. segmentation)new2. ACCESS CONTROLS new 1.g.B.C.3 Vulnerability analysisnew 1. Compliance.. revocation) 2.A.D Identity and access provisioning lifecycle (e.C.B. provisioning. review.2IP networkingnew2.2 Access review & auditnew 1.Control access by applying the following concepts/methodologies/techniques . IP & non-IP protocols.1 User entitlementnew 1.TELECOMMUNICATIONS & NETWORK SECURITY reworded2.2 Asset valuationnew 1.A.B.

Response. and Recovery Security Operations and Administration .Systems Security Certified Practioner SSCP Exam (7 areas) 1 2 3 4 5 6 7 Access Control Cryptography Malicious Code and Activity Monitioring and Analysis Networks and Communication Risk.

BUT NOT when performance has lagged (d) performance has lagged. True or False. (a) four (b) five (c) six (d) seven (e) eight 5. Create a first draft of a WBS (Work Breakdown Structure) from the scenario below.COIT 13211 Security and the Internet . True or False. BUT NOT when the estimate was flawed (e) None of the above 4. Make assu Sequential Label and Supply is having a problem with employees surfing the Web to access material the c Items you should consider:   Your plan requires two sections. 7. Based on the feedback loop shown in the figure above. one for deployment and another for ongoing operation aft The vendor offers a contracting service for installation at $140 per hour. . It is good practice for an organization to install all information security componen 2. 9. Scenario What is the primary objective of the implementation phase of a project plan for information sec What is projectitis? How is it cured or its impact reduced? Are there concrete rules about what a capital expense is and what it is not? What is a general List and describe the four layers of the bull’s-eye model for security project planning.Module 10 Review Questions 1. Planners do not need to estimate the expected non-capital expenses for the com 3. 10. corrective action is required when ____ (a) the estimate was flawed AND performance has lagged (b) EITHER the estimate was flawed OR performance has lagged (c) only the estimate was flawed. 8. The security systems development life cycle (SecSDLC) is made up of ____ phases. The involvement step to reduce resistance in change means getting key representatives from u (a) application (b) association (c) assistance (d) appreciation (e) available 6.

htm produces Work Breakdow · Can-Plan freeware at http://can-plan.change-management. Any large project needs to cater for the effe · · http://itmanagement. Have a look at the short articles and papers on the pitfalls of and best practices for project man 2. The manufacturer has a 14-day order time and a 7-day delivery time for this device.com/wbsmain.com/read/050105/offshore.csoonline.com/project1.com/ (Requires Microsoft Excel to run). There are many project management software tools available for fairly large software prices he  WBS Chart Pro at http://www.cfm and click the demo link.csoonline. The section on the on the Six Phases of a Project and R  For a web browser based demo of Project Management software go to onProject.html http://www. Inc’s http://www.html http://www.  Your change control process requires a 17-day lead time for change requests.onproject.com/service/article.html 1.com/articles. Discussion Question Would outsourcing your security be always a good idea? Why or Why not? Internet/Laboratory Exercises http://www.com/read/030104/counsel.com/ 4.projectsmart.com/con_Brands/onproject/cfm_HomePage/products/asp.csoonline. · More links to project management software at http://www.startwright.csoonline. Creating a WBS can be quiet challenging when you haven’t had practice at the task.uk/articles. · · · http://www.htm . Some brief articles on outsourcing security which could well help in the discussion above.criticaltools.html Articles from CSO Magazine (Resources for security executives) http://www.htm 3.20m. Some interesting articles on change management.co.php/3512091 Series of articles here http://www.earthweb.com/read/070104/counsel.

Systems: This layer includes computers used as servers. 5. There are no concrete rules for what is a capital expense. False False b c a The project plan delivers instructions to the individuals who are executing the implementation phas 7. collecting performa This can be avoided by using simple tools to focus on organization and coordination. This is when the project manager spends more time documenting project tasks. Ongoing Support Item 1 2 Ongoing administration of device Monthly subscription TASK . such as office automation and e-mai 10 Draft Sample Implementation WBS Item 1 2 3 4 5 6 7 TASK Contact Network team to ensure hardware device will work with network infrastructure Purchase Web Filter Purchase Technical Support Contract Purchase additional software components Submit change request to implement hardware Send administrator to training on device Install hardware and software components. and systems us 4. 8. Networks: The threats from public networks meet the organization’s networking infrastructure. 3. 2. Most companies budget and expend ca 9. desktop computers.Review Question Answers 1. The fundamental concept is that issues are addressed from the general to the specific and that the 1. 4. Policies: The foundation of all effective information security programs is sound information sec 2. 6. 3. Applications: This layer includes packaged applications.

nce has lagged was flawed e up of ____ phases. ve action is required when ____. Make assumptions as needed based on the section about project planning considerations and he Web to access material the company has deemed inappropriate for use in a professional environment. the scenario below. . The techn nother for ongoing operation after implementation. In systems project plan for information security? hat it is not? What is a general guideline? urity project planning. on-capital expenses for the completion of the task. or action item. subtask.l information security components at once. tting key representatives from user groups to serve as members of the SecSDLC development process. 40 per hour.

at the task. . oject needs to cater for the effects of change to an organization.cfm wright. Inc’s oducts/asp. . Sample usually insta e Six Phases of a Project and Rewards for the Project Manager at the bottom of the DOC worksheet can be very true software go to onProject.htm p in the discussion above. Remember change management is about people. d best practices for project management at or fairly large software prices here are a few that you can have a look at which are reasonable priced or free.htm produces Work Breakdown Structures in conjunction with Microsoft Project or standalone.or change requests. very time for this device.com/project1.

000 $3. . top computers. and systems used for process control and manufacturing systems. tion’s networking infrastructure. The general guidelines are usually eral to the specific and that the focus is on systematic solutions instead of individual problems. recording information.cuting the implementation phase.4 Resources Administrator Administrator/Purchasing Group Start & End Dates Effort Hours Ongoing Ongoing 4/WK Capital Expense $0 250/Month Non-Capital Expense $0 $0 Dep. collecting performance measurements. ograms is sound information security and information technology policy. roject tasks. These instructions focus on the security control changes needed to the hardware. mpanies budget and expend capital according to it’s own established procedures.000 Dep. 1 1 1 2 3 2. and updating information than they spend ordination. as office automation and e-mail programs as well as high end enterprise resource planning (ERP) packages than sp Resources Network Engineers Network Engineer & Purchasing Group Purchasing Group Purchasing Group Change control board Training center and Administrator Outside vendors Start & End Dates Effort Hours S: 11/25 E:11/27 S:11/28 E:12/19 S:11/28 E:12/19 S:11/28 E:12/19 S:12/19 E:01/06 S:01/06 E:01/10 S:01/06 E:01/20 2 1 1 1 1 40 150 Capital Expense $0 $18.240 $800 $0 $0 $0 Non-Capital Expense $100 $0 $0 $0 $0 $0 $21.

The technology exists to insert a filtering device in the company Internet connection that blocks certain W . In systems development this is referred to as joint ____ development or JAD. g considerations and constraints in the chapter. In your WBS. describe the resources required for the tasks you have nvironment.t process.

. ment is about people. .priced or free. Sample usually installed in the Program Files/WBS Chart Pro directory. sheet can be very true if project planning doesn’t work out.

procedures. guidelines are usually separated by expenses for durable assets and expenses for other purposes.ded to the hardware. data. T mation than they spend on accomplishing meaningful project work. software. The most impo RP) packages than span the organization. and people that make up the organization’s information systems. .

The vendor has provided you with some initial in . nnection that blocks certain Web locations and certain Web content.quired for the tasks you have planned.

.

The major steps in executing the project plan are: planning the project. supervising tasks er purposes. The most important thing is to know your established procedures.tion’s information systems. .

000 and require .ovided you with some initial information about the filter. The hardware is an appliance that costs $18.

.

supervising tasks and actions steps.he project. and wrapping up. .

000 and requires a total of 150 effort-hours to install and configure.at costs $18. Technical support on the appliance .

.

.

A .cal support on the appliance costs 18 percent of the purchase price and includes a training allowance for the year.

.

.

A software component is needed for administering the appliance that runs on the adminis .ng allowance for the year.

.

.

nce that runs on the administrator’s desktop computer and it costs $550. A monthly subscription provides the list of .

.

.

The administrator must spend an estima .scription provides the list of sites to be blocked and costs $250 per month.

.

.

trator must spend an estimated four hours per week for ongoing administrative functions. .

Draft Sample Implementation WBS Item TASK Resources Start & End Dates 1 Contact Network team to ensure hardware device Network Engineers will work with network infrastructure S: 11/25 E:11/27 2 Purchase Web Filter Network Engineer & Purchasing Group S:11/28 E:12/19 3 Purchase Technical Support Contract Purchasing Group S:11/28 E:12/19 4 Purchase additional software components Purchasing Group S:11/28 E:12/19 5 Submit change request to implement hardware Change control board S:12/19 E:01/06 6 Send administrator to training on device Install hardware and software components. Training center and Administrator S:01/06 E:01/10 7 Outside vendors S:01/06 E:01/20 .

000 $0 1 1 $3.240 $0 1 1 $800 $0 1 1 $0 $0 2 40 $0 $0 3 150 $0 $21. 2 $0 $100 1 $18.4 .000 2.Effort Hours Capital Expense Non-Capital Expense Dep.

Ongoing Support Item TASK Resource s Start & End Dates Effort Hours Capital Expense $0 NonCapital Expense $0 Dep. 1 2 Ongoing administra Administra Ongoing tion of tor device Administra Monthly tor/Purcha subscriptio Ongoing sing n Group 4/WK 250/Month $0 .

10+ years of relevant experience or equivalent combination of education and work experience. Undergraduate degree and 68 years relevant experience or Graduate degree and 8-10 years relevant experience. subsidized and non-subsidized customers). Additional Job Details:Healthcare Financial Management workstream experience preferred. Impact is on the entire function or process. hiring and training of financial management staff . Proficient in negotiating and conflict management. Healthcare Payer industry experience preferred Agile / SDLC experience preferred Financial Management workstream is defined as: Design and development of financial management (FM) capabilities.. small businesses. deployment of relevant technology and definition of required recruiting. Ability to manage risk and project decisions. across all customer types (e. Ability to lead mid. Ability to communicate clearly and present at senior leadership levels. including associated business requirements. Defines and monitors project team resources. brokers.g.IT Project Manager Description: Description/Comment:Typically responsible for mid to large sized projects.to large-sized project teams.

. implementing.IT Infrastructure Project Manager About the Job SUMMARY OF RESPONSIBILITIES Plan.​ Recommend alternative technologies or approaches to projects.​ Compile.​ Identify. prepare.​ Facilitate. construction. implementation and closeout phases. and present reports on project status Track progress of testing and identify solutions to correct deviations from required timelines. negotiate for. and develop schedules for timely completion of projects.​ Utilize a variety of business processes and tasks in completing multiple projects and issues. coordinate and oversee projects from inception.​ Independently assess situations. and complete Project Funding Requests (PFRs) for projects and implement within established guidelines and timelines. and completing projects that require coordination of resources across multiple departments Prepare department budget and forecasts future departmental projects ensuring effective and efficient use of resources.​ Assemble project teams. and manage cross-functional project resources and manage their deliverables required to complete projects and coordinate execution of business applications projects/​procedures with other departments Assist business area owners in the preparation of their project budget requirements ensuring effective and efficient use of resources. assign responsibilities. calculate.​ ESSENTIAL JOB FUNCTIONS Responsible for developing. elaboration. initiation. research available options and work with other functional and business areas to realize solutions and guide successful completion. identify resources. analyze.

Sign up to vote on this title
UsefulNot useful

Master Your Semester with Scribd & The New York Times

Special offer for students: Only $4.99/month.

Master Your Semester with a Special Offer from Scribd & The New York Times

Cancel anytime.