Abstract
This chapter provides the framework for creating a general Information Technology (IT) security project as part of an overall corporate IT security project plan strategy. As with all of the individual security area projects (ISAPs) discussed in this book, this is intended to be a template to use as a starting point. One might wonder what a “general” IT security project plan consists of. It discusses the security assessment and auditing function in great detail. Most corporate IT security plans start with a thorough assessment so that the problem statement can be developed. The chapter looks at different ways to view the security assessment as a whole, including looking at the perimeter systems, internal network, server and host systems, applications and databases, and data. It's important to understand the elements that comprise an assessment, which typically fall into the vulnerability scanning, pen testing, and risk assessment, with the caveat that any pen testing should be limited in scope prior to implementing a security project. The audit function includes auditing physical, technological, and administrative policies and procedures. It also looks briefly at access control, authentication, and auditing as part of overall security assessment.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
