Chapter 9 - Corporate IT Security Project Plan

Abstract

This chapter provides the framework for creating an overarching corporate Information Technology (IT) security project plan. It is intended to be used as templates to guide through security project planning process. There is no one-size-fits-all approach to any security project planning process; thus, one needs to modify security project plant to fit organization's requirements. It provides the basic building blocks to help get started. It also discusses a security audit and various legal standards related to corporate IT security plan, because in this day and age, security has become a legal issue. The chapter provides an overview to help understand the larger legal environment. While the generally accepted project management methods apply in corporate security plan, there are areas specific to corporate IT security planning that are called out along the way. These are typically high-level issues that should be addressed in a top-level project plan. It also notes areas where the corporate IT project plan provides the mortar or glue for the ISAPs. Each individual plan should be complete unto itself, but there are necessary connections between and among the ISAPs required to implement a comprehensive, holistic IT security solution for a company.