Project Management in IT Security
EC-council Project Management in Information Technology Security (PMITS) is
an E-Business certification project. This project explores on how to manage
IT security projects. This project enhances the success rate for both
organizations as well as IT managers in any of their IT projects. It acts as
an operational framework for users who design their own IT security project
plan. This courseware helps the students to reinforce their IT project
management skills and provides a roadmap for implementing the IT security in
their organizations.
This makes PMITS a relevant milestone towards achieving EC-Council’s
Certified E-Business Professional, which also ingrains the learner in the
business perspective.
The PMITS standardizes the knowledge base for business professionals by
incorporating the best practices followed by experienced experts in the
field. The objective of EC-Council’s PMITS is to add value to experienced
security professionals by helping them analyze the outcomes of their
project. This project provides brief information on various components of IT
security plans and legal standards related to corporate IT security.
The first step in developing a solid IT security project plan is to define
the problem. We can easily state that the problem is “our networks are not
secure or that there are assets in the organization that need to be
protected from intentional and unintentional attacks.” Those statements are
true on the macro level, meaning that these general statements apply to
almost every organization (and computer) in the world. However, every
company is different and every organization has its own unique set of
security vulnerabilities to consider. Applying a one-size-fits-all approach
to network security will not work. An effective way to approach IT security
is to create a corporate security plan that includes the individual focus
areas of security (e.g., infrastructure, wireless). Breaking down each of
the segments into smaller, individual focus areas allows you to manage each
aspect of security better. Another challenge you will encounter is that
there are many areas that overlap (i.e., does physical access fall under
operational security, infrastructure security, or general security?).
Creating a corporate IT security plan and individual plans gives you the
opportunity to review your overall security project plan to ensure that all
critical security elements are addressed.
EC-Council’s program on Project Management in IT Security is a highly
interactive 2-day class designed to teach Information Technology Security
Professionals real time implementation of project management practices in IT
security planning. It comprehensively covers corporate security project plan
components, costs involved in security, basis for a successful project,
limitations of a Project, corporate strategy and IT security and the
influence of corporate culture and policies on IT security. Students will
learn to identify different issues arising during an organization-wide
security planning and how to avoid and eliminate them.
Management people involved with security planning, Network server
administrators, System Administrators and Risk Assessment professionals.
Access Provided
- One-month, unlimited access to course trainng materials, practice tests, discussion forum and certified instructor
Certification
- Certificate awarded by Eristotle Limited, UK.
Course Outline
Module 01: Components of Project
Management in IT Security
o
Defining a Project
§
Introduction
§
The Security Issue
·
Role of Network Security
o
Integrity, Confidentiality and
Availability
§
The Outcome
§
Various Possible Security Project
Solutions
§
The Optimal Solution
§
Limitations of Security Project
·
Scope of Project
·
Dead Lines
·
Quality
·
Economy
§
Develop the Proposal
§
Identify the Sponsor for the
Security Project
o
Corporate Security Project Plan
Components
o
The Costs involved in Security
o
Basis for Success of a Project
§
Well Defined Project Objectives
§
Minimized and Well Defined Scope
§
Smaller Schedules
§
Experienced Project Manager
§
Executive Support
§
User Involvement
§
Well Defined Project Management Process
o
Limitations of a Project
o
Corporate Strategy and IT Security
o
Importance of the influence of
Corporate Culture and Policies on IT Security
Module 02: Organizing the IT Security
Project
o
Introduction
o
Making of the IT Security Project
Team
o
The IT Security Project
Stakeholders
o
Requirement Specifications of the
IT Security Project
o
Objectives of the IT Security
Project
o
Processes involved in the IT
Security Project
§
The Acceptance Criteria
§
Risk Management
§
Change Management
§
Communication
§
Quality
§
Status Reports
§
Defect Tracking
§
Escalation Process
§
Documentation
§
Approval Procedures
§
Deployment
§
Operations
§
Training
Module 03: Developing the IT Security
Project Team
o
Introduction
o
List of the IT Security Project
Team Requirements
§
Roles and Responsibilities
§
Skill Set
·
Technical Skill Set
·
Communication Ability
·
Training and Negotiation
·
Ability to Negotiate and
Understanding of Technical Aspects
·
Reporting
·
Legality, Regulations and Cost
Factors
o
Identifying the Staffing
Requirements and Constraints
o
Hiring the Staff
o
Developing the IT Project Team
§
Training Objectives
§
Team-building
Module 04: Planning the IT Security
Project
o
Structuring the details of IT
Security Project Work
o
Project Tasks and Sub-tasks in the
Project
o
Verifying Scope of the Project
o
Tasks in Detail
§
Ownership
§
Resources
§
Priority
§
Schedule
§
Budget Allocated
§
Project Dependencies
§
Limitations
·
Experience
·
Tools
·
Budget Constraints
·
Change in the Organization
·
Government or Regulatory Requirements
o
The Critical Path
o
Testing the Results
o
Defining the Budget, Schedule,
Risks, and Communications
Module 05: Managing the IT PM
o
Start of the IT Security Project
o
Examine and Organize the IT
Security Project Progress
§
Authentication
§
Issue Report and Rectification
§
Documentation
o
Manage the IT Security Project Risk
o
Change Management in the IT
Security Project
§
Potential Customers
§
Staff
§
Environmental
o
Test the IT Security Project
Results
Module 06: Building Quality into IT
Security Projects
o
Introduction
o
Quality in the IT Security Project
§
User Requirements
§
Functional Specifications
§
Technical Requirements
§
Acceptance Criteria
§
Quality Metrics
§
Operational Standards of the IT Project
§
Monitoring IT Security Project
Quality
o
Test the IT Security Project
Quality
Module 07: Closing Out the IT PM
o
Introduction
o
Evaluate the Project on Completion
o
Close all Open Issues, Change
Requests, and Error Reports
o
Prepare for Implementation,
Deployment, and Operational Transfer
o
Review the Lessons Learned
o
Documentation and Compliance
Reports
Module 08: Define a Corporate IT
Project Plan
o
Define a Security Strategy for the
IT Project
o
Legal Standards
§
Gramm-Leach-Bliley Act
§
Health Insurance Portability and Accountability Act 195
Sarbanes-Oxley Act
§
Federal Information Security and Management Act
§
FERPA and the TEACH Act
§
Electronic Communications Privacy Act and Computer Fraud and Abuse
Act
§
Law concerning Unauthorized Access
§
Myths and Facts
·
Private Entity
·
Penetration Test
§
Legal Liability and Related Tools
§
Legal Assessment and Implementation in Corporate Scenario
§
Define Rights and Protection and involvement of Certified
third-party individuals
§
Standards and Insurance
o
Overview of the Corporate IT
Security Project Plan
o
Security Auditing
§
Reasons for Security Breaches
o
Factors of the Corporate IT
Security Project
§
Goals of the IT Security Project
·
Scope, Timing, Budget and Quality
§
Skills related to Operating System, Networking, Application
Security, Security Tools, and Programming
o
Project Work Breakdown Structure
and Examples
§
Risks associated with the Project
o
Project Constraints
o
Project Assumptions
o
Project Schedule and Budget
o
Closing Out the Project
o
IT Infrastructure Security Project Plan
§
Infrastructure Security Assessment
·
Information
·
People and Process
o
Policies
o
Compliance with Processes
·
Technology
·
Establishing Baselines
·
Recognizing External Threats
·
Network Security Checklist
§
Project Parameters
§
Project Team
§
Project Organization
§
Project Work Breakdown Structure
§
Risks Mitigation Strategies
§
Project Constraints and Assumptions
§
Project Schedule and Budget
§
Overview of Infrastructure Security
Project
Module 09: General IT Security Plan
o
IT Security Assessment and Audit
§
Perimeters
§
The Internal Network
§
Information
§
Risk Assessments
·
Vulnerability Scanning and
Penetration Testing
·
Risk Assessment
§
Impact Analysis
o
Authentication
o
Access Control
o
Auditing
§
Review the Policy
§
Review the Procedures
§
Review the Operations
§
Requisites of Legal Reporting
o
Attacks
o
Assessment and Audit Report
§
Entries in the Finding Report
§
Planning of the Project
o
General IT Security Project
Parameters
§
Requirements
§
Scope, Schedule, Budget, Skill Sets
and Procedures
o
General IT Security Project Plan
§
Project WBS, Constraints, Schedule
and Budget
o
Wireless Security Project Plan
§
Wireless Security Auditing
·
Types of Wireless Devices
·
Wireless Threats
·
Risk Assessment
·
Impact Analysis
§
Project Parameters
·
Requirements
·
Scope, Schedule, Budget, Skill Sets and
Procedures
§
Project Team
§
Project Organization
§
Project Work Breakdown Structure
§
Project Risks and Mitigation
Strategies
§
Project Constraints and Assumptions
§
Project Schedule and Budget
§
Wireless Security Project Outline
Module 10: IT Operational Security
Plan
o
Operational Security Assessment
§
Incident Response
§
The Response Team
§
Policies
§
Disaster Recovery
§
Regulatory Issues
·
Health Insurance Portability and
Accountability Act
·
Gramm-Leach-Bliley
Act
·
Sarbanes-Oxley Act
o
Project Parameters
§
Issue, Solution, Scope, Cost, Time,
Quality, Functional Specifications and Skill Set
o
Project Team
o
Project Organization
o
Project Work Breakdown Structure
o
Project Risks and Mitigation
Strategies
§
Incident Response
§
Policy Management
§
Disaster Planning
§
Regulatory/Compliance
o
Project Constraints and Assumptions
o
Project Schedule and Budget
o
Overview of the Operational
Security Project
|
