Sunday, March 31, 2013

Planning and Governance

So we have started a few weeks ago with a discussion of the importance of information security on business and how project management methodologies can improve and increase the success of implementation and monitoring of information security...lets call these the what and how.

How about the why?

Ultimately an IT Governance and strategic planning must incorporate the security needs of a business. Only by aligning the goals of the entire organization with the IT efforts will we realize the full benefits of such resource intensive and costly endeavors.

So lets, first and foremost, make sure we are "doing the right work" and not necessarily focusing on "doing the work right" at this point in time.

Strategic and tactical planning give us a solid framework for governance - both long term goals and short term goals that are measurable.

Sunday, March 24, 2013

Security and Project Management

Took me a while to wrap my brain around the McCumber cube but I now understand how this tool can be used to evaluate information security programs based on the universal attributes of desired goals, information states and safeguards.
McCumber Cube

Much of the conversation and article reviews this week had a recurring theme that people, not technology are a main failure point  for security breeches...I am sure this will be revisited more in the future. In my research I also found an interesting website that I will want to revisit during the course: SANS Institute InfoSec Reading Room http://www.sans.org/reading_room/

The second major learning was how heavy this course will use the methodologies of project management in support of information security management and monitoring. I feel much more comfort with project management material and will enjoy employing what I already know of it to information security. 

We start with the basic building block tools of a good PM to see what a security project would entail and the work need to complete it:
  • Work Breakdown Structure (WBS)
  • Gantt Charts
  • PERT
A good website that will help along the way with its thorough and free templates: http://www.projectmanagementdocs.com/

Tuesday, March 12, 2013

I'm back!

Back on my master's pursuit journey after a brief hiatus and starting up with Information Security class again. Let's dive in the McCumber Cube again...