|
The ISSO must also develop an InfoSec Annual Plan (IAP) to support the IWC ISSSP and ITP. The plan must include goals, objectives, and projects that will support the goals and objectives of IWC's Annual Business Plan.
IWC's InfoSec Annual Plan (IAP) is to be used to identify and implement projects to accomplish the goals and objectives as stated in the ISSSP and ITP.
Remember, the InfoSec Program requires the following:
Project management techniques;
Gantt charts (Schedule);
Identified beginning date for each project;
Identified ending date for each project;
An objective for each project;
Costs tracking and budget; and
Identification of the responsible project lead.
The initial and major project of the IWC ISSO's first IAP is to begin to identify the current IWC InfoSec environment. In order to gain an understanding of the current IWC environment, culture, and philosophy, the following projects are to be established:
Project Title: IWC InfoSec Organization
Project Lead: ISSO
Objective: Establish a CIAPP support organization.
Start Date: January 1, 2003
End Date: July 1, 2003
Project Title: CIAPP Policies and Procedures Review
Project Lead: ISSO
Objective: Identify and review all CIAPP-related IWC documentation, and establish a process to ensure applicability and currency.
Start Date: February 1, 2003
End Date: April 1, 2003
Project Title: InfoSec Team
Project Lead: ISSO
Objective: Establish an IWC CIAPP Working Group to assist in establishing and supporting an InfoSec program.
Start Date: January 1, 2003
End Date: February 1, 2003
Project Title: IWC Proprietary Process Protection
Project Lead: InfoSec Organization Systems Security Engineer
Objective: Identification, assessment, and protection of IWC proprietary processes.
Start Date: April 15, 2003
End Date: September 1, 2003
Project Title: InfoSec Organizational Functions
Project Lead: ISSO
Objective: Identify and establish InfoSec organizational functions and their associated processes and work instructions.
Start Date: January 15, 2003
End Date: July 1, 2003
Project Title: InfoSec Support to IT Changes
Project Lead: InfoSec Organization Systems Security Engineer
Objective: Establish a process to provide service and support to integrate InfoSec as changes are made in the IT environment.
Figure 6.4: Mapping of IAP projects to the IWC Annual Business Plan.
Start Date: March 15, 2003
End Date: October 1, 2003
As was previously shown, mapping the IWC CIAPP and the InfoSec Annual Plan to the IWC Annual Business Plan can be easily accomplished. However, in this case, the IWC Annual Plan objectives were not indicated or used to map the IAP. [3]
As noted earlier, writing of the plans must follow the IWC format. The IWC IAP is no exception, and the following format is required:
Executive Summary
Table of Contents
Introduction
InfoSec Annual Goals
InfoSec Projects
How the InfoSec Projects Support IWC's Annual Plan Goals
Mapping Charts
Conclusion
[3]The reader probably understands this process by now and can easily use this mapping method.
|