(This post contains affiliate hyperlinks. Please read my full disclosure.
Network security is a continuous task. This heavy-weight book tackles the issue with both an immediate sense and a long-term perspective on strategic IT security planning. The Syngress IT Security Project Manager Handbook provides an operational framework for security planning.
It is written in an easy-to-understand style and the pages are well-organized. The book’s structure has been clearly marked at various points. Each chapter ends with a list containing key points, a summary of each chapter. Research and case studies are separated from the main text, making them easy to spot.
Although the book is divided into four main sections, it is not clearly laid out like this. The first section, Chapter 1, is a summary of the general IT security environment for corporations. It also discusses costs to businesses.
The second section, which consists of Chapters 2 through 3, is where the IT project management angle really starts. Snedaker is also author of How to Cheat at IT Project Management, published by the same publisher. This book is meant to be a complementing text.
The basics of IT project management can be discussed in general terms in Syngress IT Security Project Manager Handbook, or with a security twist. This section explains how to set objectives, define work and engage colleagues in IT security project management.
The third section, which covers Chapters 4-8, explains how to set up a security project. Chapter 4 is especially interesting because it discusses the importance of quality in IT security work, and how to plan for a high-quality outcome.
This section is relevant to all IT project managers. However, it does have security implications. IT security is only as good and secure as the people who run it. This section is dedicated to finding the right people for the project team and exploring what competencies they should have.
The book’s final section is the most extensive. The last chapter of the book contains five frameworks for IT Security Project Plans that can be adapted for your organization. These include two generic corporate security plans and one for IT Infrastructure Security Projects. One for wireless security, and one for an operational IT Security Plan.
These frameworks include examples of security tests that can be performed, probable project risks, and a sample work breakdown structure that can be used as a plan. This chapter (Chapter 9) provides comprehensive coverage of US IT security laws, which is not relevant for companies that do not have a US presence. Although these chapters are somewhat repetitive, the structure allows the reader to concentrate on the relevant framework and follow the steps.
This guide is comprehensive and solid in its approach to IT security projects. However, some of the advice against threats like network sniffing and CAPTCHA could be out of date as technology changes so rapidly.
This review has been accepted by The Computer Journal for publication
Author: Susan SnedakerISBN: 1-59749-076-8
Syngress IT Security Project Management Handbook: Book Review
