(This post contains affiliate links. Read my full disclosure.)
Network security is an ongoing task and this heavy-weight book tackles it with both a sense of immediacy and a long-term view of strategic IT security planning. Syngress IT Security Project Management Handbook aims to present an operational framework for security planning.
It is written in a very accessible style and the pages are clear. The book’s structure is signposted at various points and each chapter ends with a list of key points: a chapter summary. Case studies and research are boxed off from the main text making them easy to spot.
After reading the book, I can see it is split into four main sections although it is not laid out with this distinction. The first section is just Chapter 1 and discusses the general corporate IT security environment, for example the costs to the business.
The IT project management angle really begins in the second section, made up of Chapters 2 and 3. Snedaker is also the author of How to Cheat at IT Project Management by the same publisher so this book is supposed to act as a complementary text.
The nuts and bolts of IT project management are discussed either in general terms throughout Syngress IT Security Project Management Handbook or with a security twist. This second section sets IT security project management in context by explaining how to define the work required, set objectives and engage colleagues.
The third section, from Chapters 4 to 8, goes into more detail about how the security project should be set up. Chapter 4 is particularly interesting as it discusses the important role that quality in IT security work and how to plan for a quality outcome.
The rest of this section is of relevance to all IT project managers, although it does have a security angle. IT security is only as good as the people running it so a significant space is devoted to getting the right people on the project team, and an exploration of what competencies ‘the right people’ should have.
The final section of the book is the largest. Over the final chapters Snedaker presents five frameworks for IT security project plans that can be adapted to your organization: two generic corporate security plans, one for IT infrastructure security projects, one for wireless security and an operational IT security plan.
These frameworks provide examples of security tests to carry out, likely project risks and a sample work breakdown structure to use as a plan. Included in this section (Chapter 9) is comprehensive coverage of US IT security law, which is irrelevant for companies without a US presence. These chapters are slightly repetitive but the structure does allow the reader to focus on the appropriate framework and work through it in a step-by-step way.
In general, this is a comprehensive and solid guide to running IT security projects, but some of the specific advice given against threats like network sniffing, CAPTCHA and DDoS attacks risks appearing out of date in time as technology moves on so quickly.
- This review has been accepted for publication in The Computer Journal
- Author: Susan Snedaker