The types of requirements needed for an assessment and auditing project plan include the technical requirements for the various assessments and tests to be performed. When looking for security vulnerabilities, you should specify the specific target of the assessment, the specific tests or actions that will be taken, how results will be monitored, recorded, and reported, and how recommendations will be made. These might fall under functional, technical, legal, or financial requirements. Technical specifications should encompass methods, tools, and techniques that will be used to test and assess security. The audit function should include very clear specifications regarding functional and technical requirements.
While you might not specifically think of user requirements in this type of project, a user requirement in this context might include that tests be run at night or on the weekend when the fewest users will be impacted; that users be selected at random (or via some specified system) to review current security practices; or that users will be needed to perform certain testing or auditing functions due to specific subject matter expertise that you want to bring onto your IT project team.
You may choose to develop your requirements using the elements shown in Figure 10.5 as your guide. Look at your perimeter, network configuration, servers and hosts, applications and databases, and data needs as you develop this project's functional and technical requirements.
Figure 10.5 Element of IT Security Requirements
Corporate and IT Policies, Procedures and Training
Physical Security Environment
I Network > I Configuration <
Servers and Hosts
Applications and Databases
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.