Work Breakdown Structure Example

PM Milestone Project Management Templates

PM Milestone 7000 Business Templates

Get Instant Access

1. Develop RFP to hire an outside security consultant for an enterprise-wide security audit

1.1 Define RFP parameters

1.2 Develop a list of companies from whom to solicit RFP responses

1.3 Issue a RFP

1.4 Evaluate RFP responses

1.5 Hire an outside consultant

2. Perform enterprise-wide security audit

3. Implement security recommendations based on audit results

3.1 Develop ISAPs

3.1.1 Develop and implement Infrastructure Security Plan

3.1.2 Develop and implement Wireless Security Plan

3.1.3 Develop and implement Operational Security Plan

3.2 Implement, monitor, and manage defined ISAPs

4. Develop ongoing security maintenance procedures

In this example, you've decided to hire an outside consultant to perform a security audit. From those results, you will develop your individual security plans to address the specific areas or vulnerabilities identified by the consultant.You may develop those plans with or without the consultant, and you may decide to implement and manage those projects with or without the consultant. Those are choices you can make as you move through the process based on the unique characteristics of your organization, your IT staff's capabilities, and your relationship with the consultant. However, regardless of who does the work, you are the project manager and should actively manage the process. In most cases, it is not advisable to hand off responsibility for the project to an outside consultant, unless you are explicitly hiring them to come in, assess your security needs, develop the security project plan, and implement the resulting plan. There are some instances when that might be advisable, but as a general rule, you should maintain control of the project, because you'll be held accountable for the results when it's all said and done.

As part of your WBS, you'll want to include the specific security areas you plan on addressing.You may have to circle back through your planning process to add detail once your security assessment or audit is completed. If the assessment or audit is conducted prior to planning your corporate IT security project, you most likely will have adequate detail to specify the ISAPs at the outset of your planning phase. There are numerous security areas to be considered that should be delineated as part of your assessment process. However, to give you a jump start, we've included a list developed by the International Engineering Consortium (IEC) that delineates many of the major areas to be addressed in a comprehensive security project plan.Table 9.1 provides a list to help you to start thinking about what your network includes, what your security assessment should review, and what ISAPs you may need to define.

Remember, smaller projects are more successful, so if you need or want to undertake many (or all) of the items listed in Table 9.1, you should create separate ISAPs for them and roll them up into your corporate IT security project plan. At that point, the corporate IT security project plan becomes more of a "program" than a project, because it is the roll up of a number of related initiatives.This distinction is important, because looking at the corporate IT security project as a program allows you to allocate resources (time, money, expertise) across your IT security projects in a thoughtful and predictable manner, rather than running wild through one enormous project plan that is difficult (impossible) to effectively manage.

Table 9.1 Enterprise-wide Technology List for Security Projects

Technology Category

Storage and Server Technology


Backup Solutions

Disaster Recovery/Business Continuity

Storage Management Solutions

Story Area Network (SAN)/Network

Attached Storage (NAS)

Storage Server Provider (SSP)



Server-based Operating Systems


Table 9.1 continued Enterprise-wide Technology List for Security Projects

Technology Category


Mobile and Wireless Technology

Networking and Systems Management



Wireless/Cellular Services Personal Area Networks (PANs) Wireless Local Area Networks (LANs) Fixed-Access/Point-to-Point/MAN Wireless Wide Area Networks (WANs) Mobile Computing Platforms/Applications




Policy Management

Traffic Management

Management Service Provider (MSP)

Web Monitoring Services

Anti-Virus Software Virtual Private Network (VPN)/Firewalls

Public Key Infrastructure (PKI) Authentication/Access Technology Intrusion Detection Systems (IDS) Encryption

VPN/Security Services Certificate Authorities Security Management

Directory Services LAN Infrastructure WAN/MAN Infrastructure Service Provider/Carrier Class Equipment

Remote Access Servers


Caching and Load Balancing Collocation Services Internet Service Provider (ISP)


Table 9.1 continued Enterprise-wide Technology List for Security Projects

Technology Category


Carrier/Competitive Local Exchange

Carrier (CLEC) Services

Digital Convergence



Private Branch Exchange (PBX)

Streaming Media Technology

Web-enabled Call Centers

Content Delivery Network (CDN)


Unified Messaging

Business Applications

Application Servers

Database Servers

Web Servers


Enterprise Resource Planning (ERP)


Enterprise Application Integration


Content Management

Data Warehousing

Business Intelligence Tools

Development Tools

Once you've developed your high-level (and perhaps mid-level) WBS tasks, you can continue developing additional underlying detail as you would any WBS development process. Don't worry about defining the tasks in the correct order. The order in which tasks should be done will be determined later when you're creating your project schedule.The tasks will be undertaken based on dependencies, constraints, and available resources, so spending a lot of time ordering tasks at this point is usually unproductive. That said, there is usually a linear order in which we think about tasks; if keeping them in some semblance of order helps ensure you don't overlook any major or minor tasks, that's fine. Numbering the tasks at this point will help you keep track of them. If desired, you can re-

number your tasks when you believe you have your final WBS, but don't expect numbers tasks to be performed sequentially once your project gets underway.

Was this article helpful?

0 0
Project Management Made Easy

Project Management Made Easy

What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.

Get My Free Ebook

Post a comment