Chapter 5
Program Evaluation and Review Technique (PERT)
A diagramming technique developed in the late 1950s that involves specifying activities and their sequence and duration.
Gantt chart
A diagramming technique named for its developer, Henry Gantt, which lists activities on the vertical axis of a bar chart and provides a simple timeline on the horizontal axis.
Critical Path Method (CPM)
A diagramming technique, similar to PERT, designed to identify the sequence of tasks that make up the shortest elapsed time needed to complete a project.
security administrator
A hybrid position comprising the responsibilities of both a security technician and a security manager.
Work Breakdown Structure (WBS)
A list of the tasks to be accomplished in the project; the WBS provides details for the work to be accomplished, the skill sets or even specific individuals to perform the tasks, the start and end dates for the task, the estimated resources required, and the dependencies between and among tasks.
Security Education
A managerial program designed to improve the security of information assets by providing targeted knowledge, skills, and guidance for organizational employees.
security education, training, and awareness (SETA)
A managerial program designed to improve the security of information assets by providing targeted knowledge, skills, and guidance for organizational employees.
Projectitis
A situation in project planning in which the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts in the project management software than accomplishing meaningful project work.
security analyst
A specialized security administrator responsible for performing systems development life cycle (SDLC) activities in the development of a security system.
security technician
A technical specialist tasked with configuring firewalls and intrusion detection systems (IDSs), implementing security software, diagnosing and troubleshooting problems, and coordinating with systems and network administrators to ensure that security technology is properly implemented.
security watchstander/security staffer
An entry-level InfoSec professional responsible for the routine monitoring and operation of a particular InfoSec technology. Also known as a security staffer.
chief security officer (CSO)
In some organizations, an alternate title for the CISO; in other organizations, the title most commonly assigned to the most senior manager or executive responsible for both information and physical security. This job title may be used in lieu of "CISO"; however, when it is used to refer to a role that is superior to the CISO, the CSO is responsible for the protection of all physical and information resources within the organization.
information security program
The entire set of activities, resources, personnel, and technologies used by an organization to manage the risks to its information assets.
Scope Creep
The expansion of the quantity or quality of project deliverables from the original project plan.
security manager
The individual accountable for ensuring the day-today operation of the InfoSec program, accomplishing the objectives identified by the CISO and resolving issues identified by technicians. In larger organizations, a manager responsible for some aspect of information security who reports to the CISO; in smaller organizations, this title may be assigned to the only or senior security administrator.
Chief Information Security Officer (CISO)
The individual responsible for the assessment, management, and implementation of information-protection activities in the organization. The CISO is typically considered the top information security officer in an organization. The CISO is usually not an executive-level position, and frequently the person in this role reports to the CIO.
security awareness
The portion of the SETA program dedicated to keeping users conscious of key InfoSec issues through the use of newsletters, posters, trinkets, and other methods.
security training
The portion of the SETA program focused on providing users with the knowledge, skill, and/or ability to use their assigned resources wisely to avoid creating additional risk to organizational information assets.
Project Management
The process of identifying and controlling the resources applied to a project as well as measuring progress and adjusting the process as progress is made toward the goal.
chief information officer (CIO)
The senior technology officer responsible for aligning the strategic efforts of the organization and integrating them into action plans for the information systems or data-processing division of the organization. The CIO is typically considered the top information technology officer in an organization, and is usually an executive level position. Frequently, the person in this role reports to the CEO.