Planning for security Microsoft View www.microsoft.com
Introducing Planning Documentation Day-to-Day Documentation Capacity Plan Deployment Plan Security Plan Pilot Plan Test Plan
Day-to-Day Documentation Create the project structure documents Use and revise throughout the remaining project phases Benefits of the documenting processes Manage change Identify opportunities Coordinate and prioritize individual projects Assess current state of technology Eliminate duplication of effort Share analysis and assessment
Capacity Plan Web Server Telephone Line T1 Line 90 KB 28.8-Kbps Modem Internet 25-Second Download Time
Deployment Plan Key areas Techniques can be… Installation strategy Phased or all at once, site by site or department by department, push or pull Contingency planning Parallel systems, or full backup with restore capability Site/line-of-business All at once during planning phase, or site by site during deployment phase Deployment mechanisms Fully automated network installation, partially scripted installation, or manual Deployment resources Internal IT staff, or contractors Systems support approach Tiered support, or pilot and roll out support
Security Plan Maintaining the integrity of the solution Data loss Denial of access Compromise of data, resources or services
Pilot Plan Key areas Techniques can be a… Pilot participant selection Focus on urgent business needs, the visibility or influence of user group, or the risk of failure Pilot scope Test of solution functionality and deployment processes, or full test of solution and deployment processes Number of pilot participants Small number of participants, or an entire department or entire site Number of pilot projects Complete network installation, partially scripted installation, or manual Deployment resources Single or multiple allocation of resources Pilot feedback mechanisms One time only planning phase, or site by site during deployment phase
Test Plan Key areas Techniques can be a… Types of testing to be performed Unit test, integrated system test, performance test, stress test, usability test, and regression test Test format and success criteria Fully documented test scenarios and test results, and informal testing with verbal agreement from key stakeholders Change control Programmatic check-in of a change management process Configuration management Centralized management of hardware, software, and documentation standards, and local management of configurations Issue and bug tracking Prioritization of issues, and tracked in bug-tracking database, or issues tracked through e-mail
Development and Test Environment Process Production Establish the baseline Decrease the risk of unknown variables Prepare and synchronize the environments Provide guidance and determine functionality of both environments Track environment states Set up system to accurately track environmental states