Planning for securityMicrosoft View

www.microsoft.com

Introducing Planning Documentation

• Day-to-Day Documentation

• Capacity Plan

• Deployment Plan

• Security Plan

• Pilot Plan

• Test Plan

Day-to-Day Documentation

• Create the project structure documents– Use and revise throughout the remaining project phases

• Benefits of the documenting processes– Manage change– Identify opportunities– Coordinate and prioritize individual projects– Assess current state of technology– Eliminate duplication of effort– Share analysis and assessment

Capacity Plan

Web Server

Telephone Line

T1 Line

Internet

90 KB28.8-Kbps Modem

25-Second Download Time

Deployment PlanKey areas Techniques can be…

Installation strategy

Phased or all at once, site by site or department by department, push or pull

Contingency planning

Parallel systems, or full backup with restore capability

Site/line-of-business

All at once during planning phase, or site by site during deployment phase

Deployment mechanisms

Fully automated network installation, partially scripted installation, or manual

Deployment resources

Internal IT staff, or contractors

Systems support approach

Tiered support, or pilot and roll out support

Security Plan

• Maintaining the integrity of the solution–Data loss–Denial of access–Compromise of data, resources or services

Pilot PlanKey areas Techniques can be a…

Pilot participant selectionFocus on urgent business needs, the visibility or influence of user group, or the risk of failure

Pilot scopeTest of solution functionality and deployment processes, or full test of solution and deployment processes

Number of pilot participants

Small number of participants, or an entire department or entire site

Number of pilot projectsComplete network installation, partially scripted installation, or manual

Deployment resourcesSingle or multiple allocation of resources

Pilot feedback mechanisms One time only planning phase, or site by site during deployment phase

Test PlanKey areas Techniques can be a…

Types of testing to be performed

Unit test, integrated system test, performance test, stress test, usability test, and regression test

Test format and success criteria

Fully documented test scenarios and test results, and informal testing with verbal agreement from key stakeholders

Change control Programmatic check-in of a change management process

Configuration management

Centralized management of hardware, software, and documentation standards, and local management of configurations

Issue and bug tracking

Prioritization of issues, and tracked in bug-tracking database, or issues tracked through e-mail

Development and Test Environment Process

• Establish the baseline–Decrease the risk of unknown variables

• Prepare and synchronize the environments–Provide guidance and determine functionality of both

environments • Track environment states

–Set up system to accurately track environmental states

Development Test Production