170 likes | 180 Views
IT Security Training Plan - How to and NOTs. Dr. Roger P. Quane FBI/NIPC 202-324-9179 gv59062@fbi.gov. Objectives. List the four steps of the planning process. Describe what is meant by “SWOT”. List three benefits to strategic planning. List two benefits to tactical plans.
E N D
IT Security Training Plan - How to and NOTs Dr. Roger P. Quane FBI/NIPC 202-324-9179 gv59062@fbi.gov
Objectives • List the four steps of the planning process. • Describe what is meant by “SWOT”. • List three benefits to strategic planning. • List two benefits to tactical plans. • Describe the difference among the following plans: Project; Tactical; and Strategic. • List two “bad” points to tactical plans.
Planning Process • Phase I - Determine where you are • Phase II - Decide where you want to go • Phase III - Establish an approach to achieve your goal, and implement • Phase IV - Evaluate against your projections
Where you are now • Strengths - areas of value within your organization. • Weaknesses - Liabilities within your organizations. • Opportunities - Favorable or advantageous circumstances that provide opportunities. • Threats - Possible risks that could threaten the viability and future success.
Who is your customers • STAKEHOLDERS • Individuals and/or groups that are significantly impacted by success or failure. • Primary Stakeholders • Secondary Stakeholders • Suppliers • Other Users
Types of Plans • Project Plans • Describe the detailed activities, responsibilities, and targeted completion dates required to complete a specific project. • Tactical Plans • Describe overall activities, measurable outcomes, responsibilities, and targeted completion dates required to succeed during a relatively short period of time. • Strategic Plans • Describe the overall directions and targeted outcomes required to achieve mission. Usually 3-5 year perspective.
Where are you going • Vision • Mental Picture of the future. • How it looks, feels and interacts with stakeholders. • Mission • Formal statement describing future direction or organization, consistent with values, goals and objectives of stakeholders.
Where are you going • Critical Assumptions • Assumptions upon which the organization bases future direction. • Critical Success Factors • Few, high-priority areas which organization must mange to be successful. • Outcomes • Observable results that provide evidence that success factors are being achieved.
INFOSEC Plans • Divide by type of program. • Education, Training, Awareness • Develop Strategic then Tactical then Program • Usually we go backwards • Develop evaluation as part of plans • Be realistic not optimistic • Management support • Not just lip service (See Proof - Manage up)
Good Points Makes you think into the future Relates Your plans to the organization plans Sets a “highway” for the future Tells you where you want to go Changeable Bad Points Hard to do You will be wrong Makes you plan toward what organization wants to do vs. what you want to do Sets a direction Changeable Strategic Planning
Good Points Makes you plan at least 18 months ahead Makes you think about specifics - early Evaluation criteria must be “real” Difficult to justify change in plan Bad Points Measurable against you Still outside immediate timeframe Evaluation criteria are “real” Hard to change - why didn’t you see it earlier. Tactical Plans
Good Points Sets an immediate course of action. Resources are defined Evaluatons are set Timeframe is set Goals are realistic Bad Points Not flexible Mission driven-not personnel Creativity is not encouraged Task/Task/Task Timeframe is not flexible Program Plans
Major Successes • Strong Management Support. • Return on Investment proven. • Future planning easier. • Changes in plan content were shown to be positive and efficient. • Future resources easier to obtain.
Major Failures • First plans were really “bad” in the vision area. • Relating mission to organization goals was very difficult. • Resources were way out of line. • Management still did not understand ETA Role - immediately.
The future is now • Planning is Critical. • From one who did not believe in planning • Do not over plan. • Implement change - yearly or so. • First plans are not perfect. • Documents are changeable - not “living”. • A VERY HARD TASK!!!!!!!!!!!!!!!
Test Questions • List the four steps of the planning process. • Describe what is meant by “SWOT”. • List three benefits to strategic planning. • List two benefits to tactical plans. • Describe the difference among the following plans: Project; Tactical; and Strategic. • List two “bad” points to tactical plans.