Best IT Blog

Patch and Vulnerability Research Resources


This procedure was developed to identify and evaluate system and application vulnerabilities through research. This document defines accountability and a process that shows where to look for vulnerabilities that affect [Client] and how to access [Client] personalized resources. By adhering to the following guidelines, [Client] keep abreast of new vulnerabilities, exploits, viruses and worms. The primary party responsible for complying with these procedures is the Risk Management’s Information Security Officer (ISO). Instructions for the frequency at which the ISO (or designee) should be checking these resources is listed below.


Source Documentation/Information

  • Cassandra Incident Response Database A website developed by the Center for Education and Research in Information Assurance and Security (CERIAS). This site allows security professionals to build a profile that lists the vendors and OS’ that apply to their infrastructure. The site gets its information from the ICAT database maintained by NIST. This site is secured using SSL 128 bit encryption.


  • The Internet Storm Center Supported by the SysAdmin Audit Network Security Institute (SANS), a website that takes volunteered IDS logs from around the world (Over 3 million) and makes the statistics available on the internet free of charge. This web site is good to see what the top ten scanned ports are and the top ten IPs they are coming from.


  • CERT Current Activity The CERT Coordination Center (CERT/CC) was formed by the Defense Advanced Research Projects Agency (DARPA) in November 1988 in response to the needs identified during an Internet security incident. The CERT/CC is part of the Networked Systems Survivability (NSS) Program at the Software Engineering Institute (SEI), Carnegie Mellon University. The primary goal of the NSS Program is to ensure that appropriate technology and systems management practices are used to resist attacks on networked systems and to limit damage and ensure continuity of critical services in spite of successful attacks.


  • Secunia The Secunia Security Advisories list is free and designed for the IT professional who wants one source of information about the latest software vulnerabilities and security fixes. This site ranks the vulnerability based on a 1 – 5 ranking. Outstanding site for justifying the need for patches or mitigation.


  • SecureFocus BugTraq Vulnerability Forum The Bugtraq forum is a site that lists all correspondence relating to vulnerabilities that may or may not be verified. There is a process once items are entered into the Bugtraq Forum where CERT reviews submitted issues, evaluates them and gives them a candidate number. After thorough evaluation, if the candidate is a true vulnerability, it will receive a CVE (Common Vulnerabilities and Exposures) designation.

  • Microsoft Security Notification Service – Microsoft TechNet offers the Microsoft Security Notification Service. These e-mail messages are geared toward IT professionals and contain in-depth technical information. This information will state the date the problem was found, what the problem is and how to mitigate the problem. In many cases the bulletins list “Mitigating Factors” that may make the vulnerability non-applicable or may heighten the need for action. The bulletins also have patch information available such as if a patch is available, where to get the patch and what the patch does.


  • SANS Newsbites – The SANS NewsBites is a weekly high-level executive summary of the most important news articles that have been published on computer security during the last week. Each news item is very briefly summarized and includes a reference on the web for detailed information, if possible. Spend five minutes per week to keep up with the high-level perspective of all the latest security news. Each issue is delivered weekly by email, Free.


  • ICAT Database – The ICAT Metabase is a searchable index of computer vulnerabilities. ICAT links users into a variety of publicly available vulnerability databases and patch sites. ICAT indexes the information available in CERT advisories, ISS X-Force, Security Focus, NT Bugtraq, Bugtraq, and a variety of vendor security and patch bulletins. ICAT is maintained by the National Institute of Standards and Technology. The ICAT DB is Uses the CVE naming standard.
Comments Off on Patch and Vulnerability Research Resources

Sample – Word – AIX Pre – Post Upgrade Checks

Posted in Business (600),Projects (400),Security (1500) by Guest on the March 14th, 2016

Word – AIX Pre – Post Upgrade Checks



Comments Off on Sample – Word – AIX Pre – Post Upgrade Checks

Sample Word – POC Clinical Application VDI Desktop Integration

Free Word Document Download

POC Clinical Application VDI Desktop Integration


Comments Off on Sample Word – POC Clinical Application VDI Desktop Integration

Sample Word – POC Clinical Application VDI Use Cases

Free Word document download

POC Clinical Application VDI Use Cases


Comments Off on Sample Word – POC Clinical Application VDI Use Cases

Sample Excel – RISC Server Migration Tracking

Comments Off on Sample Excel – RISC Server Migration Tracking

Sample Excel – Security Architecture Resources

Posted in Projects (400),Sample - IT Spreadsheets - PowerPoints (251),Security (1500) by Guest on the November 17th, 2014
Comments Off on Sample Excel – Security Architecture Resources

HIPAA Healthcare Vendor Contract Analysis Review Example

Review of your IT Systems

  • Contracts,
  • Scope,
  • Service Level Agreements,
  • Business Associate Agreements,
  • And defined SLS and Business Associate Agreements and deliverables;
    • Review of current processes
    • And procedures to support compliance

The core fundamentals will be to identify ownership and performance to include:

  • Security patch management
  • Event logging
  • Event escalation
  • End-point security
  • Incident scoring and handling
  • Incident investigation process
  • Security investigations
  • Breach report metrics
  • Breach reporting process
  • Alert process handling
  • Alert notification

Review implemented technology solutions to assess the effectiveness in support of the preferred corporate security posture and compliance to include the design, implementation, effectiveness of:

  • Firewall architecture
  • Network architecture
  • SIEM
  • Event Log centralization and analysis
  • Service desk solution
  • Data Loss Prevention solution
  • Effective integration of these solutions 

Secure collaboration

  • Secure email process and/or procedure
  • Secure device use and control enforcement to manage corporate data
  • BYOD posture and Acceptable Device Use agreement
  • User privacy communications and executable agreement 

Management review of current program

Identify the documented contractual commitment to the solution processes currently in place to include:

  • Vendor provided organizational effectiveness
  • Established processes, core values, and attributes to accomplish security goals and objectives
  • Clear definition of the roles and responsibilities of the vendor partners and corporate team
  • Administrative and functional structure to determine resource assignments and coverage of the processes required of the corporate security program
  • Knowledge of the processes necessary for the vendor partners to accomplish their tasks.
  • Analysis and mapping of who, what and where to the overall corporate security program design, fulfilled with a GAP report as appropriate



Program Analysis and recommendations phase

Provide a spreadsheet mapping outcome GAP, RISK and Recommendations. Compare and contrast corporate security posture to:

  • Corporate policy
  • NIST
  • MARS-E and
  • FedRAMP (FIPS 199)
Comments Off on HIPAA Healthcare Vendor Contract Analysis Review Example

Sample Excel – Exchange Upgrade Project Plan

Comments Off on Sample Excel – Exchange Upgrade Project Plan

Sample Excel – Weekly Change Management Rule Summary

Comments Off on Sample Excel – Weekly Change Management Rule Summary

Sample Word – PGP Deployment Guidelines

Posted in Firewalls (75),Projects (400),Security (1500) by Guest on the November 7th, 2014
Comments Off on Sample Word – PGP Deployment Guidelines

Sample Word – Imprivata Deployment Guide

Posted in Health Care HIPAA - HITECH - HITECH (98),Projects (400) by Guest on the November 4th, 2014
Comments Off on Sample Word – Imprivata Deployment Guide

Sampe Word – Configuring PGP for VeriSign OnSite

Posted in Policies - Standards (600),Projects (400),Security (1500) by Guest on the October 26th, 2014
Comments Off on Sampe Word – Configuring PGP for VeriSign OnSite

Project Lift Plan Template

Posted in Compliances (1300),Projects (400),Security (1500) by Guest on the April 8th, 2014

Project lift plan template will be developed during the Architecture phase prior to the first detail design effort.

Network Convergence

Due to the state of organization’s aging voice network infrastructure, the organization would benefit from a network convergence initiative.  This project would replace the organization’s voice infrastructure with equipment that enables the transmission of voice traffic over the organization’s data network.  The primary benefits of such an initiative are:

  • Reduction in platforms / asset costs due to consolidation
  • Reduction in maintenance of separate telephony and data networks
  • Reduction in voice network costs (i.e. toll bypass, administrative savings, MAC reductions)
  • New communications services like video conferencing, remote collaboration tools and distance learning
  • New messaging capabilities (i.e. unified messaging)
  • Ability to deploy new applications that enhance customer service operations
  • Enhanced revenue opportunities through advanced communications and contact center services

The feasibility of a network convergence project and the associated business case would be analyzed during an assessment period.  The convergence assessment would last 6-8 weeks.  The network convergence assessment would include the following activities:

  • Assessment of existing voice and data infrastructure
  • Investigation of calling patterns and volumes
  • Evaluation of relevant capital and operational expenses
  • Identification of State-specific value propositions
  • Creation of business case and deployment roadmap

Upon the completion and acceptance of a positive business case, a network convergence implementation project would be initiated.  This project would deliver the converged network environment and realize the benefits and efficiencies outlined in the business case.  Typical annual savings resulting from Network convergence projects range from 20% – 30%.


Comments Off on Project Lift Plan Template

Materials Project Planner Checklist

Posted in Projects (400) by Guest on the April 7th, 2014

Materials Project Planner: Review for effect on current and planned production builds. Review for impact on inventory, requisitions, and material costs

o  Can the recommended effectivity be supported?

o  Is the description of change clear? Are the redlines clear and complete?

o  Will existing stock require rework? What is required to accomplish this? Cost?

o  Will any stock have to be scrapped? What is the cost?

o  What is the impact of the change on WIP? Where is it at?

o  Should WIP be moved to specific operation(s) to ensure the change is properly incorporated? Where?

o  What are the potential production delays due to any material changes?

o  Are any requisitions affected? What action(s) will be taken?

Comments Off on Materials Project Planner Checklist

Manufacturing Engineer Checklist 2

Posted in Projects (400) by Guest on the April 3rd, 2014

Manufacturing Engineer: Review for effect on current and planned production builds. Review for impact on inventory, requisitions, and material costs

o  Can the recommended effectivity be supported?

o  Is the description of change clear? Are the redlines clear and complete?

o  Will work instructions (WI) require updating? Which ones?

o  Will any other assemblies be affected?

o  Will the route be affected?

o  What is the effect on the Hours per Unit (HPU)?

o  What is the impact of the change on WIP? Where is it?

o  Will additional training be required?

o  Are additional tools or fixtures required, including solder stencils? Any special equipment required?

o  Are machine programs affected? Which ones?


Comments Off on Manufacturing Engineer Checklist 2

Sample Visio – A Five (5) Phase Project Methodology Flow

Posted in Policies - Standards (600),Projects (400),Security (1500) by Guest on the November 22nd, 2013

The approach is described below. 

Depending on the nature of the project, some of the phases may not be part of the scope of the project.

Free Sample Visio download

 Phase Project Methodology

Discover Phase

During the Discover phase, the project team works closely with you to fully understand the technical and business drivers. We ask many questions to ensure that all parties are on the same page.  By the end of this phase, we establish the requirements for the solution(s). 

Decide Phase

The Decision phase begins an iterative process to determine how much business functionality can be delivered in an agreed upon timeframe, at an acceptable budget, to meet the mutually established expectations. 

Design Phase

The Design phase encompasses the main focus of the effort. This phase is where the concepts begin to take shape.  The solution is architected based on user requirements captured during the requirements phase and our understanding of the business problem.  A detailed project plan is also developed as part of the design phase.  The architected solution and the detailed project plan define the roadmap for the next phase. The output of the design phase is a design document. 

Develop Phase

The Develop phase finalizes the work done in the Design phase.  During this phase, the solution is built and tested.  We collaborate with you to ensure that all aspects of the solution have been or will be met. Training may be part of this phase or part of the Deliver phase.  At the end of this phase, we finalize the implementation plan and schedule. 

Delivery Phase

Delivery is the last phase in the cycle that includes implementing the solution in the production environment and continued support.    This phase culminates with a final verification that the business functionality was delivered in the agreed upon timeframe, within the agreed upon budget, and met the mutually established expectations.


Comments Off on Sample Visio – A Five (5) Phase Project Methodology Flow

Sample – End To End implementation “Managed Service Provider” Considerations

Posted in Projects (400) by Guest on the October 10th, 2013

“Managed Service Provider” engages in opportunities with the clear intent to leverage delivery distributed teams. 

Engagements are typically structure in various models

  • Time and materials (T&M) – hourly rates
  • Fixed Price – Scope and costs are constant
  • Performance Based — SLAs or similar performance measures are layered on T&M or fixed model. 
  • On-Demand/Transaction based – example, fixed fee for simple, medium, complex trouble-ticket management. 
  • Value Based – portion of our fees are linked to business value delivered.
  • Offshore Development Center – Dedicated facility, personnel and hardware and software to support long term client relationships; various combinations of above models used. 

Factors taken into consideration for the engagement model and geographic / staffing decisions are

  • Nature, duration and complexity of engagement
  • Stability of the existing systems and processes in consideration
  • Business drivers (cost cutting vs. capacity enhancement vs. one off project)
  • Strategic level of the relationship 

“Managed Service Provider” advises clients to follow a highly integrative process of delivery models having a combination of onsite-offshore resources. The offshore resources are located in low-cost geographies. Almost all projects can be executed or evolved to this methodology. 

Onsite-offshore model

This involves a combination of “Managed Service Provider” staff working out of the client location and out of “Managed Service Provider” development centers offshore. The onsite personnel primarily act as project managers and coordinators – collecting requirements, planning and prioritizing work in consultation with client management, attending to critical issues which require urgent responses and facilitating communication with the offshore teams. 

How Works ?

“Managed Service Provider” centered around an intelligent work breakdown strategy through which project tasks are broken down at an atomic level based on certain factors and each task is executed at a location that makes the best sense. The factors considered include:

  • Lifecycle stage of the project
  • Extent to which any task or activity can be isolated from other tasks or activities
  • Extent of user / client partner’s involvement required
  • Extent of collaboration required between “Managed Service Provider” and client IT teams
  • Extent of knowledge gained by “Managed Service Provider” team
  • Need for any specific tools, interfaces or connectivity 

The delivery model utilizes time and geography to its advantage and provides a 24-hour work day and faster time to market.

  • Onsite team’s responsibilities include:
  • User Clarifications
  • Clarification on requirements & design
  • Change Management
  • User Acceptance Testing 

Offshore team’s responsibilities include:

  •  Project Management
  •  Code Changes
  •  Testing
  •  Documentation 

Onsite team utilizes some of its after office hours to make phone calls to the off-shore team to ensure complete understanding of tasks. The offshore team usually has responds with an email or phone call at the end of his day for any clarifications or issues. This way, the baton passes between onsite and offshore seamlessly.


Comments Off on Sample – End To End implementation “Managed Service Provider” Considerations

SAP – What is your Risk Management Technique / Methodology?

Posted in Compliances (1300),Projects (400) by Guest on the September 1st, 2013

The following section depicts the key risks and mitigation steps as identified by “Managed Service Provider” for typical engagements. The key risks will also be a part of status communication at various levels with the client team. 

Scope change during project       

  • Clearly defined baseline scope prior to commencement of engagement
  • Clearly defined procedure for scope change management
  • Regular and periodic planning of the development workload in advance to minimize load fluctuations 

Inadequate understanding of applications/systems/business processes  

  • Regular Knowledge transfer between functional team & “Managed Service Provider” development team.
  • Involve “Managed Service Provider” in functional team if possible
  • Formalize procedure for assistance from functional team in specification and test plan reviews
  • Continuity of key “Managed Service Provider” resources during the entire engagement 

High onsite presence requirement might lead to lower cost benefits          

  • Have a proven onsite-offshore balance for this engagement 

Lack of clarity of roles and responsibilities and unavailability of key client resources     

  • Clear mapping of roles and responsibilities
  • Clear documentation of Operating Procedures to define flow of work between various parties
  • The resource requirement would be communicated to clients at the start of the engagement
  • Not meeting project requirements due to delay in connectivity set up and bandwidth issues
  • Start connectivity set up as soon as contract is signed
  • Plan for redundant network connections (“Managed Service Provider” standard practice to use VPN’s, etc.)
  • Propose a faster link in order to have faster connectivity between offshore development centre and client network. The bandwidth requirement needs determined during planning stage or before and to be reviewed periodically. 

Cultural Differences

  • Key client personnel to attend cross cultural workshops
  • “Managed Service Provider” resources to undergo ‘Cross cultural sensitivity’ training 

Informal incident and issue resolution process

  • During initiation, formalize issue resolution process
  • Identify most frequent types of issues/problems and agree upon resolutions for these 

Attrition Risk

  • Please refer to Section 3.6 for our approach to mitigate attrition 

“Managed Service Provider”’ Project Management methodology has been created and fine-tuned on the basis of several thousand years of project experience. The Project Management methodology draws on industry standards and best practices. “Managed Service Provider” Project management process is an integral process that spans the entire project life cycle. 

The approach revolves around Methods, Tools and metrics designed specifically for effective management of large scale, global programs. Our approach is consistent with the Project Management Institute (PMI) body of knowledge on project and program management. Our methodologies are designed to manage six core program processes: 

  • Scope Management
  • Program Planning
  • Cost Management
  • Quality Management
  • Resource Management
  • Risk and Issues Management 

This toolsets enable management and control of these processes. Key features include: 

  • Collaborative partnership with Service Recipient and SAP for effective governance.
  • Methods, tools, and metrics that are designed specifically for effective management of large scale, global programs.
  • Consistent with SAP’s ASAP Methodology and the Project Management Institute (PMI) body of knowledge on program and project management 

Testing Tools: Some of the test tools we have used for different types of testing as part of our SAP engagements are Load runner, Mercury Test Director, Rational Test Studio, Rational Performance Studio, Win Runner 

Communications Methodology

“Managed Service Provider” believes communication management for global delivery is extremely important and needs to be planned and executed for the success of a global delivery project. A typical “Managed Service Provider” communication management plan for the project will consist of: 

  • Communications Planning
  • Develop the project communications plan
  • Identify  who needs to see what information, when and how
  • Information Distribution
  • Conduct ad hoc performance reporting
  • Conduct regular project progress reporting
  • Close PMM phase/ASAP Roadmap phase
  • Close the project  
  • Performance Reporting
  • Administrative Closure 

The plan would also cover requirements for global delivery:

  • Differences in language (if any)
  • Time zone differences
  • Dependency on tools, software, etc. for regular communication


Comments Off on SAP – What is your Risk Management Technique / Methodology?

Sample Visio – Project Role Resource Request Flow

Posted in Projects (400),Visio Samples - Stencils (457) by Guest on the August 31st, 2013

Free Visio document download

Project Role Resource Request Flow

Negative impacts of resources not assigned or improperly allocated 

Impact Timesheet 

Impacts Budget 

Impacts Finance 

Impacts Capitalization 

Impacts Allocations 

Impacts our Customers 

Impacts to your current and future revenue streams


Comments Off on Sample Visio – Project Role Resource Request Flow

IT Strategy and Technology

Posted in Compliances (1300),Projects (400),Security (1500) by Guest on the August 10th, 2013

Becoming customer-centric starts with Strategy and is supported with Technology Enablers.  Technology is a means to an end.  Not an end in itself.

Strategy and objectives identification.

  1. What is our overall mission? 
  2. The value proposition? 
  3. Marketing strategy? 
  4. How will loyalty models be utilized or trigger-based marketing?  

Develop the customer and business metrics and establish benchmarks

Marketing strategy identification

  • Confirm customer segments and sub-segments
  • Perform data modeling including migration, attrition, and acquisition
  • Marketing program and tactics identification
  • Develop pricing plan
  • Identify communication plans
  • Develop testing plan
  • Gather & prioritize business requirements for new functions

High Level Work Streams Sample


Assessment Phase Solution Design Program Initiation
Business requirements gathering System architecture design Program Management Office
Source Systems Analysis   Meta data Define roles, quality control, standards
Organizational assessment   Data flows  
    System components Roadmap
  ETL Requirements
Tool recommendations Phases
Develop conceptual data model Timeline
Refine/Prioritize business requirements Organizational Readiness
Tool selection Benefits

Project Plan


Road Map


Comments Off on IT Strategy and Technology

Sample – Application Maintenance and Project Support Methodology

Posted in Application (380),Projects (400),Security (1500) by Guest on the June 30th, 2013

“Managed Service Provider” provides maintenance services for its clients Application Systems that cover a wide range of technologies and businesses, and are typically critical to a client’s business. Our consultants take a proactive approach to Application System maintenance, by focusing on long-term functionality, stability and preventive maintenance to avoid problems that typically arise from incomplete or short-term solutions. This approach, coupled with our quality processes, allows our clients to continually reduce recurring maintenance costs. While we perform most of the Application System maintenance work using secure and redundant communication links to our client’s systems, we also maintain a team at the client’s facility to coordinate certain key interface and support functions. 

We believe that a matured support plan would lay the foundation for an effective application maintenance and development support framework for our clients. 

Project Initiation Phase

  • To define the scope of work for onsite/ offshore
  • To translate client’s objectives into detailed SLAs, procedures and guidelines
  • To develop connectivity and infrastructure plan 

Knowledge Transfer Phase

  • To understand client’s business and technical environment
  • To understand systems to be maintained and supported
  • To draw up detailed plan for maintenance and support

Knowledge Acquisition 

Activity Description
Business Overview
  • Team will get to know the Top level functionality
  • Main Processes will be discussed during this phase
Technical Overview  
  • Team will get an understanding on Technical Architecture
  • Development Environment will be discussed
  • Team will understand the History of maintenance and problem logs
  • Standards, Testing and Acceptance procedures will be looked upon
Analyze existing system metrics  Team will analyze the existing metrics. Following are some of the metrics which will be analyzed during this phase:

  • Number of programs
  • Program performance
  • Present and planned support base
Planning  Once the above phases are completed, the team will plan for the following:

  • Maintenance Plan
  • Finalize Team
  • Structure (Onsite/Offshore/Offsite)
  • Fine tune team size
Connectivity  After the teams are finalized and the plans are made, following activity takes part:

  • Finalize Connectivity requirements
  • Establish connectivity from Offshore/Offsite
Finalize Service Levels  Service levels are discussed based on the historical data and the commitment from “Managed Service Provider”:

  • Quality metrics
  • Productivity metrics
  • Maintenance metrics
 Interaction with external teams  Once the service levels are finalized, the team will have interactions with the following team:

  • Operations council
  • Database Administrators
  • Change Control Board
  • Third Party Vendors


Comments Off on Sample – Application Maintenance and Project Support Methodology

Sample Visio – Sample Project Delivery Flow

Posted in Projects (400),Visio Samples - Stencils (457) by Guest on the June 12th, 2013
Comments Off on Sample Visio – Sample Project Delivery Flow

Sample – Project Level Metrics

Posted in Compliances (1300),Projects (400),Security (1500) by Guest on the May 21st, 2013

At the project level, the key parameters are timeliness, productivity, quality, availability and user satisfaction. The following table details the matrices, tools used and some illustrative target details. 



Measurement Tool


Illustrative Target

Timeliness ResponseTime TBD % of problems responded within the time to respond a problem    TBD
  Resolution Time TBD % of problems resolved within the time to resolve a problem TBD
Availability Online Availability Server Log + Internal Tool Availability of the online applications TBD
Quality Bug fix Rejection Rate TBD % of problems rejected which are resolved TBD
Production Back outs TBD % of fixes backed out from Production after Production Move TBD
Preventive Maintenance Throughput TBD % of fixes that are induced because of preventive maintenance TBD
Productivity Year-on-year improvements TBD % improvement in average resolution time TBD
User Satisfaction Stakeholder Satisfaction Survey Manual Qualitative measure of stakeholder satisfaction TBD


Comments Off on Sample – Project Level Metrics

Sample Word – Basic Template Technical RFI

Posted in Compliances (1300),Projects (400) by Guest on the May 13th, 2013
Comments Off on Sample Word – Basic Template Technical RFI

Simple – Approach to Starting an IT Security Project

Posted in Projects (400) by Guest on the April 30th, 2013

Project Task Activity

  1. Perform Project Kick-Off
  2. Document Project Organization and 

Success Factors

  1. Finalize Project Team Members
  2. Prepare For Kick-Off Meeting
  3. Arrange For Project Logistics
  4. Setup Project Electronic Filing System
  5. Conduct Kick-Off Meeting
  6. Initiate Project RFCs if needed
  7. Review/Familiarize With Standards
  8. Review Architecture Standards
  9. Review Batch Requirements
  10. Review Release Services Standards
  11. Review Change Services Standards
  12. Review Enterprise Architecture 


  1. Review Data Management Standards
  2. Review Security Standards
  3. Develop Customer Requirements
  4. Conduct Customer Requirements Meeting
  5. Analyze Current Business Processes
  6. Document Technical Requirements 

Task Activity

  1. Document Business Requirements
  2. Prioritize Requirements
  3. Obtain User Sign-Off On 


  1. Conduct Infrastructure Analysis
  2. Review Current Infrastructure
  3. Identify Target Areas For Improvement
  4. Research Alternative Solutions
  5. Identify Potential Vendors
  6. Gather Information From Vendors
  7. Evaluate Information From Vendors
  8. Select Solutions For Further Evaluation
  9. Prepare For Solutions Review Meeting
  10. Conduct Solution Review Meeting
  11. Conduct Solution Demos (If needed)
  12. Prepare For Solution Demos
  13. Conduct Solution Demos
  14. Conduct Solution Review Meeting 


  1. Manage Vendor Relations
  2. Maintain Dialog With Vendors
  3. Facilitate Q&A Between Project Team 


  1. Manage Vendor Expectations 

Task Activity

  1. Obtain Corporate Architecture Design Standards 


  1. Prepare Approval Documentation
  2. Obtain Approval From Architecture Office
  3. Obtain Waiver From AO Standards (if needed)
  4. Re-Propose Solution (if waiver request declined
  5. Model Potential Solutions In Test Lab
  6. Arrange For “Demo” Use Of Solutions
  7. Implement Solution In Test Lab
  8. Develop Testing Strategy
  9. Conduct Evaluation Testing
  10. Document Results Of Solution Modeling 

Task Activity

  1. Conduct Discovery Phase Gate Exit
  2. Develop Cost Estimate
  3. Conduct Discovery PM Review
  4. Update Project Files
  5. Asses Readiness For Design 

Phase 1

  1. Obtain Approvals To Proceed To
    1. Design Phase


Comments Off on Simple – Approach to Starting an IT Security Project
Next Page »