安达信咨询方法与工具资料库ecwp60.doc免费

Mr. Thomas Crowell Page PAGE 3 May 11, 1995 WORK PLAN The work plan for accomplishing the project objectives is based on five phases. The current project provides for meeting the objectives of the first three phases as detailed below. Assistance with Phases IV and V will be determined at a later date, and has not been included in the scope of this project PHASE ONE: Policy Development (5/15/95 - 6/19/95) Objective Develop a general security architecture that outlines the information security needs of the organization and presents the overall philosophy and approach to meeting these needs. Tasks Completed by Identify key BVP personnel throughout organization and conduct discussions/interviews to identify information security issues, concerns and requirements. (Mark and Steve) 6/8/95 Develop draft outline of information security policies standards and procedures and review with Tom Crowell for approval. (Steve) 6/8/95 Draft policies, standards and procedures circulated for review 6/15/95 and input. (Mark) Conduct discussions with current “ security administrator” and review 6/2/95 documentation regarding JDE and PRISIM security features. (Mark, Steve and Rebecca) Develop high level security framework for review and approval 6/9/95 by Tom and circulate for additional input. (Mark and Steve) Deliverables Information Security Framework 6/19/95 Information Security Policies PHASE TWO: Platform Security Setup (6/20/95 - 6/29/95) Objective Establish baseline security for general AS/400 system access, including models for user and group definitions, definition of object protection requirements, and documentation of administrative procedures to create and maintain userids. Tasks Completed by Determine current status of AS/400 system level 6/21/95 security and take corrective action on noted issues. (Steve and Mark) Define and create template for AS/400 userid by user class. Define 6/21/95 and create AS/400 user groups based on BVP o