Book:Comprehensive Guide to Developing and Implementing a Cybersecurity Plan/Develop and create the cybersecurity plan/Establish how the overall cybersecurity plan will be implemented

From LIMSWiki
Jump to navigationJump to search

5.9 Establish how the overall cybersecurity plan will be implemented


5.9.1 Detail the specific steps regarding how all the above will be implemented

Weeks, months, perhaps even years of planning have led you to this point: how do we go about implementing the details of our cybersecurity plan? It may seem the daunting process, but this is where management expertise comes in handy. A formal project manager should be taking the reigns of the implementation, as that person preferably has experience initializing change processes, evaluating milestones as realistic or flawed, implementing ad hoc revisions to the plan, and finalizing the processes and procedures for reporting and evaluating the implementation.[1] The manager also has the benefit of being able to ensure the implementation will stay true to the proposed budget and make the necessary adjustments along the way.[2]

5.9.2 State the major implementation milestones

In Martinelli and Milosevic's Project Management ToolBox: Tools and Techniques for the Practicing Project Manager, milestones and milestone charts are discussed as integral project management tools. They define a milestone as "a point in time or event whose importance lies in it being the climax point for many converging activities."[3] They go on to give examples of milestones, including deliverables, project phase transitions, extensive reviews, and external events. Deciding what the key milestones of plan implementation will be up to the project manager, but they'll likely consider traditional milestones or focus on the major synchronization and decision points along the entire process. This includes studying the dependencies in the various implementation steps and anticipating how they will converge, ensuring also that the milestones are adequately spaced and have received team input.[3]

5.9.3 Determine how best to communicate progress on the plan’s implementation

The project manager will also likely oversee dissemination of communications related to plan implementation. Without a doubt, internal stakeholders will want to be kept aware of the implementation status of the cybersecurity plan. When should IT go live with the improved firewall installation? Are the new password requirements going into effect later than expected? Has the training literature you handed out last week been updated to reflect the critical changes your staff had to make over the weekend? Keeping everyone in the loop will help build trust in the attempt to build cybersecurity culture into the workplace. This also means concise and comprehensible documentation is being made available and is updated as changes in implementation take place. This is all in addition to deciding how to best communicate implementation progress (e.g., reports, emails, meetings, project website).


  1. Cadmus Group, LLC (30 October 2018). "Cybersecurity Strategy Development Guide" (PDF). National Association of Regulatory Utility Commissioners. Retrieved 21 March 2023. 
  2. Lebanidze, E. (2011). "Guide to Developing a Cyber Security and Risk Mitigation Plan" (PDF). National Rural Electric Cooperative Association, Cooperative Research Network. Retrieved 21 March 2023. 
  3. 3.0 3.1 Martinelli, R.J.; Milosevic, D.Z. (2016). Project Management ToolBox: Tools and Techniques for the Practicing Project Manager. John Wiley & Sons. pp. 150–54. ISBN 9781118973202.