Page 1 of 2 12 LastLast
Results 1 to 10 of 12
  1. #1
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002

    IT/Security Project Proposal

    Hi AO!

    I need a little bit of advice. Hopefully this is in the right forum.. not too sure if you would call this a security post or not...

    Recently, I have found a couple of weak points in our network and policies that I would like to strengthen.

    These weak points are not directly security vulnerabilities, but more policy and implementation. Some of them include things such as patch management and deployment, certain policies and etc that could use a little attention.

    Seeing that I am low man in the chain here... I have little authority to just start working on these things without permission or authorization. I need to write up a couple of proposals to get authorization to attend to such matters. I have brought some of these matters to managements' attention over informal meetings... but I seem to get the cold shoulder.

    My education thus far has been geared mostly towards the technical aspect of IT.
    Therefore, I have no experience in writing and submitting proposals. I have not had a need for it in the past. In my current college program, we don’t cover management duties. We just focus on the technical aspects of IT. The management aspect is a different degree and I plan on getting that after I finish my technical degree. One step at a time…

    I know we have several people here on AO that do this on a regular basis and I would like to find some examples. Do any of you have any templates that you use for a project proposal that you would be kind enough to share with me? I will only use them for reference.

    I have found a couple of websites that have some examples, but they are not related to IT. I would like to show the pros/cons of how things currently are and the pros/cons of how I want them to be. I want to give info on why it is an important project, what benefits, how much time and money it can save us or cost us, risk, etc.

    I have been researching these projects and know what I want to say… it’s just how do I say it?

    If you prefer to converse via PM, I would be happy to do so.
    Thanks in advance for any reference/resouces you can provide.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Redondo Beach, CA
    Hrmm.. well some suggestions on the how of the proposal:

    - bottom line is everything to those above you (i.e., managers, VPs, etc.). They are concerned with $$ so what you will probably need to do is identify what cost savings might be incurred if followed or what security risks might be open if not followed (BTW, this stuff does fall under Security since I had some CISSP questions on them.. )

    - formatting and good english make all the difference in the world (reality is that first impression is the one with the biggest impact). I have students follow this as their "template" for handing in proposals:

    • Executive Summary: should state everything in the proposal in 3-5 paragraphs, easy to read, bottom line reasoning -- mean for busy executives; details should be in the body of the report

      Introduction: ie., why on earth do this proposal; purpose, etc.

      Body: details, details, details -- Here's where things like detailing how the bottom line was reached, noting what other companies in the same industry have done this and how they got the "competitive" edge, etc.; BTW, use colour graphics, be thorough in finding typos (nothing degrades a proposal more than grammatical errors).

      Conclusion state YOUR opinion as to the direction the company should go, don't be wishy-washy about it either

    - Book a formal meeting with the managers. Either start with your immediate supervisor or go to the Manager that would be responsible for it. Be careful however. Politics is rife within the management area. You don't want to come off as arrogant, know-it-all, etc. Statements like "Your department would do better if you just followed this.." won't go over well. A statement like "Your department is doing amazing and this will probably help them even more.." might go over better.

    I'll go look for my old security policy submittal I did. It had a proposal as to why a security policy was necessary and the impact it would have on the company overall.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    Senior Member
    Join Date
    Feb 2004
    Near Manchester (England)

    To Add to MSMittens' Post...

    I think MSMittens has got it right.

    The executive summary is the crucial point. I would suggest you make it short, informative, and as (technically) simple as possible - this is the hardest part. Don't know if this will help, but our managers like to read bullet points, something they can scan read to get the salient points.

    Also helpful would be to outline the issue and present several solutions. Recommend one solution and justify why, using cost against benefits.

    Hopefully, you'll get the go ahead. Good luck.
    Tomorrow is another day for yesterdays work!

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Thank you for the input. I am getting on the right track. I don't have too much time at work to do this at the moment, so I'm going to have to concentrate on it more at home. I think this will come off as more of a surprise to them than anything... I would never normally do something like this... but I feel it is necessary. I think it is the only way for me to be listened to.

    Thanks again for the input.
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Senior Member RoadClosed's Avatar
    Join Date
    Jun 2003
    In addition I would define a SCOPE of the project so they understand Exactly what it is you are doing and where it will stop. Normally that answers a lot of quesitons up front. And make sure you detail a solution, or solutions if varying solutions will fix a given issue. Very quck:

    Execitive summary (cover page)

    No detail! We need new antivurus software at a cost of 1000 bucks. buying software will reduce help desk time and protect privacy of customers.


    This applies to IT, operations, executive staff etc.


    100 help desk calls involve virus infections. Technicians are swamped with cleaning PCs when a little preemptive measures detailing 2 man hours per week could save 10 manhours per week.


    Purchase and implement antivirus software from Virus-Aint-US .com. For each dollar of cost there is a savings of 5 percent. Bla bla bla. Attach chart of savings versus known infections.
    Sometimes it could be better to place the scope at the bottom after the solutions because after they read the prolem and the solutions the scope would show who it applies to and could emphesize things depending on the nature of the issue.


    Or if the problem is severe because it's huge (in scope), the scope can come after it to show who it applies to right after the problem. Could be a small problem large in scope for instance.

    We are in trouble
    It applies to the entire corporation and would take 5 years to fix (big commitment)
    Step one
    Step Two
    Step etc.

    It depends on how you need to obtain their interest and keep it. You know already they will give you a cold shoulder if that interest is not obtained.
    West of House
    You are standing in an open field west of a white house, with a boarded front door.
    There is a small mailbox here.

  6. #6
    Elite Hacker
    Join Date
    Mar 2003
    Sheesh, I didn't know it was so complicated. I would think you could just be like "look fools, this is bad" :P. That is obviously way off though. I'll keep this thread in mind if I ever have to write proposal about something.

  7. #7
    Senior Member
    Join Date
    Mar 2004
    As has already been stated, SCOPE definition is very key.

    Without a detailed project plan with each step outlined with specific detail, the scope can and
    almost always WILL creep and morph into each managers idea of how things are supposed to be.

    For me, I insist the project plan proposed is set in stone, ANY changes not defined in the
    project plan are above and beyond or out of scope and will require an additional project or
    a current project amendment which clearly differentiates the original from the requested changes.

    Good luck with you ideas!!

  8. #8
    Join Date
    Mar 2004
    Ya h3r3tic, it can be worse also...

    Middlemanagement folks some of the time don't do anything but watch over and make sure that other people are doing work. They love paperwork even if they complain about it. It can make them look busy and like they actually do 'work'. If they look busy and can show 'work' was done, then uppermanagement will not interfere with their day to day operations.

    If one of the 'workers' wants to do something that is out of their job description (if they even have one) then middlemanagement wants paperwork, usually so they can put their name on it if it may lead to 'good things' (raises, promotions, etc..) and if it doesn't perform to expectations, then they can fall back on that they didn't write the submission and the author didn't outline the pro and con's properly which the author should have done. Its a big game of cover your butt. The bigger the company, the worse it can be if there are no set policies in place.

    I have a former roomate that had to fill out 2 hours of paperwork to do a job that would take 5 minutes of his day.

    Since you have the time, I would write up your submission and then pretend you are a tightwadded uppermanagment slimeball that hates new ideas. Then go thru your submission and try to see what they may see as negative stuff that won't help the bottom line. Try to put in points that spending $ now will save more in the future (anti-virus is a good example, paying for licenses VS the possibility of getting fined BIG BUCKS [it does happen], and other things you can strengthen your case).

    If it doesn't involve alot of $ but alot of manhours, try to translate that into money line items. A man hour can equal $20 an hour x 40 man hours (1 week) = $800 of spending to save 80 of manhours down the line reprogramming something later or downtime (the cost of having a certain number of people getting paid, but not working because of a broken system) can add up FAST).

    Good luck!


  9. #9
    BS, EnCE, ACE, Cellebrite 11001001's Avatar
    Join Date
    Mar 2002
    Just West of Beantown, though nobody from Beantown actually calls it "Beantown."
    Wow I sat down to look at this and respond this morning right after it was posted. I got called away, and I see you now have lots of advice.

    Oh well, here's what I put together, for what it's worth...

    One thing I've learned is that Managers like lists and figures. They like to know how much things will cost and how much money other things will save.

    Whenever I've had to do something of this sort, I've always put it into a memo format. I have found that works best for me, as my office has no set policy for proposals, etc.

    I usually break down my memos into the following sections:

    Intro - Describe the problem. A broad overview goes here.
    What's OK with right now - Self explanatory.
    What's wrong with right now - Now is when you go into details. You always want to make this part longer, and more detailed then the above section. This is where you have to convince the jury that things need to be chnged, not stay the same.
    What you want to change and most importantly why you want to change it - This is where you explain your proposal in detail. Break down what you want to do, even step by step. Try to show the non-monetary benefits, that way if the cost is somewhat high, you can rightly justify it.
    Cost Analysis - break down the dollars and cents. tell them how much they'll spend up front, but emphasize how much they'll save in the long run.
    Conclusion - Clinch it. Convince them that they should make the changes you've proposed by highlighting your report. You shouldn't just repeat everything you've said, because you'll insult the intelligence of the higher-ups. Put a spin on your intro and place it here.

    Like MsM said, schedule a meeting with the bosses so you can sit down with them and go over the memo point by point. If it helps, make the memo slightly vague and bring visual aids with you (powerpoints are always good) to help drive the message home.

    Attached is a sample proposal I drew up this morning for you to take a look at, in case I'm not very clear....

    Good luck!
    That's Officer 11001001 to you...
    Now you see me | Now you don't
    "Relax, Bender; It was just a dream. There's no such thing as two." ~ Fry
    sometimes my computer goes down on me

  10. #10
    Join Date
    Mar 2004
    mmmm chicken.....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts

We have made updates to our Privacy Policy to reflect the implementation of the General Data Protection Regulation.