What do diverse situations like the Battle of Trafalgar (1805), the Cooley\u2013Tukey FFT algorithm (1965), and the multi-sided market competition have in common? They are all examples of big or complex problems divided into smaller and more manageable pieces to reach a winning solution. This is a strategy called \u201cDivide and Conquer.\u201d<\/p>\n
Like war, signal processing, and marketing competition, information security also deals with a complex situation: protecting information in all its forms and in all locations where it is stored or passes through. In this article, I will present you with a concept based on \u201cdivide and conquer\u201d that can be very useful, especially for bigger companies, while implementing ISO 27001<\/a>\u00a0security controls: the Work Breakdown Structure (WBS).<\/p>\n Originating from project management practices, the Work Breakdown Structure (WBS) is defined by the Project Management Body of Knowledge (PMBoK) as \u201ca deliverable-oriented hierarchical decomposition of the work to be executed by the team.\u201d<\/p>\n A deliverable is any tangible or intangible object produced by a project that is intended to be delivered to a customer. Examples of deliverables are a product, a service, or data. Deliverables may be decomposed into multiple smaller deliverables, also called components (e.g., parts of a product, functionalities of a service, or chapters in a report).<\/p>\n Normally, a WBS is presented graphically in the form of a tree of elements, with the main deliverable at the top, the deliverable components in the middle part, and lists of activities to produce the deliverables at the bottom. Another way to present a WBS is as an indented list. See examples of these presentations at the end of the article<\/p>\n In terms of information, deliverables and components are specified in terms of requirements to be fulfilled, while activities are specified in terms of resources needed, like time, equipment, and cost.<\/p>\nWhat is a Work Breakdown Structure?<\/h2>\n