Project Management and Information Security Approaching Security as

  • Slides: 27
Download presentation
Project Management and Information Security Approaching Security as a project

Project Management and Information Security Approaching Security as a project

Project Management • Information security is a process, not a project • However, each

Project Management • Information security is a process, not a project • However, each element of a security program can be managed as a project (managed processes)

Project Management n The application of knowledge, skills, tools, and techniques to project activities

Project Management n The application of knowledge, skills, tools, and techniques to project activities to meet project requirements n Application to Security – Use of PMBo. K n The Project Management Institute (PMI) Cert. n The Project Management Professional (PMP) n Certified Associate in Project Management (CAPM)

Example of a Project Management Team and Security • Members of the development team

Example of a Project Management Team and Security • Members of the development team – Champion – Team leader – Security policy developers – Risk assessment specialists – Security professionals – Systems administrators – End users Management of Information Security, 3 rd Edition

Project Management Book of Knowledge (PMBo. K) Source: Course Technology/Cengage Learning

Project Management Book of Knowledge (PMBo. K) Source: Course Technology/Cengage Learning

PMBo. K KA – Project Integration • Project integration management – Includes the processes

PMBo. K KA – Project Integration • Project integration management – Includes the processes required to coordinate occurs between components of a project • Elements requiring integration: – Project Plan Development – Progress Monitoring – Revision Control – Resource Allocation Control

PMBo. K KA – Project Integration • Project plan development – The process of

PMBo. K KA – Project Integration • Project plan development – The process of integrating all of the project elements into a cohesive plan • Core components: – Work time – Resources – Deliverables

PMBo. K KA – Scope Management Ensures that project plan includes only those activities

PMBo. K KA – Scope Management Ensures that project plan includes only those activities necessary to complete it. • Major processes: • Initiation • Scope Planning • Definition • Verification • Change Control

PMBo. K KA – Time Management Ensures that project is finished by identified completion

PMBo. K KA – Time Management Ensures that project is finished by identified completion date while meeting objectives Includes: • • • Activity definition Activity sequencing Activity duration estimating Schedule development Schedule control

PMBo. K KA – Cost Management Ensures that a project is completed within the

PMBo. K KA – Cost Management Ensures that a project is completed within the resource constraints Includes: • • Resource planning Cost estimating Cost budgeting Cost control

PMBo. K KA – Quality Management Ensures project meets project specifications Includes: • •

PMBo. K KA – Quality Management Ensures project meets project specifications Includes: • • • Quality planning Quality assurance Quality control Software bugs account for about 40% computer systems failure

PMBo. K KA – HR Management Ensures personnel assigned to project are effectively employed

PMBo. K KA – HR Management Ensures personnel assigned to project are effectively employed Includes: • • • Organizational planning Staff acquisition Team development Management of Information Security, 3 rd Edition

PMBo. K KA – Communications Management Conveys details of project activities to all involved

PMBo. K KA – Communications Management Conveys details of project activities to all involved Includes: • • Communications planning Information distribution Performance reporting Administrative closure

Stakeholder Analysis for Project Communications

Stakeholder Analysis for Project Communications

PMBo. K KA – Risk Management Assesses, mitigates, manages, and reduces the impact of

PMBo. K KA – Risk Management Assesses, mitigates, manages, and reduces the impact of adverse occurrences on the project Includes: • • Risk identification Risk quantification Risk response development Risk response control

PMBo. K – Project Procurment Acquiring needed project resources Includes procurement planning, solicitation, source

PMBo. K – Project Procurment Acquiring needed project resources Includes procurement planning, solicitation, source selection, contract administration and contract closeout

Projectitis Occurs when the project manager spends more time documenting project tasks, collecting performance

Projectitis Occurs when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work

Project Mgmt Tools: Work Breakdown Structure • Work breakdown structure (WBS) – Simple planning

Project Mgmt Tools: Work Breakdown Structure • Work breakdown structure (WBS) – Simple planning tool for creating a project plan – Determine minimum attributes for each task – As the project plan develops, additional attributes can be added – Work phase after WBS is completed

Work Breakdown Structure: Determine minimum attributes for each task Table 1 -2 Early draft

Work Breakdown Structure: Determine minimum attributes for each task Table 1 -2 Early draft work breakdown structure Source: Course Technology/Cengage Learning

WBS: Include additional attributes Source: Course Technology/Cengage Learning

WBS: Include additional attributes Source: Course Technology/Cengage Learning

Task Sequencing Approaches: PERT Source: Course Technology/Cengage Learning

Task Sequencing Approaches: PERT Source: Course Technology/Cengage Learning

Task Sequencing Approaches: PERT • Three key questions: – How long will this activity

Task Sequencing Approaches: PERT • Three key questions: – How long will this activity take? – What activity occurs immediately before this activity can take place? – What activity occurs immediately after this activity? • Determine the critical path • Slack time

Task Sequencing Approaches: PERT • Advantages • Disadvantages

Task Sequencing Approaches: PERT • Advantages • Disadvantages

Task Sequencing Approaches: PERT

Task Sequencing Approaches: PERT

Task Sequencing Approaches: Gantt • Gantt chart – Easy to read and understand; easy

Task Sequencing Approaches: Gantt • Gantt chart – Easy to read and understand; easy to present to management – Easier to design and implement than the PERT diagrams, yielding much of the same information – Lists activities on the vertical axis of a bar chart, and provides a simple time line on the horizontal axis

Task Sequencing Approaches: Gantt Figure 1 -11 Project Gantt chart Source: Course Technology/Cengage Learning

Task Sequencing Approaches: Gantt Figure 1 -11 Project Gantt chart Source: Course Technology/Cengage Learning

Automated Project Tools • Microsoft Project – A widely used project management tool •

Automated Project Tools • Microsoft Project – A widely used project management tool • Keep in mind: – A software program is no substitute for a skilled and experienced project manager – A software tool can get in the way of the work – Choose a tool that you can use effectively