880 likes | 2.08k Views
Project Management and Information Security. Approaching Security as a project. Project Management. Information security is a process, not a project However, each element of a security program can be managed as a project (managed processes). Project Management.
E N D
Project Management and Information Security Approaching Security as a project
Project Management • Information security is a process, not a project • However, each element of a security program can be managed as a project (managed processes)
Project Management • The application of knowledge, skills, tools, and techniques to project activities to meet project requirements • Application to Security • Use of PMBoK • The Project Management Institute (PMI) Cert. • The Project Management Professional (PMP) • Certified Associate in Project Management (CAPM)
Example of a Project Management Team and Security • Members of the development team • Champion • Team leader • Security policy developers • Risk assessment specialists • Security professionals • Systems administrators • End users Management of Information Security, 3rd Edition
Project Management Book of Knowledge (PMBoK) Source: Course Technology/Cengage Learning
PMBoK KA – Project Integration • Project integration management • Includes the processes required to coordinate occurs between components of a project • Elements requiring integration: • Project Plan Development • Progress Monitoring • Revision Control • Resource Allocation Control
PMBoK KA – Project Integration • Project plan development • The process of integrating all of the project elements into a cohesive plan • Core components: • Work time • Resources • Deliverables
PMBoK KA – Scope Management Ensures that project plan includes only those activities necessary to complete it. • Major processes: • Initiation • Scope Planning • Definition • Verification • Change Control
PMBoK KA – Time Management Ensures that project is finished by identified completion date while meeting objectives Includes: • Activity definition • Activity sequencing • Activity duration estimating • Schedule development • Schedule control
PMBoK KA – Cost Management Ensures that a project is completed within the resource constraints Includes: • Resource planning • Cost estimating • Cost budgeting • Cost control
PMBoK KA – Quality Management Ensures project meets project specifications Includes: • Quality planning • Quality assurance • Quality control Software bugs account for about 40% computer systems failure
PMBoK KA – HR Management Ensures personnel assigned to project are effectively employed Includes: • Organizational planning • Staff acquisition • Team development Management of Information Security, 3rd Edition
PMBoK KA – Communications Management Conveys details of project activities to all involved Includes: • Communications planning • Information distribution • Performance reporting • Administrative closure
PMBoK KA – Risk Management Assesses, mitigates, manages, and reduces the impact of adverse occurrences on the project Includes: • Risk identification • Risk quantification • Risk response development • Risk response control
PMBoK – Project Procurment Acquiring needed project resources Includes procurement planning, solicitation planning, solicitation, source selection, contract administration and contract closeout
Projectitis Occurs when the project manager spends more time documenting project tasks, collecting performance measurements, recording project task information, and updating project completion forecasts than accomplishing meaningful project work
Project Mgmt Tools:Work Breakdown Structure • Work breakdown structure (WBS) • Simple planning tool for creating a project plan • Determine minimum attributes for each task • As the project plan develops, additional attributes can be added • Work phase after WBS is completed
Work Breakdown Structure: Determine minimum attributes for each task Table 1-2 Early draft work breakdown structure Source: Course Technology/Cengage Learning
WBS: Include additional attributes Source: Course Technology/Cengage Learning
Task Sequencing Approaches: PERT Source: Course Technology/Cengage Learning
Task Sequencing Approaches: PERT • Three key questions: • How long will this activity take? • What activity occurs immediately before this activity can take place? • What activity occurs immediately after this activity? • Determine the critical path • Slack time
Task Sequencing Approaches: PERT • Advantages • Disadvantages
Task Sequencing Approaches: Gantt • Gantt chart • Easy to read and understand; easy to present to management • Easier to design and implement than the PERT diagrams, yielding much of the same information • Lists activities on the vertical axis of a bar chart, and provides a simple time line on the horizontal axis
Task Sequencing Approaches: Gantt Figure 1-11 Project Gantt chart Source: Course Technology/Cengage Learning
Automated Project Tools • Microsoft Project • A widely used project management tool • Keep in mind: • A software program is no substitute for a skilled and experienced project manager • A software tool can get in the way of the work • Choose a tool that you can use effectively