The Case for Integrating Information Security Management into the PMBOK® Guide
Abstract
In a world that is increasingly facing cybersecurity issues and planning to be a step ahead, it makes sense to incorporate information security as a gate for every change to be undertaken in an organization. This paper presents the case for introducing information security (along with a proposed Security Review Board to stimulate the thought process) as part of project management processes. It will also discuss how PMI’s widely adopted A Guide to the Project Management Body of Knowledge (PMBOK® Guide) framework can take a lead by incorporating information security into its Knowledge Areas and processes, along with a suggested case study on one approach to adopting information security in project management processes. While this especially addresses the area of information security, this can be easily expanded to incorporate security as a general topic in the PMBOK® Guide.
Introduction
While organization security is one of the vital elements of information management and maintenance, there is no formal approach to add information security as a key area of project management. Many organizations have security gates built into the design, risk management, or other phases or have security loosely tied up with the PMO; but no formal process or project management methodology has incorporated information security as a key area to target to provide guidance
Please log in or sign up below to read the rest of the article.
"Every child is born blessed with a vivid imagination. But just as muscles grow flabby with disuse, so the bright imagination of a child pales in later years if he ceases to exercise it." - Walt Disney |