Project Management

Please login or join to subscribe to this thread

PM's relation to IT security and governance

linkedin twitter facebook   Governance   Information Technology   PMO   Risk Management  
avatar
Anonymous
As a PM, what do you need to consider in relation to IT security and governance? For example, if testing is part of the project, PM would involve IT security to make sure test environment doesn’t contain any sensitive production data. Any other examples? Thank you
Sort By:
avatar
Samuel Vaddi Avon, In, United States
I think the answer would depend on the specifics of your organization. Core project management role and responsibilities are generally different from the IT Security and Governance role. The PM should look to that role for guidance. However, if your organization expects the PM to take care of both, then obviously your role would need to do both
avatar
Sergio Luis Conte Helping to create solutions for everyone| Worldwide based Organizations Buenos Aires, Argentina
You are not in charge of this. Your subject matter experts must be aware on this. As project manager you have to follow all process in secutiry and governance related to project. But you are not responsible for process related to product. Your subject matter experts are.
avatar
Anonymous
I agree: it's not PM's job and there is a Security/Governance function. However, at this point it is a joint effort by PMO and Security organization to come up with a document addressing what I described in the original post, thank you for your replies
avatar
Kelley Dean-Crowley Sr. Project Manager| Major Financial Firm Martinez, Ca, United States
I disagree. Risk Management and Stakeholder engagement are ABSOLUTELY part of the PM R&R.

Based on successful partnering with InfoSec at various companies, I would recommend very early engagement with these areas. InfoSec/Risk Management controls should be designed into a system for best success, and the best place to do that is in Planning, Requirements and Design.

Develop an ongoing relationship with the key stakeholders in this area so that you can brief them quickly on projects and assess the total impact early and check back often.

They are stakeholders just like any other and should be a critical part of any project, especially in this day and age, where the white hats are barely one step ahead of the black hats.
avatar
Anonymous
Kelley, great! Based on your experience of successfully engaging InfoSec, what do PMs need to know/plan in regards to Security and Governance?
avatar
Kelley Dean-Crowley Sr. Project Manager| Major Financial Firm Martinez, Ca, United States
Anon...I pretty much covered it. Engage them early, understand the requirements that they have.

IME, on developing projects if you bring them in late, total cost goes up due to refactoring to meet late requirements.

Bring them in early and often for better project execution, lower costs and better security.

Generally I find that it's frequently a conversation to cover off requirements or risk and then smooth sailing. When it comes to credential management or online security, it becomes more involved which is why I say...like any other stakeholder. Remember security is an intense and potentially costly affair, which is why you bring in the pros and follow their lead.

Please login or join to reply

Content ID:
ADVERTISEMENTS

If you can't convince them, confuse them.

- Harry Truman

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters