Project Management

Please login or join to subscribe to this thread

I propose a new Knowledge Area? Project Security, what do you think?

linkedin twitter facebook  
avatar
George Lewis Program/Project Manager| DXC Technology Company Heredia, Costa Rica
I propose a new Knowledge Area? Project Security, what do you think?
Sort By:
< 1 2 3 >
avatar
George Lewis Program/Project Manager| DXC Technology Company Heredia, Costa Rica
from https://advisera.com/27001academy/blog/201...-27001-a-6-1-5/

How to manage security in project management according to ISO 27001 A.6.1.5

Security in project management is a completely new thing in the 2013 revision of ISO 27001 – many people are wondering how to set it up, and whether their projects should be covered with this control at all. Read this article to find the answers…

It is likely that you’ve heard that “the security of the information not should be seen as a product; it should be seen as a process.” This implies, among other things, that the security of the information is present in any establishment of the organization, being a pillar of the same, and serving as a cross support to the entire organization.
avatar
Sean Fuller Technical Account Manager| ECX Systems, LLC Tyler, Tx, United States
I think that's a great idea. When we implemented our current project management tool, we had to enable "Enhanced" permissions so project visibility could be controlled. For the most part, I am a big believer in transparancy in projects so everyone involved can stay informed but there are scenarios where information needs to be controlled and this topic seems to be generally poorly addressed in the project management world.
avatar
Sisca Yuliharyani Sr. PM Consultant | Chief Strategy Officer| Indonesia Bandung, West Java, Indonesia
Nice advice George, but i think maybe it was included in Project Risk Management. How do you think?
avatar
Deepa Kalangi Manager, Program Management, Author, Trainer| CVS Health Charlotte, NC, United States
Yes, it fully deserves a separate knowledge area for the main reason that many companies are now high on security...and it has to be #1 priority with increasing vulnerabilities, spams and hacks going on...But the only caveat is this area is vast, so carefully need to select the subject matter for a PM.
avatar
Sonali Malu Maharashtra, India
I do agree with your proposal, George!
avatar
Tim PM Project Manager| NHS Yes, United Kingdom
Agreed, although security is often an implicit inclusion this would give it the priority it really needs
avatar
Susan Reilly retired Morristown, Tn, United States
I am going to take a different tact on this subject. This is what I do for a living and I think you need to understand the value of the information, who is it valuable too and what you are really protecting. Are you using cutting edge technology? Are you going to file for a patent in the process of the project? Are you using current technology in a different way?

The information should be evaluated on the risk of loss and the type of loss, financial, claims or liability loss or reputational loss. How severe would the loss be and does it warrant protective measures?

There also need to be mechanisms in place to secure the project information and provide some training for the project team members. Can access controls be implemented. Have these measures been included in the project budget?

My feeling is we already include the pieces of what needs to be done in the knowledge areas we just need to more fully use what is already available, for example risk management, team training and education, using a document management system to organize the project documentation manually or with the assistance of a tool, and providing access to the project information based on the person's need to know.

What really needs to be done is raise the awareness of the need for security. Most of the breaches are actually caused by uneducated behavior. If you are trying to prevent leakage,education and training should be a priority, however if someone is really going to take the information for nefarious purposes it is very hard to stop them.
avatar
Renee Robinson PMO Director| C2G Orlando, FL, United States
I think it is a great suggestion and something we should all be well versed on, and continue to evolve in at this time. Intellectual property, corporate knowledge, and even PII do influence many aspects of modern projects and have had significant influence on certain projects I have worked on.
avatar
John Tieso Author, Lecturer in Business Management| The Catholic University of America, Busch School of Business & Economics Arlington, Va, United States
George: You are a man after my own heart. I have argued for security as an area for years. Now, this particularly due to my concentration on government or public projects, versus commercial or private projects, but, nonetheless, security is becoming a more critical issue all the time.

I appreciate Susan's comments above, and agree that security is at least part of risk, but I would go further and argue that it has had an increased urgency, and should be involved in all phases of a project, including, by the way, team selection ,training, and responsibility.

Having the ISO standards is a good place to start
avatar
Aaron Porter
Community Champion
IT Director| Blade HQ Payson, UT, United States
Undecided. Is this just to fill a gap, or is information security management a role that should be filled by a project manager?
...
1 reply by John Tieso
May 25, 2017 8:22 AM
John Tieso
...
No, what i suggest is that team have am SME or even a team member, in larger projects, with security expertise.
< 1 2 3 >

Please login or join to reply

Content ID:
ADVERTISEMENTS

"If you work on a lobster boat, sneaking up behind people and pinching them is probably a joke that gets old real fast."

- Jack Handey

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters