Can't it be added to Knowledge management?
Just a suggestion Saving Changes...
John TiesoAuthor, Lecturer in Business Management| The Catholic University of America, Busch School of Business & EconomicsArlington, Va, United States
May 24, 2017 4:53 PM
Replying to Aaron Porter
...
Undecided. Is this just to fill a gap, or is information security management a role that should be filled by a project manager?
No, what i suggest is that team have am SME or even a team member, in larger projects, with security expertise.
...
1 reply by Aaron Porter
May 25, 2017 10:21 AM
Aaron Porter
...
That's the direction I'm leaning. If I read the original article correctly, it's not talking about a project to implement information security, but about information security on a project. In this case, a company should already have a policy that addresses general information security, and it becomes a question of whether or not the policy applies to information on the project. It would be up to a compliance expert to determine the need, and I can see it being examined in a project audit.
Saving Changes...
Prashant SonwaneSr. Program Manager| Winjit Technologies Pvt LtdNashik, Maharashtra, India
Cann't it be covered under Project Risks? Just a thought. Saving Changes...
No, what i suggest is that team have am SME or even a team member, in larger projects, with security expertise.
That's the direction I'm leaning. If I read the original article correctly, it's not talking about a project to implement information security, but about information security on a project. In this case, a company should already have a policy that addresses general information security, and it becomes a question of whether or not the policy applies to information on the project. It would be up to a compliance expert to determine the need, and I can see it being examined in a project audit.
I would add "Compliance". Therefore, Project Security and Compliance. Your thoughts? Saving Changes...
John TiesoAuthor, Lecturer in Business Management| The Catholic University of America, Busch School of Business & EconomicsArlington, Va, United States
May 25, 2017 10:21 AM
Replying to Aaron Porter
...
That's the direction I'm leaning. If I read the original article correctly, it's not talking about a project to implement information security, but about information security on a project. In this case, a company should already have a policy that addresses general information security, and it becomes a question of whether or not the policy applies to information on the project. It would be up to a compliance expert to determine the need, and I can see it being examined in a project audit.
Agreed Saving Changes...
George LewisProgram/Project Manager| DXC Technology CompanyHeredia, Costa Rica
Interesting inputs...
I just want to state that we have to look at the big picture... It is not only adding a security analyst to the project or to include some additional risk items to the risk registry.
Information Systems are evolving and we are NOT coping with the change, I personally feel that we are behind.
Keep an open mind and think on the criticality of the role that security plays in today’s world and then think again, are are MANAGING SECURITY+ properly with the current standards within our projects.
It's just a suggestion to try to expand our current knowledge by Managing this critical aspect of Project Management...
...
2 replies by Aaron Porter and John Tieso
May 25, 2017 12:39 PM
John Tieso
...
it certainly is something we need to consider, and those who are involved in the PMI and other efforts to update standards need to consider this--a critical aspect, as you say, of modern information systems
May 25, 2017 1:20 PM
Aaron Porter
...
I'm still not convinced that it's a project function, not a business function. Looking at existing knowledge areas, if you don't have a project, you don't need the knowledge area. Information security is independent of projects. It's kind of like software development or business analysis. These are things that a knowledge area might touch on, and they have separate BOKs, but do not have a dedicated knowledge area in the PMBOK guide. A separate BOK for information security management might make more sense.
If you were to include it in the PMBOK Guide, what would some of the ITTOs be?
Saving Changes...
John TiesoAuthor, Lecturer in Business Management| The Catholic University of America, Busch School of Business & EconomicsArlington, Va, United States
May 25, 2017 11:52 AM
Replying to George Lewis
...
Interesting inputs...
I just want to state that we have to look at the big picture... It is not only adding a security analyst to the project or to include some additional risk items to the risk registry.
Information Systems are evolving and we are NOT coping with the change, I personally feel that we are behind.
Keep an open mind and think on the criticality of the role that security plays in today’s world and then think again, are are MANAGING SECURITY+ properly with the current standards within our projects.
It's just a suggestion to try to expand our current knowledge by Managing this critical aspect of Project Management...
it certainly is something we need to consider, and those who are involved in the PMI and other efforts to update standards need to consider this--a critical aspect, as you say, of modern information systems Saving Changes...
I just want to state that we have to look at the big picture... It is not only adding a security analyst to the project or to include some additional risk items to the risk registry.
Information Systems are evolving and we are NOT coping with the change, I personally feel that we are behind.
Keep an open mind and think on the criticality of the role that security plays in today’s world and then think again, are are MANAGING SECURITY+ properly with the current standards within our projects.
It's just a suggestion to try to expand our current knowledge by Managing this critical aspect of Project Management...
I'm still not convinced that it's a project function, not a business function. Looking at existing knowledge areas, if you don't have a project, you don't need the knowledge area. Information security is independent of projects. It's kind of like software development or business analysis. These are things that a knowledge area might touch on, and they have separate BOKs, but do not have a dedicated knowledge area in the PMBOK guide. A separate BOK for information security management might make more sense.
If you were to include it in the PMBOK Guide, what would some of the ITTOs be? Saving Changes...
Community Champion
