Project Management

Please login or join to subscribe to this thread

Cybersecurity

linkedin twitter facebook   Requirements Management  
avatar
Juan Gabriel Gantiva Vergara IT PMO Manager| Private Madrid, Spain
What mechanisms are being implemented in projects to manage cybersecurity?
Sort By:
avatar
Deepesh Rammoorthy ICT Project Manager ( PMP®AgilePM®Certified ScrumMaster® (CSM®))| Australian Red Cross Blood Service Tarneit, Vic, Australia
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
...
2 replies by Rami Kaibni and William Washinski II
Jan 17, 2018 6:13 PM
Rami Kaibni
...
Deepesh - You nailed it. Impressive summary - Cheers !
Jan 17, 2018 6:37 PM
William Washinski II
...
Great summary list.
avatar
Rami Kaibni
Community Champion
Senior Projects Manager | Field & Marten Associates New Westminster, British Columbia, Canada
Jan 17, 2018 5:25 PM
Replying to Deepesh Rammoorthy
...
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
Deepesh - You nailed it. Impressive summary - Cheers !
avatar
William Washinski II Product Owner| Cigna Tampa, Fl, United States
Jan 17, 2018 5:25 PM
Replying to Deepesh Rammoorthy
...
1) Security Audits . Develop a template to ask questions to the vendor on how they manage information security. How do they collect, store, retrieve and disseminate information.
2) Review your organization's own security policy . For example disallow any USB's that are not provided by the organization and encrypted.
3) Enforce strong password policies
4) Implement stronger web filtering and monitor what websites are being accessed by employees.
5) Implement Two factor authentication
6) Keep your operating system patches up-to date
7) Review your firewall rules
8) Restrict users from downloading their own software without the assistance from IT.
9) Lock down the Web Browser versions
10) Implement a Standard Operating Environment (SOE) on all the computers.
11) Conduct vulnerability scans on all your servers
12) Sign non disclosure agreements with all your vendors and suppliers
Great summary list.
avatar
Najam Mumtaz Retired Lahore, Punjab, Pakistan
Thank you Deepesh for sharing the steps to ensure cyber security.
Despite our best efforts cyber security breaches are inevitable and this has been proven so many times with so many firms/ organizations. The next strep should be to restrict the extent of breach and minimize data loss.
avatar
Christopher Andrews Valrico, Fl, United States
Deepesh, I believe you are 'spot on', technically. I mean to say that your list aims and strikes at the target of risk and risk mitigation. It defends and protects from a technical level. Might I add, the 'heart' of cyber incidents is malign agents (people) operating to cause damage albeit to a server, but aimed at other people. The one thing missing on your list is 'personnel training.' Not a boring half-hour CBT, but a sincere explanation of the threat employees face when they do not practice safe online practices.
avatar
Tiago Romao Project Manager - PfMP | PgMP | PMP | ACP | PBA | CBAP | CSM | MSc.| Altice Portugal | Meo Sobreda, Setubal/Almada, Portugal
Yes, Deepesh listed pretty extensively the mechanisms.

The changes on the projects i manage is the inclusion of one more person, role, "cybersecurity experts", who is accountable to guarantee the list is fulfilled by the solution designed for supporting the product/service, i.e. one more thread to manage.
avatar
Kevin Coleman Subject Matter Expert, Author, Speaker and Strategic Advisor| - Insights Pa, United States
I am experiencing and influx in questions about ransomware attacks. At this time, after review of several recent incidents here is the best advice. Increase the frequency of backups and be 100% sure it is stored offline on a portable drive that is encrypted.

Please login or join to reply

Content ID:
ADVERTISEMENTS

Waiting for the time when I can finally say that this has all been wonderful but now I'm on my way.

- Phish

ADVERTISEMENT

Sponsors







Vendor Events

See all Vendor Events

Newsletters

Jun 3: The Career Problem Facing New PMs
May 20: Your PM Career as a Project Life Cycle
May 13: The Big Lie After Layoffs

See all newsletters