news

Sample CCISO exam questions on security project management

admin
Spread the love

Phases of Project Management

Good project management allows a project to move in the right direction While these phases are discussed sequentially, in practice they may be implemented sequentially, iteratively, or concurrently. In the model depicted in Figure 3-6, the monitoring and controlling process occurs throughout the project. In practice, the monitoring and controlling process occurs during the executing phase and to some degree in the initiating, planning, and closing phases. In addition, the initiating and planning phases may happen simultaneously in some organizations. The project management process groups can be tailored and customized to fit the organization’s needs. In this section we examine project management Although the project management model discussed in this section is based on the PMI PMBOK process groups, this section is not intended to align completely with the way PMBOK approaches project management. This section is written based on the authors’ experience observing how project management is applied in practice.

Initiating

Before a project can begin, up-front work must be completed in the initiating phase. First, a business need or problem must be identified, and a potential solution discussed. Depending on the feasibility of the solution, this may warrant the creation of a project. The key initiatives that take place in the initiating phase include the following:

  • Collect requirements
  • Define the project scope
  • Identify and interview stakeholders
  • Define assumptions and constraints
  • Establish the general project budget and timeline
  • Develop the project scope document
Collect Requirements

Every project must have a set of requirements, a collection of capabilities or items that are required in the final deliverable to meet the project objectives. The requirements provide the foundation for defining the project scope. The work required in collecting the requirements can vary. In some cases, the requirements are provided As part of project initiating, it is important to put some kind of boundary on the work to be done. The scope of a project defines the boundary of the project. It is the work that is required to fulfill the customer requirements. The scope should outline what is and is not included in the project. The scope includes the project goals, requirements, stakeholders, schedule, and budget. A well-defined, documented, and monitored scope is an important factor in a project’s success. A poorly defined project scope can result in one or more of the following:

  • Scope creep: Uncontrolled growth in a project’s scope due to the addition of requirements, desires, or targets
  • Cost overrun: Unexpected costs incurred during the course of a project that are in excess of budgeted amounts
  • Schedule overrun: Unexpected schedule delays incurred during the course of a project

Scope is defined in a project scope document or scope statement, which describes project deliverables and outcomes.

Identify and Interview Stakeholders

As part of project initiating, stakeholders should be identified and interviewed and their needs should be assessed. Stakeholders are people with a vested interest or stake in the project. This includes both internal and external stakeholders.

  • Internal stakeholders: Individuals within the organization such as team members, business area managers, senior executives, and so on
  • External stakeholders: Individuals external to the organization such as customers, vendors, users, contractors, suppliers, or investors

The stakeholders are identified and their details documented, including, at a minimum, their names, roles, contact information, and areas of interest. For example, some stakeholders may be performing the work, others may be affected The stakeholders are interviewed and assessed to determine their needs, expectations, and definition of success for the project. This information is documented to ensure their requirements are clearly understood.

Define Assumptions and Constraints

In the initiating phase, the possible assumptions and known constraints should be captured and documented. These form the basis for project planning.

  • Assumptions: Beliefs or expectations in planning based on knowledge or experience that may not be certain, true, or real (for example, assume that resource X will be available for the duration of the project).
  • Constraints: Limitations or restrictions to the project’s schedule, resources, quality, budget, scope, or risk that may impact the project during executing (for example, resource X can be tested only during the weekends). Constraints can be business oriented or technically oriented.

Assumptions and constraints are documented at a high level during the initiating phase and should be tracked during the project life cycle. Assumptions are beliefs that may turn out to be false, and constraints are restrictions or barriers to project execution. Both can add to project risk and effect project requirements, which is why it is critical to document, analyze, and monitor them throughout the project.

Establish the General Project Budget and Timeline

The initiating phase includes discussing and estimating the initial budget for the project. The budget may not be very detailed in the initiating phase; however, it is important to have an estimate of what the general budget for the project will be. The project timeline also needs to be discussed and estimated to predict when the results generally need to be delivered.

Develop the Project Scope Document

All the components described in the initiating phase should be captured and the information integrated into a project scope document. The project scope document captures all scope data and high-level decisions regarding the project and typically contains the following, at a minimum:

  • Scope definitions
  • Stakeholder inputs
  • Assumptions and constraints
  • Budget and time frame
  • Initial schedule and resources

The project scope document may also be referred to as the scope statement. The purpose of the project scope document is to document the boundary of the project. This is used to ensure that there are not deviations in the project that lead to scope creep and that there are well-defined project objectives so that success is tangible.

Steven BennettSteven BennettSteven Bennett

About the authors

Steven Bennett, CCISO, CISSP, CISA, is an engineer, sportsman, entrepreneur and consultant. He has worked in the IT field for more than 40 years, helping organizations protect their most important assets from criminal threats. Bennett has spent his lifetime studying human and animal behavior in complex systems, relationships between predator and prey, and offensive and defensive survival strategies and tactics observed in business and nature. His information security consulting career includes supporting clients in healthcare, manufacturing, retail, finance, military and government.

Jordan GenungJordan GenungJordan Genung

Jordan Genung, CCISO, CISSP, CISM, CISA, has served as an information security officer and security advisor for public and private sector organizations. His experience includes security consulting for Fortune 100 companies and government agencies, building information security programs and developing information security curriculum. Genung holds a degree in computer science and information security from the University of Texas at San Antonio, which is a National Security Agency and Department of Homeland Security National Center of Academic Excellence in Cyber Operations, Cyber Defense and Research.