Information Security and the Project
Management Body of Knowledge
Kati Reiland
COSC 481
Spring 2006
Overview
The Project Management Body of
Knowledge (PMBoK)
 Sections of the PMBoK
 Strengths & Weaknesses
 PMBoK and Information Security

The Project Management Body of
Knowledge (PMBoK)

Published by the Project Management Institute
(PMI)
 Considered the industry best practice
 Shared reference for all members involved in
the project; identifies each member’s specific
responsibilities; defines specific time frames,
budgets, and requirements; provides a
measurement of progress; and enables early
adjustments for problems encountered
Sections of the PMBoK









Project Integration Management
Project Scope Management
Project Time Management
Project Cost Management
Project Quality Management
Project Human Resource Management
Project Communications Management
Project Risk Management
Project Procurement Management
Integration Management


the processes required to ensure that the various
elements of the project are properly coordinated
involves deciding which sections of the project are
most important and how different sections will affect
one another.


If one section adversely affects another, the decision needs to
be made as to how each will be handled and if allowances
need to be made in one or the other
3 Steps



Project Plan Development
Project Plan Execution
Overall Change Control
Scope Management

ensures that the processes included in the
project are only those required in order to
complete the project
 limits the amount of scope creep
 5 Steps





Initiation
Scope Planning
Scope Definition
Scope Verification
Scope Change Control
Time Management

a requirement for projects to be completed in
their allocated amount of time


If time is judged poorly in planning, the project may
take many more man-hours to complete than
originally estimated. This may mean missed
deadlines or very long work days and overtime.
5 Steps





Activity Definition
Activity Sequencing
Activity Duration Estimating
Schedule Development
Schedule Control
Cost Management
attempts to ensure that the project
completes within the original budget
 4 Steps

Resource Planning
 Cost Estimation
 Cost Budgeting
 Cost Control

Quality Management
ensures that the quality of the project
meets the project’s expectations
 includes meeting the specifications for
the project, the budget, and the allotted
time
 3 Steps

Quality Planning
 Quality Assurance
 Quality Control

Human Resource Management
Identification of the proper employees
required to complete the project
 3 Steps

Organizational Planning
 Staff Acquisition
 Team Development.

Communications Management
Determining how details of the project
are discussed and communicated to
various parts of the project team.
 4 Steps

Communication Planning
 Information Distribution
 Performance Reporting
 Administrative Closure

Risk Management
Identification, analysis, and response to
project risks
 4 Steps

Risk Identification
 Risk Quantification
 Risk Response Development
 Risk Response Control

Procurement Management
Acquiring needed goods or services from
outside the organization.
 6 Steps

Procurement Planning
 Solicitation Planning
 Solicitation
 Source Selection
 Contract Administration
 Contract Closeout

Strengths & Weaknesses

Strengths



Considered the industry’s best practice for project
management
If followed completely, it ensures that no questions
or problems are overlooked.
Weaknesses


It is only a series of guidelines.
The decisions need to be made by experienced
managers that have a wide knowledge of the type
of project they are about to oversee.
PMBoK and Information Security

Information security is usually considered a
“process” and not a “project”.
 Many of the procedures and policies required
in information security are projects in
themselves.

For example, information security policies need to
be created and then periodically reviewed and
revised. The initial creation of the Data Backup
Policy would be one project, while the annual
review and revision process would be another.
Each year, the review and revision process start
again as a new project.
PMBoK & InfoSec, continued

Overall control of the project


Rather than have a department manager oversee a
project, most information security projects will
require a collaboration of managers from the three
communities: InfoSec, IT & Business.
Negative Feedback Loop


to evaluate the process
Information security projects are more dynamic
than most other types of project management.
Negative Feedback Loop
1.
2.
3.
4.
A plan is developed
Work is done according to plan
Progress is measured
Progress is evaluated


5.
If progress is acceptable, goto #5.
If progress is unacceptable, adjust plan and goto
#2.
Project completion is evaluated


If project is complete, document project.
If project is incomplete, goto #2.
PMI Certifications

Project Management Professional (PMP)




Certified Associate in Project Management
(CAPM)



certified as a competent project manager
a strong background of education & experience
Follows the PMI Code of Conduct
same general background as a PMP
lacks an adequate amount of experience.
Both certifications signify extensive knowledge
and use of the PMBoK
Questions?