Project Management and Cyber Security
Protection of services seems to be the way of the future, and as a project manager how do you deliver a Cyber Security related project successfully? The answer no different to any other project, the process is the same, planning doesn’t change and stakeholder management should be paramount. Although Cyber Security is everybody’s business, it is still relatively new when it comes down to delivering these related projects within an enterprise. Convincing those affected of spend, time and the impact takes skill, providing facts helps immensely.
Although there are many intricacies when project managing a cyber security project, we will only look at high level factors to consider when delivering a project of this nature. It is paramount for cyber security strategy to be embedded within the business process, rather than be something that stands alone. Strategies will differ across industries and businesses, and share critical elements. The outcome should be how cyber security protects and enables value to the business by;
- Basing strategy to align with business goals.
- Cyber security issues should be communicated in simple business language.
The project strategy should be driven from the top. A strong cyber security strategy is part of the organizations core message and is set by senior executives. It’s always easier to implement cyber security earlier rather than later. It should be embedded in every project, and every activity, from the beginning. Cyber security is more than just IT, as it affects supply chain, human resources, finance and more.
The project team should include resources who have an understanding of cyber security. As the project manager, there has to be a level of understanding from your part to separate fact from fiction when surrounded by particularly skilled resources. The cyber security project team has an appropriate mix of skill sets, including organizational change management, crisis management, third-party risk management and strategic communications.
Governance shouldn’t change because it is a cyber security project, establish a cyber security steering committee. Having a steering committee that needs to approve all security projects is essential for an effective cyber security governance program. Have the right security stakeholders on board to help with the implementation as part of the organizations culture. Advocates help spread the cyber security vision across the enterprise.
Cyber threats are always changing, establishing controls to provide adequate protection in order to minimize the risks or impact of any threat. Risk management is project management 101, and understanding what they are and how to mitigate them is very important. Threats need to be continuously monitored and make sure security posture is improving every day. It is critical to quickly detect and react to cyber threats. Using multiple threat intelligence sources, assists in anticipating a threats next move.
Although the project is allocated, resources will come and go as required but a core team should be established. Focus the resources on the business critical assets. Base resource allocation on risk assessment finding, placing efforts where the business is most vulnerable.
Unfortunately, organizations cannot be 100% secure, elements of risk remain. As the project manager all should be identified and mitigation put into place as mentioned earlier. A strong incident response capability is essential in case something undesirable happens. Incident response is not just a technology issue, but needs both technical and management involvement. An incident response plan should be developed and tested regularly.
In most organizations there needs to be a cultural transformation, as people are the core of a business, so cyber security is everyone’s responsibility. Cyber security should be made relevant to each business area and factored into all business decisions. When each component in the information security management system, the people, processes and technology, come together and works in harmony, there will be pay-off from the cyber security investment.
Let us know your experience with Cyber security projects, the tools you use, your approach, we would like to hear from you. All the very best on your project management journey.