• Project Portfolio Management - Projects Must Position the Firm For Future Success

  July 31, 2010

  
  

• Anatomy of an Effective Project Manager

  July 30, 2010

  
  

• Adapting Pareto Principle For Project Management

  July 29, 2010

  
  

• The Essence of Driving - A Crash Course in Project Management

  July 29, 2010

  
  

• How to Pick a Good Project Sponsor

  July 28, 2010

  
  

• Critical Project Resources - The Software Architect

  July 28, 2010

  
  

• Project Portfolio Management - Projects Must Effectively Use the Firm’s Resources

  July 27, 2010

  
  

• Fatal Assumptions and Change Management

  July 27, 2010

  
  

• Engaging Your Stakeholders

  July 27, 2010

  
  

• Why Do Most Projects Fail To Set Guiding Principles?

  July 26, 2010

  
  

The Security Triangle in Project Risk Management

January 6, 2009 | Author: PM Hut | Filed under: Risk Management

The Security Triangle in Project Risk Management
By Bernie L. Dixon

With any road map, you must first establish your starting location in order to plan out a route. In security, this start point can often be found in a guide to setting computer security policies and procedures, called RFC 2196, which states that a security policy is a formal statement of rules by which people who are given access to the IT resources of an organization must abide.Well, just what the heck does that really mean? Let’s break it down into smaller parts and form a triangle of the “people” and processes. First, who in the organization can put out formal rules that everyone within the organization must follow? That would have to be the owners as it is quite conceivable that they may have to prove in a court of law that they have protected shareholder investments in that company, which includes all network resources. So owners are responsible for policy, or what is expected in regards to security within the organization. However, policies typically are very high-level statements that don’t always indicate how we are going to get there in regards to security.

The Security Triangle in Project Risk Management

This is where procedures come into play. Procedures say how we are going to meet the “what” of policies. The custodians of the owners’ information assets and data are typically responsible for the procedures. The custodians are the security managers, network administrators, system administrator, and other administrative types that take the policies and determine how to best implement those requirements. The bridge that makes that happen is risk management.

Risk management takes into account several factors to determine actions necessary to reduce risk to an acceptable level. Finally, the last and most important piece of the triangle is the users, for they are the true implementers of security. Policies and procedures are not secrets. They must be disseminated to the users, and the users must have a buy-in. The users need security awareness training that includes how to use the security technology being put in place.

Bernie L. Dixon is a Certified Information Systems Security Professional (CISSP) and System Security Certified Practitioner (SSCP). He has over 30 years experience in the field of computer and network security, including cryptography. Bernie served 25 years in the United States Air Force, where his responsibilities included analyzing and resolving communications and computer security-related problems. Upon retirement, Bernie became the Manager of Information Protection for AT&T Technical Services in San Antonio, TX, where he was responsible for communications-computer security. After 3 years, he served as the Director of System Security for Access Research Corporation. Bernie started his own company in November 1997 and has done network security consulting for companies like TRW, Unisys, Ascend (now Lucent), Department of the Treasury, Department of the Air Force, and NSA. He wrote two security courses for Global Knowledge titled Designing Security Architectures and Check Point NGX CCSA/CCSE.

This article was originally published in Global Knowledge’s Business Brief e-newsletter. Global Knowledge delivers comprehensive hands-on project management, business process, and professional skills training. Visit our online Knowledge Center at www.globalknowledge.com/business for free white papers, webinars, and more.

© Copyright 2008, Global Knowledge. All rights reserved.

Related Articles

• Supporting Frameworks for Successful Program Management - Project Security
• Devil's Triangle of Project Management
• A Project Management Primer - Basic Principles - Scope Triangle

This entry was posted on Tuesday, January 6th, 2009 and is filed under Risk Management. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

feel free to leave a comment

Comment Guidelines: Basic XHTML is allowed (a href, strong, em, code). All line breaks and paragraphs are automatically generated. Off-topic or inappropriate comments will be edited or deleted. Email addresses will never be published. Keep it PG-13 people!

XHTML: You can use these tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

All fields marked with " * " are required.

Name: *
Email (will never be displayed): *
URL:
Your comments: *
Remember my information for the next time I visit.

• Agile Project Management
• Ask the Hut
• Certification
  • CAPM
  • ITIL
  • PMP
• Change Management
• Communications Management
  • Communications Planning
  • Information Distribution
  • Performance Reporting
  • Project Closure
• Computer Based Information Systems
  • Latest Trends
  • Project Collaboration
• Concepts
  • Project Lifecycle Phases
  • Project Stakeholder Management
  • Role of the Project Manager
• Corporate Transformation
• Cost Management
  • Cost Estimating
  • Economic Evaluation
• Critical Chain Project Management
• Delegation
• History
• HR Management
  • Organizational Structures
  • Team Building
• Implementing Project Management
  • PM Implementation Plan
• Integration Management
  • Change Control
  • Project Management Framework
  • Project Plan Development
• Lessons Learned
• Management
• Miscellaneous
• People Issues
  • Conflict Management
  • Leadership
  • Motivation
• PMBOK
• PRINCE2
• Procurement Management
  • Contract Administration & Close-out
  • Procurement Plannning
  • Solicitation & Source Selection
• Program Management
• Project Lifecycle Phases
• Project Management Advantages
• Project Management Advantages
• Project Management as a Career
• Project Management Best Practices
• Project Management Charts
• Project Management Definitions
• Project Management Ethics
• Project Management for Beginners
• Project Management Guides
• Project Management Musings
• Project Management Office
• Project Management Proposals
• Project Management Templates
• Project Portfolio Management
• Project Workforce Management
• Quality Management
  • Principles
  • Techniques
• Requirements Management
• Risk Management
  • Risk Identification
  • Risk Quantification & Analysis
  • Risk Response & Control
• Scheduling
  • Normal and Crash Costs
  • Project Plan Refinement
  • Resource Constrained Projects
  • Resource Leveling
• Scope Management
  • Process of Change Control
  • Project Scope Management
  • Scope Change Control
• SCRUM
• Soft Management
• Time Management
  • Activity Definition
  • Activity Duration Estimate
  • Activity Sequencing
  • Critical Path
  • Network Planning
  • Project Milestones
• Training
• Uncategorized