Question

Principles of Information Security

Using about 1000 words List and describe which members of an organisation are involved in the security systems development life cycle. Who leads the process?

Answer 1

Security professionals are involved in the SDLC. Senior management, security project team and data owners are leads in the project

Before lead IS project, a project manager should figure out what the methodology will be used in the project. This is important for a project manager to recognize it because an appropriate methodology can influence the project success.

A common methodology usually implemented in IS projects is systems development life cycle (SDLC). FFIEC defines systems development life cycle as "a project management technique that divides complex projects into smaller, more easily managed segments or phases". These segmentation will enable project managers to verify the successful completion of project phases before allocating resources to the next phases.

The SDLC is usually described by a circular process in which the end of the useful life of one system leads to the beginning of another project that will develop a new version or replace an existing system altogether.

The oldest model that was originally regarded as the SDLC is the waterfall model. Other models that exist in SDLC are Rapid Application Development (RAD), Joint Application Development (JAD), and Agile methodology.

General Skills of Project Manager

Generally, a project manager is responsible for managing the project to meet the users' needs. He has to have a set of skills such as management, leadership, technical, conflict management, and customer relationship to support his jobs. He also needs to recognize knowledge of what project management involves and why it is so important. Those will make him able to be a role model for his team members to follow. Otherwise, he will not be a real project manager, but he looks like a project coordinator. Goundar (2007) states that "the ideal project manager will value the contribution of employees in many dimensions".

The Project manager also should be able to minimize conflict during working in projects. This can be done through the following techniques (Mehta, 2004):

• Explain to the team what exactly is the aim of the project
• Recognize constraints and objectives of the project
• Ensure the team documents all of project parameters on the project charter
• Communicate to the team related important decisions and changes in the project
• Assign the tasks without ambiguity and overlapping responsibilities
• Create interesting and challenging environment during working the project

Another important skill requirement of a project manager is a project management capability. Luftman (2006) states that "a project management capability is a top ten management concern because of the increased emphasis on Project Management Institute (PMI) certification". The increasing request of certification presents that the project manager should have certificate of Project Management Professional (PMP) to ensure his level of quality of the project management capability.

There are two eligibility categories of candidates who qualify to be certified PMP. Those criteria are the following (IT toolbox Popular Q&A Team,2006):

• Category I is candidate that has baccalaureate degree. He must have at least three calendar years in project management during the past six year, including at least 4,500 hours of project management experience in at least five project management process groups.
• Category II is candidate that does not have a baccalaureate degree. This candidate is required to have 7,500 hours of project management experience.
• Both categories require the candidate to have 35 contact hours of project management education and pass a 200-item examination. And after obtaining certification, PMPs must continue to satisfy additional requirements to retain their certification.

The Role of IS Project Manager

Hoffer, George, and Valacich (2008) define an IS project manager as "a system analyst with a general set of skills who is responsible for initiating, planning, executing, and closing down a project".

During processes of the project, the project manager has to implement his roles to manage the project. Karlsen and Gottschalk (2006) divide the roles of IS project manager into six roles as the following:

• Leader. As the leader, the project manager has to manage the project team toward the project goal.

• Resource allocator. The project manager is responsible to determine allocation of important resources such as human, financial, and information, to the project.

• Spokesman. The project manager is responsible to make widely communication with internal and external of project organization

• Entrepreneur. The project manager should be able to recognize the users' needs and management expectations, as well as develop solutions that change business situations.

• Liaison. The project manager is able to communicate with the external environment.

• Monitor. The project manager must figure the information out from the external environment to keep up with relevant technical changes and competition.

project management processes, the project manager begins to implement his role in the project initiation. During project initiation, the project manager manages the team to develop a project charter and a preliminary project scope statement. The purpose of the project charter is (Wikipedia):

• To document any reasons for undertaking the project
• To present objectives and constraints of the project
• To remind the team about directions concerning the solution
• To recognize the main stakeholders

Meanwhile, the project manager should use a project scope statement to make future project decision, to develop and to confirm a common understanding of project scope among the stakeholders. The project scope statement should be well documented because it may need to be revised to reflect changes to the scope of project. The online community for IT project managers states that "a project scope statement can be represented by a form to spell out the business need/problem, project objectives, results, and content that will make up the project scope statement".

Furthermore, the project manager has to implement his roles by developing, planning and definiting the scope of project, estimating cost, developing schedules, creating work breakdown structure, and making risk analysis during project planning. The purpose of project planning is to create a project plan to track the progress of the project team. The project manager should focus on those works to make sure that those will lead the project toward users' requirements. Kutsch (2008) states that "many IT projects fail because scope, cost and time objectives are not met despite the existence of self-evident correct best practice project management standards".

According to Hoffer, George, and Valacich (2008), during developing and defining scope, the project manager should reach agreement on the following:

• Problem or opportunity that the project address to
• The quantifiable results that has to be achieved
• Needs that has to be done
• How to measure project success
• How to know when the project will be finished