Question

In: Computer Science

Principles of Information Security Using about 1000 words List and describe which members of an organisation...

Principles of Information Security

Using about 1000 words List and describe which members of an organisation are involved in the security systems development life cycle. Who leads the process?

Solutions

Expert Solution

Security professionals are involved in the SDLC. Senior management, security project team and data owners are leads in the project

Before lead IS project, a project manager should figure out what the methodology will be used in the project. This is important for a project manager to recognize it because an appropriate methodology can influence the project success.

A common methodology usually implemented in IS projects is systems development life cycle (SDLC). FFIEC defines systems development life cycle as "a project management technique that divides complex projects into smaller, more easily managed segments or phases". These segmentation will enable project managers to verify the successful completion of project phases before allocating resources to the next phases.

The SDLC is usually described by a circular process in which the end of the useful life of one system leads to the beginning of another project that will develop a new version or replace an existing system altogether.

The oldest model that was originally regarded as the SDLC is the waterfall model. Other models that exist in SDLC are Rapid Application Development (RAD), Joint Application Development (JAD), and Agile methodology.


General Skills of Project Manager

Generally, a project manager is responsible for managing the project to meet the users' needs. He has to have a set of skills such as management, leadership, technical, conflict management, and customer relationship to support his jobs. He also needs to recognize knowledge of what project management involves and why it is so important. Those will make him able to be a role model for his team members to follow. Otherwise, he will not be a real project manager, but he looks like a project coordinator. Goundar (2007) states that "the ideal project manager will value the contribution of employees in many dimensions".

The Project manager also should be able to minimize conflict during working in projects. This can be done through the following techniques (Mehta, 2004):

  • Explain to the team what exactly is the aim of the project
  • Recognize constraints and objectives of the project
  • Ensure the team documents all of project parameters on the project charter
  • Communicate to the team related important decisions and changes in the project
  • Assign the tasks without ambiguity and overlapping responsibilities
  • Create interesting and challenging environment during working the project

Another important skill requirement of a project manager is a project management capability. Luftman (2006) states that "a project management capability is a top ten management concern because of the increased emphasis on Project Management Institute (PMI) certification". The increasing request of certification presents that the project manager should have certificate of Project Management Professional (PMP) to ensure his level of quality of the project management capability.

There are two eligibility categories of candidates who qualify to be certified PMP. Those criteria are the following (IT toolbox Popular Q&A Team,2006):

  • Category I is candidate that has baccalaureate degree. He must have at least three calendar years in project management during the past six year, including at least 4,500 hours of project management experience in at least five project management process groups.
  • Category II is candidate that does not have a baccalaureate degree. This candidate is required to have 7,500 hours of project management experience.
  • Both categories require the candidate to have 35 contact hours of project management education and pass a 200-item examination. And after obtaining certification, PMPs must continue to satisfy additional requirements to retain their certification.

The Role of IS Project Manager

Hoffer, George, and Valacich (2008) define an IS project manager as "a system analyst with a general set of skills who is responsible for initiating, planning, executing, and closing down a project".

During processes of the project, the project manager has to implement his roles to manage the project. Karlsen and Gottschalk (2006) divide the roles of IS project manager into six roles as the following:

  • Leader. As the leader, the project manager has to manage the project team toward the project goal.

  • Resource allocator. The project manager is responsible to determine allocation of important resources such as human, financial, and information, to the project.

  • Spokesman. The project manager is responsible to make widely communication with internal and external of project organization

  • Entrepreneur. The project manager should be able to recognize the users' needs and management expectations, as well as develop solutions that change business situations.

  • Liaison. The project manager is able to communicate with the external environment.

  • Monitor. The project manager must figure the information out from the external environment to keep up with relevant technical changes and competition.

project management processes, the project manager begins to implement his role in the project initiation. During project initiation, the project manager manages the team to develop a project charter and a preliminary project scope statement. The purpose of the project charter is (Wikipedia):

  • To document any reasons for undertaking the project
  • To present objectives and constraints of the project
  • To remind the team about directions concerning the solution
  • To recognize the main stakeholders

Meanwhile, the project manager should use a project scope statement to make future project decision, to develop and to confirm a common understanding of project scope among the stakeholders. The project scope statement should be well documented because it may need to be revised to reflect changes to the scope of project. The online community for IT project managers states that "a project scope statement can be represented by a form to spell out the business need/problem, project objectives, results, and content that will make up the project scope statement".

Furthermore, the project manager has to implement his roles by developing, planning and definiting the scope of project, estimating cost, developing schedules, creating work breakdown structure, and making risk analysis during project planning. The purpose of project planning is to create a project plan to track the progress of the project team. The project manager should focus on those works to make sure that those will lead the project toward users' requirements. Kutsch (2008) states that "many IT projects fail because scope, cost and time objectives are not met despite the existence of self-evident correct best practice project management standards".

According to Hoffer, George, and Valacich (2008), during developing and defining scope, the project manager should reach agreement on the following:

  • Problem or opportunity that the project address to
  • The quantifiable results that has to be achieved
  • Needs that has to be done
  • How to measure project success
  • How to know when the project will be finished

Related Solutions

Principles of Information Security Using about 1000 words Describe the three simplistic stages of Lewin’s change...
Principles of Information Security Using about 1000 words Describe the three simplistic stages of Lewin’s change management model.
Principles of Information Security Using about 1000 words Explain in detail discretionary access controls (DACs) and...
Principles of Information Security Using about 1000 words Explain in detail discretionary access controls (DACs) and nondiscretionary access controls (NDACs)
Principles of Information Security Using nothing less than 1000 words explain in detail risk control. List...
Principles of Information Security Using nothing less than 1000 words explain in detail risk control. List and describe the five selecting control strategies for controlling risk.
Principles of Information Security Using nothing less than 1000 words Identify and explain the six components...
Principles of Information Security Using nothing less than 1000 words Identify and explain the six components of an information system. Which are most directly affected by the study of computer security? Which are most associated with its study?
1. List and describe the extended characteristics (Six Ps) of information security management.
1. List and describe the extended characteristics (Six Ps) of information security management.
1. Describe the principles of accounting and financial systems as they apply to your organisation. 2....
1. Describe the principles of accounting and financial systems as they apply to your organisation. 2. Explain Fijian, international and/or local legislation that is relevant to financial management in your organization. 3. Outline the Fijian Tax Office requirements, including Value Added Tax, company income tax, Payroll tax and superannuation obligations, as they apply to your organisation. Include the due dates for the lodgment and payment of obligations in your response. 4. What legislation applies to fraud and the misappropriation of...
List and describe the principles of volume, pressure and flow
List and describe the principles of volume, pressure and flow
Using about 1000 words or more explain in depth the difference between a denial-of-service attack and...
Using about 1000 words or more explain in depth the difference between a denial-of-service attack and a distributed denial-of-service attack. Research real life stories of the two attacks that happened to a company (or companies) or individuals etc.
I need a 1000 words essay about autocad
I need a 1000 words essay about autocad
DQ1: List any of the three common core security principles and discuss how it applies to...
DQ1: List any of the three common core security principles and discuss how it applies to your organization. DQ2: List and discuss three security policies that support the business continuity planning in your organization. How does Business Impact Analysis BIA help in realigning organizational security policies in your organization?
ADVERTISEMENT
ADVERTISEMENT
ADVERTISEMENT