Project Management Plan
Nowadays, with the increasing rate of technical excellence, Information security has become one of the major issues which are continuously interrupting the commercial profit of different business organization. Due to high level security challenges, Widgets and Gadgets Company is facing issues at each phase of development of ISM project. Certain core areas of Information Security are neglected because for Widgets and Gadgets information security has become a secondary choice.
The essence of this particular report is completely focused on the development of proper Information Security approaches to avoid the security issues before commence of ISM project by Widgets and Gadgets. In order to avoid all these issues a proper project management plan including group members and communication evidence are implemented in this report. In addition to this, risk assessment, Information security policy and security awareness and training approaches are also elaborated in this report.
Widgets and Gadgets fail to prepare proper information security policy for their company and thus, their confidential assets are getting hijacked easily by the external attackers. Due to frequent social engineering attacks the company is facing huge security issues those are needed to be mitigated accordingly. The CCTV installed in the company were proven to be ineffective, thus the confidentiality of the company is getting interrupted each day. Based on features of the server of the company proper project plan is developed for WaG and the prject plan is elaborated below:
Task Mode |
WBS |
Task Name |
Duration |
Start |
Finish |
Predecessors |
Resource Names |
Cost |
Auto Scheduled |
0 |
Information Security management project implementation in WaG |
97 days |
Wed 4/18/18 |
Thu 8/30/18 |
$10,088.00 |
||
Auto Scheduled |
1 |
Project initiation |
21 days |
Wed 4/18/18 |
Wed 5/16/18 |
$2,240.00 |
||
Auto Scheduled |
1.1 |
Analyzing the company service and management details |
5 days |
Wed 4/18/18 |
Tue 4/24/18 |
Information security manager |
$480.00 |
|
Auto Scheduled |
1.2 |
Analyzing the current information asset management approach of the company |
8 days |
Wed 4/25/18 |
Fri 5/4/18 |
2 |
Project manager |
$640.00 |
Auto Scheduled |
1.3 |
Identifying essential components of project management |
6 days |
Mon 5/7/18 |
Mon 5/14/18 |
3 |
operation manager |
$480.00 |
Auto Scheduled |
1.4 |
Selecting project team members |
8 days |
Mon 5/7/18 |
Wed 5/16/18 |
3 |
Project manager |
$640.00 |
Auto Scheduled |
2 |
Project planning |
42 days |
Tue 5/15/18 |
Wed 7/11/18 |
$4,256.00 |
||
Auto Scheduled |
2.1 |
Project risk management planning |
5 days |
Tue 5/15/18 |
Mon 5/21/18 |
4 |
Information security manager |
$480.00 |
Auto Scheduled |
2.2 |
Procurement planning |
8 days |
Tue 5/22/18 |
Thu 5/31/18 |
5,7 |
HR manager |
$576.00 |
Auto Scheduled |
2.3 |
Contingency planning |
6 days |
Fri 6/1/18 |
Fri 6/8/18 |
8 |
operation manager |
$480.00 |
Auto Scheduled |
2.4 |
Identifying proper project planning tool |
5 days |
Mon 6/11/18 |
Fri 6/15/18 |
9 |
Information security manager |
$480.00 |
Auto Scheduled |
2.5 |
Planning of information security policy based on IS0: 27002:2013 |
8 days |
Mon 6/18/18 |
Wed 6/27/18 |
10 |
Information security manager |
$768.00 |
Auto Scheduled |
2.6 |
Planning for company server security |
4 days |
Thu 6/28/18 |
Tue 7/3/18 |
11 |
operation manager |
$320.00 |
Auto Scheduled |
2.7 |
Stakeholders management plan |
6 days |
Wed 7/4/18 |
Wed 7/11/18 |
12 |
HR manager ,operation manager |
$912.00 |
Auto Scheduled |
2.8 |
Resource management plan |
3 days |
Wed 7/4/18 |
Fri 7/6/18 |
12 |
Project manager |
$240.00 |
Auto Scheduled |
3 |
Project execution |
27 days |
Thu 7/12/18 |
Fri 8/17/18 |
$2,736.00 |
||
Auto Scheduled |
3.1 |
Executing risk register |
5 days |
Thu 7/12/18 |
Wed 7/18/18 |
13 |
HR manager ,Information security manager |
$840.00 |
Auto Scheduled |
3.2 |
Information security policy execution |
6 days |
Thu 7/19/18 |
Thu 7/26/18 |
14,16 |
Information security manager |
$576.00 |
Auto Scheduled |
3.3 |
Social awareness program execution |
5 days |
Fri 7/27/18 |
Thu 8/2/18 |
17 |
HR manager |
$360.00 |
Auto Scheduled |
3.4 |
Encryption algorithm implementation |
5 days |
Fri 8/3/18 |
Thu 8/9/18 |
18 |
Information security manager |
$480.00 |
Auto Scheduled |
3.5 |
Testing the algorithm |
6 days |
Fri 8/10/18 |
Fri 8/17/18 |
19 |
operation manager |
$480.00 |
Auto Scheduled |
4 |
Project closure |
9 days |
Mon 8/20/18 |
Thu 8/30/18 |
$856.00 |
||
Auto Scheduled |
4.1 |
Stakeholders signoff |
4 days |
Mon 8/20/18 |
Thu 8/23/18 |
20 |
HR manager |
$288.00 |
Auto Scheduled |
4.2 |
Final document submission |
2 days |
Fri 8/24/18 |
Mon 8/27/18 |
22 |
Information security manager, operation manager |
$352.00 |
Auto Scheduled |
4.3 |
Post maintenance planning |
3 days |
Tue 8/28/18 |
Thu 8/30/18 |
23 |
HR manager |
$216.00 |
Resource Name |
Type |
Material Label |
Initials |
Group |
Max. Units |
Std. Rate |
Ovt. Rate |
Cost/Use |
Accrue At |
Base Calendar |
Project manager |
Work |
P |
100% |
$10.00/hr |
$0.00/hr |
$0.00 |
Prorated |
Standard |
||
finance manager |
Work |
f |
100% |
$9.00/hr |
$0.00/hr |
$0.00 |
Prorated |
Standard |
||
Information security manager |
Work |
I |
100% |
$12.00/hr |
$0.00/hr |
$0.00 |
Prorated |
Standard |
||
operation manager |
Work |
o |
100% |
$10.00/hr |
$0.00/hr |
$0.00 |
Prorated |
Standard |
||
HR manager |
Work |
H |
100% |
$9.00/hr |
$0.00/hr |
$0.00 |
Prorated |
Standard |
- Improper information security policy
- No current updated risk management approaches
- Huge number of social attack
- Lack of security education and awareness training program developed for the company
- Scope management
- Time and cost management
- Resources
- Project planning
- Information security policy governance
- Change control plan
Widgets and Gadgets faced many challenges regarding their daily activities due to lesser numbers of project executives. The Information security policies of the company are not changing or up-grading accordingly. Due to lack professional training and development program Widgets and Gadgets was facing huge challenges. The ISO 31000:2009 provides principles and generics on risk management and the risk management program developed for Widgets and Gadgets are as follows:
Security to data storage: The ISO 31000:2009 gives principle and guidelines on risk management to the company and it can be applied in any business organization again to a wide range of activities strategies, decisions, operation and processing are the other components to be considered. Data storage should include proper encryption technology to convert the plain text I to cipher text.
Security to the email services of Widgets and Gadgets: In order to secure the email services strong and secured password should be developed. It will prevent unauthenticated users to access email services.
Secure record database: Firewall and accurate encryption technologies should be implemented to secure the confidential records of database management system. Database security will again prevent the entire database records from unauthenticated users.
Timeline
Research and development program management database: In order to secure the information stored in the server, R&D program management database approaches should be implemented by Widgets and Gadgets to ensue the server security and company success.
Inventory management system: Widgets and Gadgets should adopt inventory management software to manage the organizational risks.
Risk assessment matrix
Risk Matrix |
|||||||
Probability Rating |
Very High (5) |
Lack of security in data storage |
5 |
10 |
20 |
35 |
50 |
High (4) |
Lack of Security to the email services of Widgets and Gadgets |
4 |
8 |
16 |
28 |
40 |
|
Moderate (3) |
Insecure record database |
3 |
6 |
12 |
21 |
30 |
|
Low (2) |
Inadequate research and development program |
2 |
4 |
8 |
14 |
20 |
|
Very Low (1) |
Improper inventory management program |
1 |
2 |
4 |
7 |
10 |
|
1 |
2 |
4 |
7 |
10 |
|||
Very Low |
Low |
Moderate |
High |
Very High |
Widgets and Gadgets (WaG) is facing huge issue in their asset management approach. It is the responsibility of the information security manager to adopt proper security policy based on ISO: 27002 to keep their confidential data secured from the external attackers. It is expected that proper information security policy guidelines developed in 2013 will help WaG to gain effective revenue and commercial profits simultaneously. According to ISO: a 27002-2013 standard control considers the common practices for information security that includes the below policies:
- Documenting information security policy
- Information security level responsibility allocation
- Awareness, education and training about the information security policies
In order to build Information security management system for WaG, the company must create publish and maintain an accurate information security policy for their security management system. With the help of proper security policy WaG will be able to save huge amount of money and man hours as well while developing the information security policy. It is the role of the project manager and other project team members to support the information security management developed based on the organizational infrastructure. Before developing the security policy the security goals and security strategies are required to be considered by the project information security manager. According to ISO: 27002 security policy the components those are to be considered include the following:
- Asset management:WaG should protect the integrity, confidentiality and its data availability as per the requirement of the employees. Information according to the legal obligations and the reasonable needs of the employees should be controlled also.
- Based upon the technology based services, the availability and integrity of the information are to be protected
- Data authentication is strictly needed to avoid unauthenticated information access. It order to maintain confidentiality of the stored information, the server should be highly protected so that only the authenticated users will be able to access information server. The security policy must not be violated any time.
- WaG should create accountabilities and develop accurate process and control approach to make sure about the compliance and alignment of the company with its security approaches.
The information security policies of the organization are not kept along with the constantly emerging changing technology. The company does not have any updated risk register and also the company is simultaneously facing social attacks due to lack of security awareness among their employees. It is the responsibility of the information security manager and other organizational executives to make sure that the employees are aware about the assets, their management, the risks and the risk management approaches. In order to launch the security awareness program the steps to be followed by Widgets and Gadgets are as follows:
- Analyzing the requirements of Widgets and Gadgets and developing content according to that
- Scheduling developing training program for the employees working in Widgets and Gadgets
- Testing the effectiveness of the training
- Identifying and gathering C-level support from the third party
- Tracking the company needs and acting according to the requirements
Power point presentation combining the summary
Conclusion
From the overall discussion it can be concluded that, Information security has become one of the major components for Widgets and Gadgets to avoid the security risks. The company did not have any professional information security manager and the system administrator itself used to play the activities of information security manager. Thus, some of the cores managerial aspects were neglected due to which major security challenges were faced by Widgets and Gadgets. It is expected that, with the help of proper security policies these issues could be eventually resolved. In case of Widgets and Gadgets, the numbers of employees and the numbers of activities are not balanced at all. Due to lesser number of employees and executives some of the activities are strictly avoided by the company. In order to reduce workloads from the employees a critical path, Gantt chart and network Diagram pr PERT chart are prepared and illustrated in this report. An accurate project management planning, risk assessment practices, information security policies, and security awareness and training approaches are also elaborated in this report.
References
Ahmad, A., Maynard, S. B., & Park, S. (2014). Information security strategies: towards an organizational multi-strategy perspective. Journal of Intelligent Manufacturing, 25(2), 357-370.
Baskerville, R., Spagnoletti, P., & Kim, J. (2014). Incident-centered information security: Managing a strategic balance between prevention and response. Information & Management, 51(1), 138-151.
Da Veiga, A., & Martins, N. (2015). Improving the information security culture through monitoring and implementation actions illustrated through a case study. Computers & Security, 49, 162-176.
Dotcenko, S., Vladyko, A., & Letenko, I. (2014, February). A fuzzy logic-based information security management for software-defined networks. In Advanced Communication Technology (ICACT), 2014 16th International Conference on(pp. 167-171). IEEE.
Fakhri, B., Fahimah, N., & Ibrahim, J. (2015). Information security aligned to enterprise management. Middle East Journal of Business, 10(1), 62-66.
Hoffmann, R., Kiedrowicz, M., & Stanik, J. (2016). Risk management system as the basic paradigm of the information security management system in an organization. In MATEC Web of Conferences (Vol. 76, p. 04010). EDP Sciences.
Narain Singh, A., Gupta, M. P., & Ojha, A. (2014). Identifying factors of “organizational information security management”. Journal of Enterprise Information Management, 27(5), 644-667.
Park, S., & Lee, K. (2014). Advanced approach to information security management system model for industrial control system. The Scientific World Journal, 2014.
Peltier, T. R. (2016). Information Security Policies, Procedures, and Standards: guidelines for effective information security management. CRC Press.
Safa, N. S., Von Solms, R., & Furnell, S. (2016). Information security policy compliance model in organizations. Computers & Security, 56, 70-82.
Tot, L., Grubor, G., & Marta, T. (2015). Introducing the Information Security Management System in Cloud Computing Environment. Acta Polytechnica Hungarica, 12(3), 147-166.
Webb, J., Ahmad, A., Maynard, S. B., & Shanks, G. (2014). A situation awareness model for information security risk management. Computers & security, 44, 1-15.