PROJECT MANAGEMENT CHALLENGES & SOLUTIONS IN CYBERSECURITY
Information Technology (IT) project management is critical and important for the successful delivery of Cyber Security projects. Cybersecurity strategy shall add boundless value and takes first place in any IT project management. Cyber Security is required by every area of software development and that is behind the reason behind the shift of paradigm towards ‘DevSecOps’.
A recent survey on project management, conducted by consulting firm McKinsey & Co., “executives discovered that adhering to project management methods and strategies reduced risks, cut costs and improved success rates”.
Below stated are few common security challenges observed in IT project management.
- No Prioritization
- Uncertainty in Scope.
- Poor Communication
- Strategic misalignment
Successful completion of any projects would be dependent on strategic and operational level prioritization and many organizations had failed to handle it effectively.
Cybersecurity project managers often face this challenge due to the non-availability of adequate resources with required skillsets and fail to prioritize the right projects among others.
Project managers should prioritize among projects based on whether this project helps me to protect my critical assets, manage or mitigate risks, add strengthen current cybersecurity posture, meet the business goals, and return on investments.
Uncertainty in Scope
If the project scope is not well defined this can lead to a ‘scope creep’ state as the thoroughly defined project scope plays a vital role in the success or failure of the project. It displays a phenomenal difference between uncertain and well-defined project scope, which impacts on progress and effectiveness of the project.
By taking the below-mentioned project elements into account the ‘scope creep’ phenomena can be avoided. Thus, communicating a well-defined scope is critical and important.
- Goals & Deliverables.
- Roles and Responsibilities.
- Cost & Quality Assurance.
- Define scope & non-scope elements.
It is learned from the recent survey report by the Project Management Institute that 30 to 35 % of the project failures were due to poor communication between the stakeholders of the project. It is also observed that a significant number of projects in which effective communication between the stakeholders has taken place have met the quality standards.
For every cybersecurity project, the project managers need to identify the stakeholders and to define effective communication based on ‘5 Ws ‘– Who, What, When, Where, and Why.
In most of the organizations still, the cybersecurity projects are treated as ‘necessary evil‘ (due to cost implications) and some to be met as part of compliance. Because of this thought process ‘Cyber Security Projects’ often not aligned with what exactly required by the organization and this shall lead to ‘Strategic Misalignment’ of the project as it doesn’t meet the overall goals of the organization.
To eradicate the strategic misalignment project managers and stakeholders need to get acquainted with the overall cybersecurity strategy and identify the goals.
To check whether the cybersecurity project goals are aligned with overall company goals and its legitimacy in terms of compliance and laws (Policies, Guidelines, etc).
To keep the track of strategic alignment throughout the project and publicize the strategic project results upon completion.
Cybersecurity project management is a collective and daisy chain process that involves various stakeholders within the organization. Project managers can overcome the cybersecurity project challenges provided project is designed based on clearly defined scope, alignment of cybersecurity project goals with the organization security goals, well-defined milestones, and effective communication among all stakeholders of the projects.
By B. VINOD BABU
CYBERSECURITY CONSULTANT & TRAINER