How does cybersecurity impact project management?
What requirements do we need to ensure the security of a project? The amount of data we find in the digital environment is much greater than the amount of information traffic a few years ago. More and more companies are incorporating new elements in their projects to protect the vulnerability of their information. In project management, ensuring project security is the first step in the organization.
Duarte de Oliveira, IT expert in data security in mobile devices, project manager of infrastructures and cybersecurity at NTT data and professor at La Salle URL in the area of international project management, gave a masterclass in which he updated us on the current needs in project management.
How to incorporate it to avoid delays and cost overruns? What responsibilities does the organization and the project manager assume in the field of security?
Index:
Security plan
-
Business requirements
-
Responsibilities
-
Security by design
Most wanted services
-
DLP
-
Pentesting
-
Project management
-
Vulnerability scanning
-
Cybersecurity Compliance
Main recommendations
-
Identify sensitive information in the project
-
Identify responsibilities within the team
-
Implement a level of sensitivity of the information
-
Be aware of security standards and regulations
-
Include security objectives in the project objectives.
-
Determine the legal responsibilities that the company has with the information.
Employability in cybersecurity
Oliveira presented a series of essential steps in a project manager's roadmap. These guidelines will strengthen the security and viability of a project in terms of cybersecurity.
Security plan
To ensure security in a project, we will need to be aware of the risks we face in order to establish a security plan. Duarte de Oliveira considers information and data security as one of the main risks in the management of a business. Taking them into account will help us to set the path of the plan and focus on the project's objectives.
- Business requirements. We must understand the security requirements of the project as business objectives, since these will be the ones that guarantee its achievement and success.
- Responsibilities. The next step will be the assignment of security responsibilities. Each member of the team should be clear about his or her tasks in security aspects, as well as possible changes that may arise. Many project managers use the well-known RACI (Responsible, Approving, Consulted, Informed) responsibility assignment matrix. This matrix helps to ensure that project objectives are properly executed.
- Security by design. Starting to organize a project by including security aspects from the ground up and automating the processes will improve the project's success and therefore the security of the project will be strengthened as well.
Business requirements, responsibilities and security design are the three main aspects of project management. In this way, information security must be considered from the beginning of the project and considered throughout the process.
"75% of security vulnerabilities and breaches are related to defects in the implementation of projects producing cost overruns, delays and sometimes great impact on the reputation of the company" Duarte de Oliveira.
Most sought-after services
When establishing a security plan, many services are required. Among these, we find:
-
DLP - Data Loss Prevention. It shows the possible risks of security incidents and warns of unprofitable activities of employees. It is a tool that can be very valuable for the company that wants to monitor employee productivity and protect the most important asset: information.
-
Pentesting. It allows to give visibility to security breaches likely to impact the confidentiality of information through the simulation of offensive actions like those that would be performed by an attacker. These tests can be executed from outside or inside the technological ecosystem to be analyzed and are focused on the structured application of techniques, tools and attack actions aimed at testing mechanisms, controls and security levels.
-
Project management
-
Risk matrix to parameterize an organized set of controls and measure their effectiveness (mitigation).
-
Updated status of risk level, compliance with requirements (standards) and conformance (improvements).
-
Manual or automatic data input in the event of cyber-attacks
-
Management of action plans for the correction of deviations in risk, compliance and conformity.
-
Integration of cybersecurity in different areas of the company.
-
Vulnerability analysis. Any business must analyze the situation to know the most predominant risks. This analysis seeks to detail all security vulnerabilities that increase the danger in information systems.
-
Weaknesses
-
Criticality level
-
Risks of IT assets
-
Attack vectors, among others
-
Compliance with cybersecurity standards. The ENS (National Security Scheme) is mandatory for the public world, guaranteeing security in the use of digital technologies and tools. The RD 43/21 regulation (security of information networks and services) is mandatory for companies providing essential critical services.
Main recommendations
In addition to considering the security needs of a project, managers must be aware of the danger in order to be able to prevent such risks. Duarte de Oliveira concluded with a series of recommendations on cybersecurity and project management issues:
-
Identify sensitive information in the project
-
Identify the responsibilities within the members
-
Implement a level of sensitivity of the information
-
Be aware of security standards and regulations
-
Include security objectives in the project's objectives.
-
Determine the legal responsibilities that the company has with the information.
In addition, identify and apply parameters and indicators that help us to control the implementation of security in projects, with some examples of these parameters and indicators.
Employability
Managing projects and understanding the need to establish objectives that protect information security is a necessity in today's organizations. Digital transformation and the increase of data and information has led to an increase in the fragility and vulnerability of organizations.
On the other hand, an increase in hiring in this area is expected, reaching 87.7 million project managers in 2027. At La Salle URL we promote the future of project management professionals - PMP with the Master's Degree in Project Management. In addition, you can increase the skills and competencies of the information security sector with the Master in Cybersecurity. A combination of knowledge and skills that address the current needs in project management of the future.