IT Security in Project Management

Corporate data can be transported in many ways. As an IT Project Manager there are several areas of consideration in the development of technology systems built for corporations. In a 2007 report, 1,408 IT decision makers from the United States, United Kingdom, France, Germany and Australia, participated in a survey to capture information about corporate data security. While 60% of those surveyed realized that they had data problems none of them were 100% confident in their ability to track data leaks. Armed with this knowledge, where do your IT project plans incorporate data security planning?

As an IT project manager, if your system or application is integrated with sensitive data of any type you should be thinking about security. Sensitive data consists of credit or personal information as the general public is most commonly aware of. Other types of sensitive data on the corporate side would be sales information, trade secrets and patents for example.

In February of 2007 it was revealed that a scientist within DuPont stole $400 million worth of trade secrets. A Carnegie Mellon study found that many employees with new job offers often take information from their current company before they leave for their new position. In April of 2007, the social security numbers and birth dates of 2.9 Million Georgia medicaid recipients went missing in transit. The TJ Maxx credit card cyber-thief had the encryption key but may not have needed it since the data was stolen prior to encryption.

In reference to the 2007 study, only six percent of the 1,408 companies surveyed could categorically state that they have not lost any data in the last two years. While many companies are concerned with attacks by hackers, 61% of those surveyed felt that data loss was due to insiders. The survey indicated that 55% of data leaks are intentional. The survey also indicated that 23% of a corporations data loss is malicious. One area the report overlooked was employee resignations. There is the likely potential that this is a high risk group of corporate data leaks.

What this means to organizations is that data security needs to be analyzed in all areas of an organization and not just in the IT department.

For Project Managers …

• Data used by applications or system solutions needs to be classified and managed accordingly.

• Proper controls need to be in place to determine who has access to what data.

• Monitors should be in place to track or block access to sensitive data.

• Data flow through email, messaging, FTP or any other web protocols should be monitored.

• Enforce corporate data policies. (If policies do not exist, create them and enforce them. Train the employees on data policies. This may be out of scope for the PM, but a suggestion to the corporation.)

This is just a short list of security concerns for the IT Project Manager.

The information presented here is based on a report I created in August of 2007. Even though this is based on a two year old academic report it is still relevant for today’s IT Project Manager.

For more information on IT Data security measures please visit …

http://csrc.nist.gov/

and

http://www.iso.org/iso/catalogue_detail?csnumber=39612

Strive for Excellence

While at my Toastmasters meeting last night I received a tip. It was so profound that I had to write about it in an effort to assist others with goals, or projects, or everyday life. In whatever you are doing strive for excellence instead of perfection. You should strive for excellence because excellence is attainable. Can you really attain perfection? Think for a moment of something you are really good at. Seriously, think of something you are really good at, write it down. Now which of the following is easier …

1) Think of what you are good at, what would you have to do to achieve excellence?

2) Now think of what you are good at, what do you have to do to in order for it to be nothing but perfect?

Take some time with this exercise and write down what you would have to do to attain excellence vs. perfection.

Here is a concept that may assist you in this thought process. Work within the tolerances. What this means is that you can create something that works without perfection. Here are a couple of examples …

1) Your automobile, your bicycle your home is not perfect. They are all manufactured or built within tolerances.

• The engine in your car is assembled with parts that fall within acceptable tolerances, they are not perfect.

• Two identical bicycles could have their brakes adjusted differently but they still work.

• Your home has any number imperfections around windows, corners and doors but do you really notice them?

2) When you bake a cake from a recipe or a box you follow a recipe. Though you may repeat the recipe over and over again, it is not done with perfection.

• Most cake recipes require an egg. Is there a perfect egg? Do you obtain the perfect egg every time?
• How about those measuring cups? Do you hit the mark each and every time you measure an ingredient?
• Is your oven temperature spot on each and every time?

To summarize this, we live in a world of working within tolerances yet we can achieve excellence by doing so without the need of striving towards perfection.

Work within the tolerances and strive for excellence!

SMART Goals Review

Have you ever been on a team that has a goal but the team never gets off the ground? Have you ever been assigned a goal without knowing what you really need to accomplish by when? I will admit that in years long ago, I had been assigned to a team that had a goal that was not getting anywhere. In those years long ago, I had also been assigned goals that were unclear in nature. These types of goals can be frustrating for all parties involved. In order to avoid this frustration I have found that the implementation of SMART Goals seems to help.

Many of us in Project Management have heard the term SMART Goals but a quick review may be beneficial from time to time. The word SMART is an acronym that is broken down into …

S – Specific

M – Measurable

A – Attainable

R – Realistic

T – Timely

Please note that there are other variations of the SMART acronym but I find this version best suites me personally and professionally. With that in mind, I would like to break this down a bit further.

S – Specific, I feel that this should address the who, what, when, where and why of the SMART goal. In other words …

Who needs to be involved to accomplish the goal?

What needs to be accomplished?

When does this need to be completed by?

Where does this need to be accomplished?

Why does this need to be accomplished?

M – Measurable, I feel that this should measure the progress of the goal. It should be a periodic scheduled review that is measuring what is being accomplished over time.

A – Attainable, I feel that this should determine if this is something that can truly be accomplished. It is important to remember that goals take time, money and resources to accomplish, it is not something to be taken lightly by the organization or individual.

R – Realistic, I feel that if the individual, the team and/or the organization believes that the goal is realistic than it can be accomplished.

T – Timely, I feel that a goal without a deadline or schedule will not get the attention it deserves and will most likely not get accomplished.

These are the SMART goal criteria that have been advantageous to me over the years. But I want to focus on something I have found very important and that is … “Why does this goal need to be accomplished?” If you don’t have a big enough reason why this goal needs to be accomplished, chances are you will not get the engagement or traction necessary to get moving on the goal.

My advice is to be clear about SMART goals and periodically measure their progress over time. I feel that we all desire the successful outcome for individual and team goals, if there are written status reports and scheduled periodic reviews of goals this will lead to a successful outcome. Take a look at the calendar, when did you last check the status of your goals? In addition, how are your goals coming along? This is something you may want to think about.

The Three P’s of Project Management

Project Management is People Management, we have heard this said over the years. I feel it is in our best interest to consider the Three P’s of Project Management. The Three P’s take into consideration People, Process and Performance Management.

Let’s use the planes in this photo for example. People are required for a successful outcome. Process is required to create, repeat and maintain the presentation. Performance is required to track the operation technically, mechanically, individually and as a team. If any of these are missing, the end result could be much different.

In my article, “The Three P’s of Project Management” I provide more detail on each topic. The link provided is to the site that I originally posted the article on. I look forward to your feedback and insight.

The Three P’s of Project Management

The Three P’s of Project Management Published on Project Smart

PMBOK Guide – Fourth Edition Contributor and Reviewer

Having a passion for project management is more to me than just the management of projects. In February of 2008 I received the PMBOK Guide–Fourth Edition Exposure Draft and I felt that this was a great opportunity to contribute to the process but also to check my understanding.

As I read through the document I found many areas that I felt could use some improvement. I made many recommendations and only one was rejected. Afterward, I knew I did the right thing by taking the time to assist the team of professionals to produce the best PMBOK to date. I am grateful to find my name listed with several other respected Project Managers in the industry in this version of the PMBOK.

Since the PMBOK Guide–Fourth Edition is a requirement for passing the PMP exam, I strongly recommend a thorough understanding of the content.