"The Implications of Security on Project Management"

Event Report

On 11 February Adam McElroy, Programme Manager in Hewlett Packard Services' Security Practice, spoke on Security implications for Project Managers.

Adam characterised Project Management as a 'full contact sport' akin to international rugby. At the same time, several security-related characteristics are beginning to come to the forefront in many projects, particularly those in the financial services world. The aspects are summarised by the acronym CIA - not the American version, but standing for Confidentiality, Integrity and Availability.

Security is the business of everyone on a project. Increasingly customer requirements are being driven or constrained by regulatory compliance issues - by the FSA and SEC at a minimum.

So where do the threats come from? Well, contrary to the normal expectation of this being from external sources - hackers, virus activity etc - some 80% of all threats are actually internal. In a call centre, for example, some of these can be mitigated by motivation and training, but exposure from connivance as a result of inappropriate relationships has often proved to be a source of such attacks.

Adam looked at the nature of secure environments that PMs need to consider when dealing with the most confidential of projects, and the need on occasion to build an environment where all communication with the outside world is vetted - a difficult and expensive arrangement to build for a team of any size and a limiting factor on the effectiveness and efficiency of the team's working.

So what simple steps can you take to at least cover the basics? Adam's answer was simple - define your security policy, then tell people what the policy is and enforce it!