Skip to main content

From My Perspective: The Need for Strategic Project Management on Large InfoSec Implementations

April 04, 2014

For a majority of Information Security professional services engagements, a classical approach to project management suffices to provide tactical, transactional functions and ensures projects are delivered on time, on budget and as expected.

There are exceptions, however, where the deployment of complex Information Security implementations requires a more strategic approach to project management - a Program Management perspective - one that is based on relationships as much as true classical PM skills. 

The following information highlights a high-level, minimal approach required for a successful engagement and a link to the full white paper is available at the end for a more detailed review.

Classical Project Management

The Project Management Institute (PMI) defines a project as a “…group activity designed to produce a unique product, service or result… having a defined beginning and end time and therefore defined scope and resources.”

At FishNet Security, our Project Management Office (PMO) has defined our project management (delivery) process based on the PMI Project Management Body of Knowledge (PMBOK) framework and on the following activities that our Project Managers perform on larger engagements, at a minimum:

  • Project Initiation & Kickoff
  • Project Plan & Work Breakdown Structure
  • Issue & Risk Identification, Quantification & Mitigation
  • Management Of Project Budget, Schedule, Deliverables & Change Management
  • Project Reporting with full visibility into scope, budget and schedule adherence
  • Project Audits & Milestone Management
  • Project Meetings & Stakeholder Communication
  • Project Close-Out & Final Deliverable Acceptance

This is a successful approach and enables the Project Managers to maintain clear channels of communication with our clients and FishNet Security management team to help deliver project success.

Strategic Project Management

From my perspective, there are times when the deployment of complex Information Security projects, such as Identity and Access Governance (IAG), has a need for a more strategic project management approach, one that is based on “relationships” in addition to traditional project management skills and experience.

To achieve integration and control, relationships have to be established, nurtured and maintained; not just for the initial IAG deployment but for the life of the implementation. I classify these relationships as:

  • Business Relationships - Interpersonal relationships that need to be established and maintained among the various organizational units that will feed or benefit from the IAG deployment.
  • Process Relationships – Interdepartmental business process relationships that need to be defined via business process reengineering and maintained.
  • Technology Relationships - Intersystem technology relationships that need to be established and maintained because an IAG deployment will rely on new technologies to be deployed in addition to interfacing with existing systems and technologies.
  • Data Relationships - Interdepartmental data relationships that need to be defined and maintained since an IAG deployment will rely on data consistency across an organization.

Two takeaways from this relationship building discussion are the need for these relationships to be “inter” or among and the need for these relationships not only to be defined and established but also maintained.

A strategic approach to project management (Program Management) considers the definition, documentation and maintenance of these relationships to be an integral part of Integration Management in addition to Organizational Change Management and establishing a governance process.

Evolution of these relationships is a recurring process throughout the IAG lifecycle and is continually revised and built upon to establish a framework for Program Management as the client’s IAG core competency matures. This framework is reflected in the following diagram:

Program Management Framework

In closing, a strategic approach to project management focuses on the bigger picture and decisions made within that bigger picture and not just the immediate Statement of Work. This approach of taking the enterprise or “inter-prise” perspective to complex information security deployments like IAG, moves the strategic project manager into more of a program manager role to address the multiple aspects - people, process, technology, data and opinions - that must be defined, managed and controlled.

For more detailed information on how to improve the success of your projects, download the free white paper.

Related Blogs

May 02, 2014

Navigating a Successful SIEM Strategy

It’s been my experience that deploying a successful SIEM strategy is like the “jump program” from The Matrix. Left on one’s own, without the help of t...

See Details

September 09, 2014

Endpoint Security Options | Optiv

In today’s security world, organizations have countless options when it comes to choosing vendors and securing their data and network. Now break that ...

See Details

November 12, 2012

IP Theft Prevention: Beyond Just Technology

News headlines about credit card numbers being stolen and other successful security attacks on intellectual property (IP) during the last decade have ...

See Details

How Can We Help?

Let us know what you need, and we will have an Optiv professional contact you shortly.

Privacy Policy

Related Insights

January 24, 2018

Identity and Access Management Capabilities

We can help enable your business while reducing risk.

See Details

January 26, 2018

Identity and Access Management Solutions

We help you minimize risk and maximize efficiency with our IAM solutions.

See Details

April 05, 2016

Information Security is Practiced Like Early Medicine

Learn how we can apply the advances of medicine in the 18th century to cyber security through an experimental approach and reliable reporting.

See Details

Stay in the Know

For all the latest cybersecurity and Optiv news, subscribe to our blog and connect with us on Social.


Join our Email List

We take your privacy seriously and promise never to share your email with anyone.

Stay Connected

Find cyber security Events in your area.