Information Technology Security - Case Study Example

?Project Management for an Information Technology Security Introduction Project management refers to an important activity to be implemented by a team for an organization. This activity can be related to the objectives of the organization. It is enforced by a team that has to work with the necessary knowledge and teamwork. Project management is applied to see the problems and dangers in the planning, organizing and putting to action the formulated plans. Organizing, planning and controlling the activities are necessary steps. In manufacturing, project management refers to the process of creating products. Operations management deals with decision making related to productive processes to ensure that the resulting goods or services are produced according to specifications. Effective project management means getting the right things done according to the planned schedule. (Larson and Drexler, 2009, p. 1) Project management begins with planning. There should be an open communication among the members of the team and the aims and objectives must be clearly stated ensuring that they should be related to the objectives of the organization. The project life cycle begins when the project is started until it is declared completed. The key players include the customer who wants to buy the project; the contractor who works on the project up to completion; and the project manager who plans and manages the project activities until it is finished. Teamwork is an effective method in project management. Projects are initiated by recruitment and staffing and the selected team’s individual qualifications should correspond with the required skill for project success. While the group has to work as a team, there must be division of labor. For example, in engineering projects groups rely on individual members who work independently but are responsible to the group. Knowledge, teamwork and management, if studied carefully can provide aid for an effective project management. A good manager with a creative team can provide innovations and insights for the success of the team. (Koch, 2004, p. 277) There’s also a connection between HRD and project management. Some colleges and universities have included these important subjects in their curricula. (Carden and Egan, 2008, p. 310) In a project life cycle, we have a project manager, the customer, and the contractor. Moreover, before making decisions, we have to establish calendars. This has to be constantly consulted to see if the team is working as scheduled. This essay is about project management of an information technology application. There are many risks involved in information technology of an organization. The problem is IT security. The aim of this project management is to find a solution to the risks and threats in an information system of a particular organization. Main Body In the early 1900s, rapid industrialization brought in new perspectives to the growth of companies and organizations. Management scientists provided studies and introduced innovations in the workplace and how workers can be productive and relate their work with life. (Lock, 2007) Henry Ford introduced mass production which was also known as the Model T. Most important to project managers is the style of Henry Gantt who established the Gantt Chart. Gantt worked for Taylor and popularized his style which is still used until today. Computers came in and finally the Internet. Manufacturing and construction industries took hold of the opportunity and recognized the many benefits of technology. In the 1970s, there was increase in the usage of information technology. Industrial project management continued as before but now this was added with project management software. With the emergence of the information revolution, project managers brought in a new face. They have to be well-versed in information technology, including how to manage computers and their security. (Lock, 2007, p. 3) There were different methods introduced at that time, particularly in the design and implementation, but some were put into question. Innovations and expansion in information technology were introduced. Some of these innovations included the ADDIE which meant “analysis, design, develop, implement, and evaluate”. At first this was effective but later discarded. (Fabac, 2006, p. 540) Other researchers emphasized the importance of planning and control of projects (Van Meel, 1993). It was known as the 20-80 method wherein 20 percent should be devoted to planning but 80 percent must be for control of the project. An effective plan must provide good documentation that records the steps and activities of the project life cycle. The 20-80 plan is applicable to any kind of project. Looking at the various projects and activities of organizations, we find project management to be interesting and something worthy to carry along as we pursue future endeavors and careers. Not only is the topic fruitful and important to project managers but to any member of an organization or to anyone involved in a profession that involves diversity and a lot of projects and activities. Understanding the concept and methods of project management enables us to be a part of the success of any project. Project Management Applied to Information Technology Security Advancement in technology is so fast and competition between organizations continues to be stiff. Organizations are struggling to integrate new systems and to introduce different ways to survive, and acquire the latest strategy possible. Successful system integration efforts provide competitive edge. Drawing up a particular case for project management, we focus on the present trend in business today – information technology. Technology is not only a tool and an aid for project managers; it has also given them some responsibility, for example in the handling and security of these new tools. Project management is important in the application of IT security. Information technology security application can be compared to a building that needs fast, effective and accurate service in servicing the tenants. If security is not well in place, service cannot be dispensed with effectively. Information technology can perform countless tasks for the organization like capturing, storing, processing, exchanging, and using information for the company. It involves hardware and software. Hardware includes computers and equipment while software and the operating systems are stored in the database or memory of the computer so that it can operate and be controlled by the user. The infrastructure needs a support staff or people to operate the equipment. The project manager takes charge of the operation and security of the IT infrastructure. He/she has to maintain a good and effective rapport with the employees and should be in control. But the manager has to understand what information technology is, how it works and how it should be maintained and protected. Effective planning is the key to a successful project management. Human resource planning is about identifying resources to the business needs of the project. The manager has to determine the number and type of people essential in the team. Why is the subject of IT security important in project management? Organizations apply anti-viruses and aim for the most secure IT system only to find their computers or IT infrastructure full of all sorts of software that have meshed up. Some organizations have information systems that are not secured that they find their infrastructure is more of a problem instead of simplifying office work. Home owners also find their computer one of the most dangerous places their children can live with. IT security therefore is one of the heavy responsibilities of the project manager. There have been many recommendations and solutions about IT security suggested by organizations and well-meaning individuals and experts in the field of Information Technology. Many of these groups have the resources, but they too have succumbed to the fact that IT security requires continuous improvement and maintenance to make it effective and answer to the needs and wants of owners and clients. This task is just like applying maintenance to a vehicle which requires constant checking to make it safe and comfortable to use. (Scholtz, 2009) The topic on IT security is a broad subject. But for the purpose of this paper, project management is focused on applying security measures to the computers of a business firm. Project management dealing with security in a firm includes areas pertaining to risks and threats and how to conduct risk management and protect the firm’s computers from viruses, worms, and different types of malware (malicious software). Continuous improvement should be applied to the project. This is because IT security has to be continuously checked and maintained in order to be effective. Security applications must be in accordance with the present government guidelines and should also correspond with the requirements of the organization. What is important is to apply the basics of IT security and the ‘dos’ and ‘don’ts’ of IT applications. In this project, we also apply the necessary risk management. Risk management involves analyzing risks or surprises that are expected to happen in the course of undertaking a project and the management of the possible outcomes of such a project. Risk managers have to be expert in using laws and theories that have already been tested, for example, the laws of probability which utilize statistical measurement, regression, and the utility theory. When it comes to information technology, risks are not uncommon – risks are its ‘daily bread’. These risks can be caused by natural occurrences or man-made causes. The question that should be answered here is what kind of risk management is suited for an IT infrastructure. There are many risks involved in maintaining an IT infrastructure. Project management on this particular scenario will deal with the question – how secured are the computers of an organization? Risks and threats are multiplied day in and day out because of the endless interconnection of computers via the Internet. While before computer connections were confined to a few other computers by way of cables, now it is endless because of the Internet. And as risks and threats are multiplied, ways of countering it through anti-viruses have got to be endless too. This means programmers and IT security experts have to apply continuous protection and constant maintenance to the IT infrastructure. There seems to be nothing secured in the age of technology and globalization. Because of computers and new technology, organizations can store as much knowledge and data. But the more data and information are stored in computers, the more risks and threats there are from hackers, computer saboteurs, criminals and terrorists. Risks are multiplied because computers are connected online. The Internet has both advantages and disadvantages. IT Security Risks One of the security risks pertaining to IT security is unauthorized access to information. This also refers to data leakage, privacy and fraud, and other forms of threats. Computer virus is one of the most dangerous threats. A virus attack can spread so rapidly over the Internet and can destroy files and maliciously collect any confidential information and data. Security risks have caused about $17 to $28 million for every occurrence of attack, according to a study by Ernst and Young. (Suduc et al, 2010) There is also the concern of privacy. Information technology was only used as an aid in business and organizations, but now it is the mainframe because of the complexity and interconnectedness of businesses and organizations. Hackers and programmers with criminal minds continue to find ways to illegally penetrate vulnerable websites. (Rainer and Cegielski, 2011, p. 83) Through project management a virus attack can be monitored and prevented. There are many anti-virus softwares available over the internet. The project manager should have contact with these companies so they can provide the necessary security. Continuous monitoring is also one of the jobs of the project manager because anti-virus softwares have to be updated annually. It is not easy to monitor a virus attack, or simply rely on technology. Project management of this kind involves technology and the people operating the system. Those who have access to the information system should also be aware of their responsibility in securing the organization’s IT. CONCLUSION In planning a project, we have to put in writing the necessary steps to be undertaken. First we have to establish some schedules and deadlines which must be followed by the members. Our forecasts must also coincide with real events that are going to happen. But it should not be a guessing game. We have to be accurate in our estimates. In the course of the implementation of the project, there are problems and dangers in the planning, organizing and activities – project management then is applied to see to it that the project will be successful. The project manager has a great role to play. The twentieth century project managers have a sophisticated role to play because of the complicated environmental factors such as globalization and information revolution. Technological innovations have to be dealt with properly. Security threats continue to haunt organizations’ IT infrastructure. Both people and technology can be a threat to IT if no adequate project management is applied. People can be risks and technology can be attacked by viruses and other kinds of malwares. Knowledge is very important in the new global setting where managers and workers have to continuously acquire knowledge and improvement in order to survive in the competitive world of business. Project management has a great part in the implementation of IT security measures in an organization. Without it, it will be very difficult to secure IT especially in involving the employees or the people who have access to confidential data and information in the organization’s data base. Success is in the hands of both the manager and team members. References Carden, L. and Egan, T., 2008. Human Resource Development and Project Management: Key Connections. Human Resource Development Review 2008; 7; 309. DOI: 10.1177/1534484308320577. DOI: 10.1177/0143831X04042492 Fabac, J., 2006. Project management for systematic training. Advances in Developing Human Resources 2006; 8; 540. DOI: 10.1177/1523422306293010 Johansen, J. and Gillard, S., 2005. Information Resources Project Management Communication: Personal and Environmental Barriers. Journal of Information Science 2005; 31; 91-98. DOI: 10.1177/0165551505050786, Available from: Business Source Complete [Accessed 19 July 2011]. Koch, C., 2004. The tyranny of projects: teamworking, knowledge production and management in consulting engineering. Economic and Industrial Democracy 2004; 25; 277 Larson, E. and Drexler, J., 2009. Project management in real time. Journal of Management Education 2009. Volume XX, 10. DOI: 10.1177/1052562909335860. Rainer, R. and Cegielski, C., 2011. Introduction to information systems: enabling and transforming business. United States of America: Quebecor World Versailles. Scholtz, J. A., 2009. Securing critical IT infrastructure. Information Security Journal: A Global Perspective, 18:33–39, 2009, Copyright © Taylor & Francis Group, LLC ISSN: 1939-3555 print / 1939-3547. DOI: 10.1080/19393550802644640 Sleezer, C. and Swanson, R., 1989. Is your training department out of control? Performance and Instruction, 28(5), 22-26. Available from Business Source Complete [Accessed 19 July 2011] Suduc, A., Bizoi, M., and Filip, F. G., 2010. Audit for information systems security. Informatica Economica vol. 14, no. 1/2010. Available from Business Source Complete database [Accessed 19 Jul 2011] Van Meel, R., 1993. Project-based module development (Report No. ISBN-90-358-1241-7). Heerlen, The Netherlands: Centre for Educational Technology and Innovation. (ERIC Document Reproduction Service No. ED734212) Read More