Security

Scenario: Cybersecurity Audit- Potential Problems and their Solutions

red and black abstract illustration

Any technology-related project faces a significant number of challenges and potential problems; this is due to the complex operations of information systems and their connectivity with other systems, the need to have multiple departments or organizations involved, the possibility of scope/feature creep, and dealing with always-changing timeframes and budget goals. In the case of Tekzor Inc.’s cybersecurity audit of the Warren County R-111 School District, the probable hardships both organizations will face during the project execution phase are abundant; the only method to effectively plan for these problems is through thorough preparation.

To ensure both Tekzor Inc. and the Warren County R-111 School District are ready to adapt to the long list of things that can go wrong, instead of merely reacting to them, this paper will cover the plan of action for nine potential problems they may face during the project execution phase; these include the following:

Lack of good data on activity progress

As documentation and reporting in any phase of a project are vital cogs in the wheel of the operation’s success, as well as future endeavors, Tekzor Inc., per their WBS, will devote a reporting phase at the end of each task in the project plan. With each reporting phase, all completed or incomplete tasks will be documented, including information about the time and cost of the work, the data gained from the specific phases’ relation to the audit of Warren County R-111 School District’s systems and policies, what has been learned to improve future tasks, as well as start to form the necessary data for the first and second complete audit report. To ensure the steady flow of communication, Tekzor Inc. will utilize a cloud-based work-sharing app, (Google Docs and Sheets), so all parties can efficiently share their progress with all members of the project and its stakeholders, such as the customer. Microsoft Project will be utilized to promote accountability and management of the project’s goals and deadlines.

  • Inadequate requirements definition

As the cybersecurity audit of Warren County R-111 School District’s systems and policies is such a lengthy and sophisticated project, proper communication between Tekzor Inc. and the client shall be required to remain throughout the project. Several meetings shall be held before the start of the project to ascertain precisely what the School District requires as results, which will be carefully documented in the initial contract. At all phases of the project, the client and all stakeholders shall be in constant contact regarding each phase’s requirements and results, ensuring that the project’s scope does not change dramatically; if it does, Tekzor Inc. will be made aware early, and be required to sign-off on any alterations of the original contract’s requirements.

  • Frequent and uncontrolled changes to the project baseline

As previously mentioned, frequent and uncontrolled changes to the project baseline can and will occur; the only way to effectively stay on task is to limit these events and plan for their arrival. Any changes to the project baseline, whether initiated by Tekzor Inc. or the Warren County R-111 School District, will need to be signed-off by all stakeholders, allowing the approval process to carefully determine what changes can be handled, as well as what they will do to the cost and timeframe of the entire project. Frequent, continuous meetings shall be held for project stakeholders, on at least a weekly basis, to ensure that any changes made to the project’s baseline will be planned for, committed, or not put into place. A method of introducing a change to the project baseline shall be constructed and enforced, allowing a single individual or group to submit any potential changes; this will ensure the proper chain-of-command is facilitated, as well as limiting unknown variables in having multiple individuals freely changing the project baseline without authorization.

  • Poor time and cost estimates

Due to the length of time to complete each individual phase of the project, as well as their high costs, estimations of each phase’s timeframe and budget requirements will need to be carefully researched and planned for. Past completed projects of Tekzor Inc. and its competitors can be used to help generate the average length and cost of a similar audit, as well as offer insight to the Warren County R-111 School District on reasons the budget or timeframe can increase. Ensuring that the client is well aware of the potential reasons the budget allotted for the project can increase, as well as the timeframe, will help the client and Tekzor Inc. be prepared for possible changes (as well as what to do to adapt to them).

  • Difficulties in concluding the project because of ill-specified completion criteria

The Warren County R-111 School District, through the well-researched and executed contract, as well as the frequent intervals of meetings, shall be well-informed on the completion criteria for the project. As mentioned in the WBS, the first report will cover all found gaps in security, followed by an optional free second audit, when will provide a report as well; this allows the client to understand what the completed project looks like and prevent scope creep. Additionally, per the WBS, the project requires that the satisfaction of the client be gained before Tekzor Inc. finalizes the project’s completion.

  • High personnel turnover

Due to the size of Tekzor Inc.’s team, personnel turnover can be difficult to manage. However, in this case, we have multiple individuals trained in all areas of the project, so if one team member is terminated, ill, or voluntarily leaves, the other members of the team can step in and take their responsibilities. Additionally, due to the importance of project documentation, all members will be able to access a complete recollection of all work completed and work that still needs to be completed. In the contract with the Warren County R-111 School District, Tekzor Inc. will account for possible personnel turnover with a guarantee to the client that their work will remain on-time and on-budget; this can be accomplished by having all team members sign individual contracts stating that they will remain in the project until completion.

  • Inadequate monitoring and directing of project activities

Inadequate monitoring and directing of project activities will be handled with a combination of technology, proper communication, thorough documentation, and the reliance on ensuring the client is aware of the project’s activities and status during all phases of the project. Our client shall have frequent meetings with Tekzor Inc. stakeholders to facilitate communication on the project’s progress, as well as be given access to a cloud-based work-sharing system and Microsoft Project. With each phase’s reporting section, the creation and implementation of monitoring tools will be simple.

  • Technical risk

In such a cybersecurity audit, Tekzor Inc. will be working with production servers, on-site equipment necessary to the client’s business operation, as well as attempting to penetrate and access potentially sensitive information; due to this, there are certainly a significant amount of risks. With the assistance of the risk matrix Tekzor Inc. has developed, the client will be made aware of the potential technical risks involved with this project, as well as signing-off on allowing these potentially hazardous tasks to be performed.

  • Technical issues

As Tekzor Inc. will be using a variety of technology-based tools in their tasks of auditing the Warren County R-111 School District’s cybersecurity capabilities, there can be a range of technical issues that arise. To combat the damage a technical problem can cause for the budget and timeframe of the project, Tekzor Inc. will always utilize a combination of two technology-based tools, a primary and a backup, in case the primary system fails. Redundancy, a vital part of cybersecurity, is what Tekzor Inc. will help guarantee the client’s complete satisfaction in the event of a technical problem.

References

Fuller, M. A., Valacich, J. S., George, J. F., & Schneider, C. (2019). Information systems project management: a process approach, Edition 2.0. Prospect Press, Inc.

Kashyap, S. (2019, November 14). 10 Common Challenges in Project Management (and How to Solve Them). Retrieved July 30, 2020, from https://www.proofhub.com/articles/project-management-challenges.

Categories: Security

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s