Project Management

I recently participated in a webinar titled Industrial Security in the Real World: Practical Steps, which indirectly discussed how some fundamental tenants of project management were applied to this topic. The presentation was sponsored by Automation World and led by two staff members of Belden. Belden is a company focused on communication, and the webinar concentrated on security and communications equipment in an industrial environment.

The presenters discussed three topics that are the cornerstones of project management practice—stakeholders, definition and change. This led me to consider how project management techniques might apply to the area of security in general, regardless of the chosen technology. Beyond the definition of terms, it is helpful for team members participating in a project to understand some of these fundamental project management concepts and how to incorporate them to make a project successful.

Project managers focus on three elements of a development: budget, utility and schedule, where utility is the functionality incorporated in the project, whether it be a physical security or an IT project. Usually— and some would say at best—a project manager can help a team optimize two of these elements. Engineers appreciate the necessity to make similar trade-offs; for example, an electronic design will have to balance the trade-offs between running at a faster speed and the power consumed to run at that speed.

When looking at the elements of budget, utility and schedule, the tradeoffs are more fluid. While there are a number of reasons for this, it is partly due to the participants or stakeholders on the project.

Unlike the final customer, all stakeholders may not be have daily involvement in a project, but it is important to get all of them to agree on the priority of project goals. This aspect of a project consumes a great deal of energy. It is not uncommon for teams to have divergent and energetic opinions on which elements are most critical. A classic tool that I have recently used to help a project team arrive at consensus is a decision matrix.

What It Is

The decision matrix defines individual requirements to the stakeholders. After the requirements are defined, the stakeholders determine the importance of each element. This is done by assigning a weighting for each element as agreed to by the stakeholders. The weightings are tallied and the result will provide the priorities of the project.

One of the most recent projects I worked on used the decision matrix to help the team define what features were to be created and when they would be tested on a communications module. This empowered the team to set the project priorities and had a direct relationship to the schedule and budget. For those who are not familiar with this technique, I recommend that you go to the ASQ Web site for a description of the process.

The decision matrix should be used at the outset of a project, particularly if there is significant disagreement between the stakeholders. The initial stage of development is critical, for without a well-described definition and proper resourcing—funding and staffing—a project is doomed to struggle at best, or in the worst case, fail completely. One of the most glaring examples of such a situation, with respect to national security, is the fence to prevent illegal immigration from Mexico.

Frequently, a crisis will influence team members to determine the solution before reflecting upon the requirements and constraints of the project. This is a situation where the decision matrix can be useful to quickly determine the importance of each of the requirements. As part of a definition document there should be descriptions of features that have been discussed or eliminated; these should remain in the documentation to let others know the thought process used to gain consensus.

Adjusting to Change

The decision matrix also is useful when the project must adjust to change that will occur during the life of the project. Change is inevitable, and while some change is unexpected, such as the attacks on 9/11, some changes can be anticipated and should be addressed in the definition of a project. A colleague of mine has an expression: “They pay me to put it in; they pay me to take it out; they pay me to put it in again.”

This indicates that some stakeholders will start with optimistic goals for schedule, utility and budgets and will revise those requirements as pressures are applied or conditions change. In the case of the networking security Webinar, the presenters described how to connect the network to allow for expansion in the future as conditions changed. This is another way in which the decision matrix can be used—to think through potential changes that may occur in the future.

While all security projects have their unique requirements and constraints, it is important to recognize that there are common aspects to all projects. Techniques such as decision matrixes will help to define parameters, set goals and determine the impact of change of a project. Analysis provided by the decision matrix can establish the stakeholders’ understanding and set the project’s direction.

This article originally appeared in the June 2013 issue of Security Today.

Featured

  • Evolving Cybersecurity Strategies: Uniting Human Risk Management and Security Awareness Training

    Organizations are increasingly turning their attention to human-focused security approaches, as two out of three (68%) cybersecurity incidents involve people. Threat actors are shifting from targeting networks and systems to hacking humans via social engineering methods, living off human errors as their most prevalent attack vector. Whether manipulated or not, human cyber behavior is leveraged to gain backdoor access into systems. This mainly results from a lack of employee training and awareness about evolving attack techniques employed by malign actors. Read Now

  • Report: 1 in 3 Easily Exploitable Vulnerabilities Found on Cloud Assets

    CyCognito recently released new research highlighting critical security vulnerabilities across cloud-hosted assets, revealing that one in three easily exploitable vulnerabilities or misconfigurations are found on cloud assets. As organizations increasingly shift to multi-cloud strategies, the findings underscore significant security gaps that could provide attackers with potential footholds into networks. Read Now

  • Built for Today, Ready for Tomorrow

    Selecting the right VMS is critical for any organization that depends on video surveillance to ensure safety, security and operational efficiency. While many organizations focus on immediate needs such as budget and deployment size, let us review some of the long-term considerations that can significantly impact a VMS's utility and flexibility. Read Now

  • Paving the Way to Smart Buildings

    In today's rapidly evolving security landscape, the convergence of on-prem, edge and cloud technologies are critical. The physical security landscape is undergoing a profound transformation, driven by the rapid digitalization of buildings and the evolving needs of modern organizations. As the buildings sector pivots towards smart, AI and data-driven operations, the integration of both edge and cloud technology has become crucial. Read Now

  • The Cybersecurity Time Bomb

    If you work in physical security, you have probably seen it: a camera, access control system, or intrusion detection device installed years ago, humming along without a single update. It is a common scenario that security professionals have come to accept as "normal." But here is the reality: this mindset is actively putting organizations at risk. Read Now

New Products

  • Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

    Connect ONE®

    Connect ONE’s powerful cloud-hosted management platform provides the means to tailor lockdowns and emergency mass notifications throughout a facility – while simultaneously alerting occupants to hazards or next steps, like evacuation.

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file.

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions.