Project management methodology
This presentation is the property of its rightful owner.
Sponsored Links
1 / 27

Project Management Methodology PowerPoint PPT Presentation


  • 77 Views
  • Uploaded on
  • Presentation posted in: General

Project Management Methodology. Quality Control. What constitute the product quality?. ISO definition of Quality: “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs” More practical definition: Conformance to requirements

Download Presentation

Project Management Methodology

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -

Presentation Transcript


Project management methodology

Project Management Methodology

Quality Control


What constitute the product quality

What constitute the product quality?

  • ISO definition of Quality:

    • “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs”

  • More practical definition:

    • Conformance to requirements

    • Fitness to use, means a product can be used as intended


Project quality management

Project Quality Management

  • The following processes are in place:

    • Planning for quality

    • Performing quality assurance

    • Performing quality control


Planning for quality

Planning for quality

  • Define the product requirements and evaluate them from business perspective

    • Do they ensure improved security?

    • Would they fit to up-to-date technology?

    • Do they improve a user’s experience?

    • Are they in sync with the enterprise security requirements?

    • Do they comply with regulatory requirements?


Planning for quality cont

Planning for quality (cont)

  • Three main sources of security requirements:

    • Security risk assessment results

    • Legal, statutory, regulatory, and contractual requirements

    • The particular set of principles, objectives and business requirements specific for the company


Planning for quality cont1

Planning for quality (cont)

  • Define documents you need to manage quality through the project, e.g. Quality Management Plan

  • Define standards to be followed in the project development and control

  • Create appropriate metrics and/or quality checklist


Security solutions quality standards

Security Solutions Quality Standards

  • Information Security Management System (ISMS) is a framework for an enterprise security architecture that summarizes security solutions implemented by the company

  • Quality requirements for security solutions have been presented by the following two standards:

    • ISO 27001. “…Security technique. ISMS – Requirements”

    • ISO 27002. “…Code of practice for information security management”


Security solutions quality standards1

Security Solutions Quality Standards

  • ISO 27001 provides the list of security requirements that any company should consider, and relevant security controls to be implemented

  • ISO 27002 provides best practice recommendations and guideline for security controls implementation


Security solutions quality standards2

Security Solutions Quality Standards

  • Other relevant security standards

    • PIPEDA – Canadian standard for data privacy

    • PCI DSS – Payment Card Industry Data Security Standard

    • PA-DSS – Payment Application Data Security Standard

    • FIPS 140 – The requirements and standards for cryptographic modules


Planning for quality1

Planning for quality

  • Quality management plan is a deliverable where you describe:

    • Quality criteria

    • Methodology and standards

    • Quality assurance process and checkpoints

    • Resources requirements

    • Methods of applying corrective actions

    • Quality assurance checklist


Performing quality assurance

Performing Quality Assurance

  • Quality assurance includes activities related to satisfying quality requirements for a project

  • Quality assurance is the product of integration of the solution development process with related processes in the company organizational model

  • Strict enforcement of the processes is the basis of the product quality


Performing quality assurance1

Performing Quality Assurance

  • Major processes are:

    • Secure system development lifecycle

    • Change management

    • Release management

    • Configuration management

    • Project management

  • Companies must have the processes enforced to be compliant with security standards


Performing quality assurance2

Performing Quality Assurance

  • Secure SDLC

    • Security is built into the product from the beginning

    • Every stage has relevant security deliverables

    • Required resources have been provisioned into the project

    • Control activity consider security in scope


Change management

Change management

  • Formal change control must be implemented

  • Change control assumes having a formal processes and procedures of

    • Filing Change Requests (CR)

    • Reviewing CRs by major stakeholders

    • Approval following standard process

    • Planning for implementation


Change management1

Change management

  • If approved, CR will be promoted to implementation and respectively will be covered by other processes, such as project management, release management, configuration management

  • Change Management tool should allow recording of the decisions made during the CR review


Change management2

Change management

  • Change management assures that

    • All changes are clearly defined, documented and communicated

    • Approval is obtained before proceeding

    • Changes are tested

    • Deployment will be allowed only for authorized changes

    • Post-implementation review conducted


Release management

Release Management

  • Coordinate the processes through the system development life cycle

  • Ensure the quality of production version

  • Manage the project artifacts


Release management processes

Release Management Processes

  • Processes/activities

    • Release Design

    • Monitor and Verify the progress of Release

    • Obtain sign-off

    • Approve Production Implementation

    • Coordinate Release Deployment Activity

    • Implement Release

    • Post Implementation Review

  • Security solutions should be built-in into one of upcoming releases


Configuration management

Configuration management

  • Must ensure that the descriptions of the project products are correct, complete, and consistent at any point of time

  • Configuration management activities:

    • Identify and document the functional and physical characteristics of the products

    • Control any changes to such characteristics

    • Record and report changes

    • Audit the product to verify conformance to requirements


Configuration management1

Configuration management

  • The scope of configuration management (CM) depends on the subject

  • Standards define

    • CM for software

    • CM for computer hardware


Configuration management2

Configuration management

  • All components of a computer system must be registered with CM and recorded into CM database

  • CM responsibilities:

    • identification

    • control

    • status accounting

    • verification


Security audit

Security Audit

  • This is verification of implemented security solutions

  • Baseline for verification is established in accordance to the audit goal

  • Internal audit may evaluate compliancy of implemented security solutions to internal policies and standards


Security audit1

Security Audit

  • Often audit is initiated in order to verify compliancy with regulatory requirements and standards

  • Examples of that would be audit for

    • PCI DSS compliance,

    • ISMS compliance with ISO 27001

    • Network security compliance with ISO 27002

    • SSAE 16


Security audit standards

Security Audit Standards

  • Standards set the framework of security audit planning and implementation

  • Most known standards

    • Control Objective for IT (COBIT)

    • Standards for Attestation Engagements (SSAE 16), replacement for SAS70


Performing quality control

Performing Quality Control

  • The product must meet the requirements

  • It also must meet the time and cost constraints

  • Performing quality control means periodical evaluation of the overall project performance

  • Final testing


Quality control tools

Quality control tools

  • Special tools used to monitor project parameters to ensure that they are compliant with the relevant quality standards

    • Capability Maturity Model (CMM)

    • Six sigma methods

    • Quality metrics and diagrams (Pareto charts, Fish bones)


Exercise

Exercise

  • Assume that your company wants to hire new project manager for security projects. Develop a list of quality criteria that you can use in making this hiring decision


  • Login