project management methodology
Download
Skip this Video
Download Presentation
Project Management Methodology

Loading in 2 Seconds...

play fullscreen
1 / 27

Project Management Methodology - PowerPoint PPT Presentation


  • 104 Views
  • Uploaded on

Project Management Methodology. Quality Control. What constitute the product quality?. ISO definition of Quality: “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs” More practical definition: Conformance to requirements

loader
I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
capcha
Download Presentation

PowerPoint Slideshow about ' Project Management Methodology' - misha


An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.


- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript
what constitute the product quality
What constitute the product quality?
  • ISO definition of Quality:
    • “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs”
  • More practical definition:
    • Conformance to requirements
    • Fitness to use, means a product can be used as intended
project quality management
Project Quality Management
  • The following processes are in place:
    • Planning for quality
    • Performing quality assurance
    • Performing quality control
planning for quality
Planning for quality
  • Define the product requirements and evaluate them from business perspective
    • Do they ensure improved security?
    • Would they fit to up-to-date technology?
    • Do they improve a user’s experience?
    • Are they in sync with the enterprise security requirements?
    • Do they comply with regulatory requirements?
planning for quality cont
Planning for quality (cont)
  • Three main sources of security requirements:
    • Security risk assessment results
    • Legal, statutory, regulatory, and contractual requirements
    • The particular set of principles, objectives and business requirements specific for the company
planning for quality cont1
Planning for quality (cont)
  • Define documents you need to manage quality through the project, e.g. Quality Management Plan
  • Define standards to be followed in the project development and control
  • Create appropriate metrics and/or quality checklist
security solutions quality standards
Security Solutions Quality Standards
  • Information Security Management System (ISMS) is a framework for an enterprise security architecture that summarizes security solutions implemented by the company
  • Quality requirements for security solutions have been presented by the following two standards:
    • ISO 27001. “…Security technique. ISMS – Requirements”
    • ISO 27002. “…Code of practice for information security management”
security solutions quality standards1
Security Solutions Quality Standards
  • ISO 27001 provides the list of security requirements that any company should consider, and relevant security controls to be implemented
  • ISO 27002 provides best practice recommendations and guideline for security controls implementation
security solutions quality standards2
Security Solutions Quality Standards
  • Other relevant security standards
    • PIPEDA – Canadian standard for data privacy
    • PCI DSS – Payment Card Industry Data Security Standard
    • PA-DSS – Payment Application Data Security Standard
    • FIPS 140 – The requirements and standards for cryptographic modules
planning for quality1
Planning for quality
  • Quality management plan is a deliverable where you describe:
    • Quality criteria
    • Methodology and standards
    • Quality assurance process and checkpoints
    • Resources requirements
    • Methods of applying corrective actions
    • Quality assurance checklist
performing quality assurance
Performing Quality Assurance
  • Quality assurance includes activities related to satisfying quality requirements for a project
  • Quality assurance is the product of integration of the solution development process with related processes in the company organizational model
  • Strict enforcement of the processes is the basis of the product quality
performing quality assurance1
Performing Quality Assurance
  • Major processes are:
    • Secure system development lifecycle
    • Change management
    • Release management
    • Configuration management
    • Project management
  • Companies must have the processes enforced to be compliant with security standards
performing quality assurance2
Performing Quality Assurance
  • Secure SDLC
    • Security is built into the product from the beginning
    • Every stage has relevant security deliverables
    • Required resources have been provisioned into the project
    • Control activity consider security in scope
change management
Change management
  • Formal change control must be implemented
  • Change control assumes having a formal processes and procedures of
    • Filing Change Requests (CR)
    • Reviewing CRs by major stakeholders
    • Approval following standard process
    • Planning for implementation
change management1
Change management
  • If approved, CR will be promoted to implementation and respectively will be covered by other processes, such as project management, release management, configuration management
  • Change Management tool should allow recording of the decisions made during the CR review
change management2
Change management
  • Change management assures that
    • All changes are clearly defined, documented and communicated
    • Approval is obtained before proceeding
    • Changes are tested
    • Deployment will be allowed only for authorized changes
    • Post-implementation review conducted
release management
Release Management
  • Coordinate the processes through the system development life cycle
  • Ensure the quality of production version
  • Manage the project artifacts
release management processes
Release Management Processes
  • Processes/activities
    • Release Design
    • Monitor and Verify the progress of Release
    • Obtain sign-off
    • Approve Production Implementation
    • Coordinate Release Deployment Activity
    • Implement Release
    • Post Implementation Review
  • Security solutions should be built-in into one of upcoming releases
configuration management
Configuration management
  • Must ensure that the descriptions of the project products are correct, complete, and consistent at any point of time
  • Configuration management activities:
    • Identify and document the functional and physical characteristics of the products
    • Control any changes to such characteristics
    • Record and report changes
    • Audit the product to verify conformance to requirements
configuration management1
Configuration management
  • The scope of configuration management (CM) depends on the subject
  • Standards define
    • CM for software
    • CM for computer hardware
configuration management2
Configuration management
  • All components of a computer system must be registered with CM and recorded into CM database
  • CM responsibilities:
    • identification
    • control
    • status accounting
    • verification
security audit
Security Audit
  • This is verification of implemented security solutions
  • Baseline for verification is established in accordance to the audit goal
  • Internal audit may evaluate compliancy of implemented security solutions to internal policies and standards
security audit1
Security Audit
  • Often audit is initiated in order to verify compliancy with regulatory requirements and standards
  • Examples of that would be audit for
    • PCI DSS compliance,
    • ISMS compliance with ISO 27001
    • Network security compliance with ISO 27002
    • SSAE 16
security audit standards
Security Audit Standards
  • Standards set the framework of security audit planning and implementation
  • Most known standards
    • Control Objective for IT (COBIT)
    • Standards for Attestation Engagements (SSAE 16), replacement for SAS70
performing quality control
Performing Quality Control
  • The product must meet the requirements
  • It also must meet the time and cost constraints
  • Performing quality control means periodical evaluation of the overall project performance
  • Final testing
quality control tools
Quality control tools
  • Special tools used to monitor project parameters to ensure that they are compliant with the relevant quality standards
    • Capability Maturity Model (CMM)
    • Six sigma methods
    • Quality metrics and diagrams (Pareto charts, Fish bones)
exercise
Exercise
  • Assume that your company wants to hire new project manager for security projects. Develop a list of quality criteria that you can use in making this hiring decision
ad