Project management methodology
1 / 27

Project Management Methodology - PowerPoint PPT Presentation

  • Uploaded on

Project Management Methodology. Quality Control. What constitute the product quality?. ISO definition of Quality: “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs” More practical definition: Conformance to requirements

I am the owner, or an agent authorized to act on behalf of the owner, of the copyrighted work described.
Download Presentation

PowerPoint Slideshow about 'Project Management Methodology' - misha

An Image/Link below is provided (as is) to download presentation

Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author.While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server.

- - - - - - - - - - - - - - - - - - - - - - - - - - E N D - - - - - - - - - - - - - - - - - - - - - - - - - -
Presentation Transcript

What constitute the product quality
What constitute the product quality?

  • ISO definition of Quality:

    • “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs”

  • More practical definition:

    • Conformance to requirements

    • Fitness to use, means a product can be used as intended

Project quality management
Project Quality Management

  • The following processes are in place:

    • Planning for quality

    • Performing quality assurance

    • Performing quality control

Planning for quality
Planning for quality

  • Define the product requirements and evaluate them from business perspective

    • Do they ensure improved security?

    • Would they fit to up-to-date technology?

    • Do they improve a user’s experience?

    • Are they in sync with the enterprise security requirements?

    • Do they comply with regulatory requirements?

Planning for quality cont
Planning for quality (cont)

  • Three main sources of security requirements:

    • Security risk assessment results

    • Legal, statutory, regulatory, and contractual requirements

    • The particular set of principles, objectives and business requirements specific for the company

Planning for quality cont1
Planning for quality (cont)

  • Define documents you need to manage quality through the project, e.g. Quality Management Plan

  • Define standards to be followed in the project development and control

  • Create appropriate metrics and/or quality checklist

Security solutions quality standards
Security Solutions Quality Standards

  • Information Security Management System (ISMS) is a framework for an enterprise security architecture that summarizes security solutions implemented by the company

  • Quality requirements for security solutions have been presented by the following two standards:

    • ISO 27001. “…Security technique. ISMS – Requirements”

    • ISO 27002. “…Code of practice for information security management”

Security solutions quality standards1
Security Solutions Quality Standards

  • ISO 27001 provides the list of security requirements that any company should consider, and relevant security controls to be implemented

  • ISO 27002 provides best practice recommendations and guideline for security controls implementation

Security solutions quality standards2
Security Solutions Quality Standards

  • Other relevant security standards

    • PIPEDA – Canadian standard for data privacy

    • PCI DSS – Payment Card Industry Data Security Standard

    • PA-DSS – Payment Application Data Security Standard

    • FIPS 140 – The requirements and standards for cryptographic modules

Planning for quality1
Planning for quality

  • Quality management plan is a deliverable where you describe:

    • Quality criteria

    • Methodology and standards

    • Quality assurance process and checkpoints

    • Resources requirements

    • Methods of applying corrective actions

    • Quality assurance checklist

Performing quality assurance
Performing Quality Assurance

  • Quality assurance includes activities related to satisfying quality requirements for a project

  • Quality assurance is the product of integration of the solution development process with related processes in the company organizational model

  • Strict enforcement of the processes is the basis of the product quality

Performing quality assurance1
Performing Quality Assurance

  • Major processes are:

    • Secure system development lifecycle

    • Change management

    • Release management

    • Configuration management

    • Project management

  • Companies must have the processes enforced to be compliant with security standards

Performing quality assurance2
Performing Quality Assurance

  • Secure SDLC

    • Security is built into the product from the beginning

    • Every stage has relevant security deliverables

    • Required resources have been provisioned into the project

    • Control activity consider security in scope

Change management
Change management

  • Formal change control must be implemented

  • Change control assumes having a formal processes and procedures of

    • Filing Change Requests (CR)

    • Reviewing CRs by major stakeholders

    • Approval following standard process

    • Planning for implementation

Change management1
Change management

  • If approved, CR will be promoted to implementation and respectively will be covered by other processes, such as project management, release management, configuration management

  • Change Management tool should allow recording of the decisions made during the CR review

Change management2
Change management

  • Change management assures that

    • All changes are clearly defined, documented and communicated

    • Approval is obtained before proceeding

    • Changes are tested

    • Deployment will be allowed only for authorized changes

    • Post-implementation review conducted

Release management
Release Management

  • Coordinate the processes through the system development life cycle

  • Ensure the quality of production version

  • Manage the project artifacts

Release management processes
Release Management Processes

  • Processes/activities

    • Release Design

    • Monitor and Verify the progress of Release

    • Obtain sign-off

    • Approve Production Implementation

    • Coordinate Release Deployment Activity

    • Implement Release

    • Post Implementation Review

  • Security solutions should be built-in into one of upcoming releases

Configuration management
Configuration management

  • Must ensure that the descriptions of the project products are correct, complete, and consistent at any point of time

  • Configuration management activities:

    • Identify and document the functional and physical characteristics of the products

    • Control any changes to such characteristics

    • Record and report changes

    • Audit the product to verify conformance to requirements

Configuration management1
Configuration management

  • The scope of configuration management (CM) depends on the subject

  • Standards define

    • CM for software

    • CM for computer hardware

Configuration management2
Configuration management

  • All components of a computer system must be registered with CM and recorded into CM database

  • CM responsibilities:

    • identification

    • control

    • status accounting

    • verification

Security audit
Security Audit

  • This is verification of implemented security solutions

  • Baseline for verification is established in accordance to the audit goal

  • Internal audit may evaluate compliancy of implemented security solutions to internal policies and standards

Security audit1
Security Audit

  • Often audit is initiated in order to verify compliancy with regulatory requirements and standards

  • Examples of that would be audit for

    • PCI DSS compliance,

    • ISMS compliance with ISO 27001

    • Network security compliance with ISO 27002

    • SSAE 16

Security audit standards
Security Audit Standards

  • Standards set the framework of security audit planning and implementation

  • Most known standards

    • Control Objective for IT (COBIT)

    • Standards for Attestation Engagements (SSAE 16), replacement for SAS70

Performing quality control
Performing Quality Control

  • The product must meet the requirements

  • It also must meet the time and cost constraints

  • Performing quality control means periodical evaluation of the overall project performance

  • Final testing

Quality control tools
Quality control tools

  • Special tools used to monitor project parameters to ensure that they are compliant with the relevant quality standards

    • Capability Maturity Model (CMM)

    • Six sigma methods

    • Quality metrics and diagrams (Pareto charts, Fish bones)


  • Assume that your company wants to hire new project manager for security projects. Develop a list of quality criteria that you can use in making this hiring decision