Security Audit of a Government Agency
My company was hired as part of a contract bid to conduct an
audit and network security assessment of a federal agency at multiple sites
across the U.S. The project was
initiated by the headquarters for this particular agency (at Washington DC),
but the work was to be conducted at the various local sites. My role was Project Technical Lead as well as
the Lead Security Control Assessor for federal government sites in Hawaii. Working with my project team, we met all the
required deliverables with just a slight slippage in the delivery date; however,
it was a very difficult project with multiple stakeholders and issues.
Processes, project artifacts and activities that contributed to the success
of this project:
From The project management minimalist: Just enough
PM to rock your projects! (Greer, 2010)
Step 2: Get your team together and start the project (p 10).
Processes from this step that contributed to the success of his project
included putting together a project kick off meeting with the customer (local
stakeholders) which (1) introduced team members and their roles and
responsibilities, (2) defined objectives, (3) defined the project scope, (4)
defined deliverables, (5) identified
risks and assumptions and (6) provided a
proposed schedule. The initial face-to-face
meeting went well and presented the customer with the requirements, while
allowing the local customer/stakeholder to have input on the project, such as
the schedule and scope.
Step 4: Figure out what you need to do to complete the work products.
(Identify tasks and phases.) (p.
17). Processes from this step that contributed to the success of his
project included reviewing the
initial list of deliverables and identifying the specific tasks that needed to
be accomplished. These were identified
and tracked online where the overall PM could track the progress.
Step 5: Estimate time, effort, and resources (p. 20). Processes from this step that contributed to
the success of his project included assembling the core team and obtaining
additional resources. For example, a
penetration test of the network was required as a deliverable and no one on the
team had the skills to perform this skill so a new team member was hired. Team
members met regularly to discuss the level of effort and resources required to
complete the various tasks.
Processes, project artifacts and activities that were not included that
could have made the project more successful:
From Project management: Planning,
scheduling, and controlling projects. (Portny,
et. al., 2008)
Not involving all key project
stakeholders (p. 106) and Lack of commitment by all team members to the project’s
success (p. 108). While this
project was part of a multi-site project, the PM and customer rep/stakeholder
did not obtain approval/buy-in from the local customer/stakeholders resulting
in resentment towards the project team and their efforts to complete the
project. Obtaining information from some of these
stakeholders became very difficult throughout the project.
Not identifying and sharing key project assumptions (p. 107). Members of teams working the project at other
sites had information about the project, but were hesitant or late in sharing
the information. In addition, our
customer asked us to modify the standard assumptions so that the team could
provide the customer with better feedback in areas where they were weak or
needed to improve. Other sites did not
follow this guidance; however, had we followed the project assumption as
written, the project would have been a complete disaster as the majority of the
items to evaluate would have been “skipped” because the site was not ready for
the review.
References:
Greer. M. (2010). The project management minimalist: Just enough PM to rock your projects! (laureate custom ed.). Baltimore: Laureate Education, Inc.
Portny,
S. E., Mantel, S. J., Meredith, J. R., Shafer, S. M., Sutton, M. M., & Kramer,
B. E. (2008). Project management: Planning, scheduling, and controlling
projects. Hoboken, NJ: John Wiley & Sons, Inc
No comments:
Post a Comment