1 / 27

Project Management Methodology

Project Management Methodology. Quality Control. What constitute the product quality?. ISO definition of Quality: “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs” More practical definition: Conformance to requirements

misha
Télécharger la présentation

Project Management Methodology

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Project Management Methodology Quality Control

  2. What constitute the product quality? • ISO definition of Quality: • “The totality of characteristics of an entity that bear on its ability to satisfy stated or implied needs” • More practical definition: • Conformance to requirements • Fitness to use, means a product can be used as intended

  3. Project Quality Management • The following processes are in place: • Planning for quality • Performing quality assurance • Performing quality control

  4. Planning for quality • Define the product requirements and evaluate them from business perspective • Do they ensure improved security? • Would they fit to up-to-date technology? • Do they improve a user’s experience? • Are they in sync with the enterprise security requirements? • Do they comply with regulatory requirements?

  5. Planning for quality (cont) • Three main sources of security requirements: • Security risk assessment results • Legal, statutory, regulatory, and contractual requirements • The particular set of principles, objectives and business requirements specific for the company

  6. Planning for quality (cont) • Define documents you need to manage quality through the project, e.g. Quality Management Plan • Define standards to be followed in the project development and control • Create appropriate metrics and/or quality checklist

  7. Security Solutions Quality Standards • Information Security Management System (ISMS) is a framework for an enterprise security architecture that summarizes security solutions implemented by the company • Quality requirements for security solutions have been presented by the following two standards: • ISO 27001. “…Security technique. ISMS – Requirements” • ISO 27002. “…Code of practice for information security management”

  8. Security Solutions Quality Standards • ISO 27001 provides the list of security requirements that any company should consider, and relevant security controls to be implemented • ISO 27002 provides best practice recommendations and guideline for security controls implementation

  9. Security Solutions Quality Standards • Other relevant security standards • PIPEDA – Canadian standard for data privacy • PCI DSS – Payment Card Industry Data Security Standard • PA-DSS – Payment Application Data Security Standard • FIPS 140 – The requirements and standards for cryptographic modules

  10. Planning for quality • Quality management plan is a deliverable where you describe: • Quality criteria • Methodology and standards • Quality assurance process and checkpoints • Resources requirements • Methods of applying corrective actions • Quality assurance checklist

  11. Performing Quality Assurance • Quality assurance includes activities related to satisfying quality requirements for a project • Quality assurance is the product of integration of the solution development process with related processes in the company organizational model • Strict enforcement of the processes is the basis of the product quality

  12. Performing Quality Assurance • Major processes are: • Secure system development lifecycle • Change management • Release management • Configuration management • Project management • Companies must have the processes enforced to be compliant with security standards

  13. Performing Quality Assurance • Secure SDLC • Security is built into the product from the beginning • Every stage has relevant security deliverables • Required resources have been provisioned into the project • Control activity consider security in scope

  14. Change management • Formal change control must be implemented • Change control assumes having a formal processes and procedures of • Filing Change Requests (CR) • Reviewing CRs by major stakeholders • Approval following standard process • Planning for implementation

  15. Change management • If approved, CR will be promoted to implementation and respectively will be covered by other processes, such as project management, release management, configuration management • Change Management tool should allow recording of the decisions made during the CR review

  16. Change management • Change management assures that • All changes are clearly defined, documented and communicated • Approval is obtained before proceeding • Changes are tested • Deployment will be allowed only for authorized changes • Post-implementation review conducted

  17. Release Management • Coordinate the processes through the system development life cycle • Ensure the quality of production version • Manage the project artifacts

  18. Release Management Processes • Processes/activities • Release Design • Monitor and Verify the progress of Release • Obtain sign-off • Approve Production Implementation • Coordinate Release Deployment Activity • Implement Release • Post Implementation Review • Security solutions should be built-in into one of upcoming releases

  19. Configuration management • Must ensure that the descriptions of the project products are correct, complete, and consistent at any point of time • Configuration management activities: • Identify and document the functional and physical characteristics of the products • Control any changes to such characteristics • Record and report changes • Audit the product to verify conformance to requirements

  20. Configuration management • The scope of configuration management (CM) depends on the subject • Standards define • CM for software • CM for computer hardware

  21. Configuration management • All components of a computer system must be registered with CM and recorded into CM database • CM responsibilities: • identification • control • status accounting • verification

  22. Security Audit • This is verification of implemented security solutions • Baseline for verification is established in accordance to the audit goal • Internal audit may evaluate compliancy of implemented security solutions to internal policies and standards

  23. Security Audit • Often audit is initiated in order to verify compliancy with regulatory requirements and standards • Examples of that would be audit for • PCI DSS compliance, • ISMS compliance with ISO 27001 • Network security compliance with ISO 27002 • SSAE 16

  24. Security Audit Standards • Standards set the framework of security audit planning and implementation • Most known standards • Control Objective for IT (COBIT) • Standards for Attestation Engagements (SSAE 16), replacement for SAS70

  25. Performing Quality Control • The product must meet the requirements • It also must meet the time and cost constraints • Performing quality control means periodical evaluation of the overall project performance • Final testing

  26. Quality control tools • Special tools used to monitor project parameters to ensure that they are compliant with the relevant quality standards • Capability Maturity Model (CMM) • Six sigma methods • Quality metrics and diagrams (Pareto charts, Fish bones)

  27. Exercise • Assume that your company wants to hire new project manager for security projects. Develop a list of quality criteria that you can use in making this hiring decision

More Related