Could Your Project be the Reason for a Data Breach?

Part II: The Solution and Its Value

Viewing Cyber Security as a Business Solution

As a continuation of Part I, although advancements in technology have enabled organizational strategies they came with a price to pay given the rise in cyber breaches.  Cyber security continues to be a moving target with no final technological solution insight. Considering the rate of progress in new technologies and their social prevalence, solutions are now more dependent on a person’s mindset, critical thinking abilities, and an increase in individual responsibility. These facts lead us to believe that the most effective resistance against cyber threats must now be built on shifting an individual’s mindset, adjusting human behavior and evolving legacy methodologies. Cyber security has elevated to become a required attribute for successful organizations and career professionals going forward.  Cyber safe practices require a proactive approach in addressing a new generation of cyber breach challenges associated with strategic asset delivery and survivability. The first step project managers should take is to make cyber security a priority and position cyber safe practices as part of the solution in the upfront initiation and planning processes. Project managers and delivery team professionals such as business analysts should also incorporate cyber security practices into the remaining project phases to ensure traceability of established cyber security requirements.
A Gartner research study conducted in 2010 found that reactive versus proactive investment in cyber security could have up to a 70 to 1 price tag. Many of the cyber security challenges that organizations face today have less to do with a technology problem and more to do with the human element and process approach representing the weakest security link within organizations’ cyber infrastructures.  An older but still relevant report on the leading causes of data loss noted that 1 in 2 events had been caused by human error and 1 in 4 were related to policy violations (Source: IT Policy Compliance Group 2007). This highlights the need for greater awareness, education and a refined business approach to delivering cyber safe strategic assets.

Protecting business assets from the evolving dangers of the Internet and mobility infrastructure requires a unified approach across business, IT and security in maintaining business resistance to cyber threats and attacks. For example, a window in your house protects you from weather damage, heating and cooling costs, and unwanted intruders. For the window to function properly, it requires a set of combined controls that involve human process and technologies. These controls include security controls (i.e., requiring a particular lock be part of the design), IT controls (i.e., incorporating the lock into the window design), and the business controls (i.e., ensuring that a daily routine has been established to shut and lock the windows). Without a unified business approach and controls in place that cover all three areas, organizations are at an increased risk of water damage, higher heating and cooling bills, and intruders with easy access.

A Mindset Shift, Behavior Modification and Methodology Change

To truly challenge the advantage cyber attackers have today, managers and individuals require a shift in their mindset towards cyber safety. Although many see cyber security as a technological problem, data breaches show society that this is more of a human behavior problem. Many organizations continue to rely on their employees as their last line of defense but most non-technical roles in the organization do not have the required awareness and education that is necessary to fully minimize an organization’s exposure to cyber threats and attacks.

Proper cyber safety requires a new business awareness, delivery and operational approach to expand an organization’s capabilities and competencies for both non-technical and technical career professionals such as project managers. A new set of data handling and safeguard skills for all employees and third party vendors for handling sensitive data in cyber space has become a fundamental organizational requirement. Business units, business projects and entire organizations must improve preparation by investing in new cyber safe practices starting with awareness training, education and certification programs. This mindset shift, behavioral modification and methodology changes should be followed up with actionable techniques incorporated into the organizational culture and functional processes.

Creating a New Delivery Model Through Cyber Security

Organizations need to take a proactive approach to cyber security and enhance their existing business delivery models tailored to their industry and organization. This new baseline model places an emphasis on planning, designing, building and delivering secure business solutions rather than reacting to data breaches and exposures that your organization could have avoided.

Cyber security must become part of every career professional’s mindset in further shifting an organization to a security-minded culture. In order to level the playing field and begin building resistance against cyber attacks, asset protection demands a multi-dimensional model that includes individuals, organizations and society. In order to gain significant advantage quickly, a new set of baseline standards must be created for organizations to better evaluate the technology and vendor selection processes to ensure a particular vendor or technology solution does not become the reason for a data breach. This becomes even more critical to organizations that have shifted or are making the shift to mobility platforms to enable new business model innovations. Establishing cyber safe planning and delivery performance metrics, empowering your project teams by making security a priority and incorporating cyber safe practices into your business process designs will put your organization in a more defensible position. 

Cyber Security and Project Management: The Perfect Partnership

Three of the main project management functions are managing resources, managing project risk and managing project quality assurance. Given this, let’s review the potential business risks of cyber threats and attacks during the project delivery life cycle. 

Project Management Functions	Cyber Threat & Attack Impacts	Cyber Safe Practice Examples
Managing Resources	Data loss exposure Identities and intellectual property stolen	Incorporate essential practices for project data Cyber safe data assurance management plan
Managing Project Risk	Erosion of customer trust Damage to brand image Stakeholder dissatisfaction	Establish cyber security priorities Establish cyber safe performance metrics
Managing Project Quality Assurance	Low-quality projects: open windows Low-quality deliverables: easy targets Inadequate testing of threats	Incorporate scenario-based threat testing Develop cyber deliverables checklist Develop business incident response plan

Table 1.0: PM Functions, Cyber Threat and Attack Impacts, and Cyber Safe Practice Examples

Cyber security must be part of your solution going forward to remain competitive, to retain your constituents’ trust and to attract the top talent necessary to compete in the Internet market. Do not wait until your project or organization’s assets have been compromised by cyber attackers to begin making an essential business practice shift—start establishing and incorporating your delivery process with cyber safe practices today. Minimize your chances of being an easy target and establish cyber safety as a new benchmark for project management success. Organizations and career professionals, including executives, must make cyber security a priority by investing upfront in the strategic planning and delivery process to integrate cyber security as a competitive advantage in the products and services they offer. Project managers armed with cyber security knowledge and techniques will deliver higher quality projects, increase their marketability and help PMOs achieve greater project success.

Don’t forget to leave your comments below.

---

The information presented in this article is intended as general advice. Specific advice would require a qualified organization to become familiar with the facts of you or your organization’s particular situation. 

---

Eben Berry is President and Founder of Cyber Inspectors LLC. Mr. Berry formed a new venture enabling companies to have greater preparedness in responding to growing concerns with cyber-attacks.  As a former CISO, his twenty three years of experience across Military, Fortune 1000 and non-profit organizations centered on business, technology and information security. He received his MBA from Northeastern University.

Ehsan Sabaghian is Sr. Director of Business Development at Cyber Inspectors LLC. After receiving his 2^nd master’s degree in information technology management from Clark University, MA, Mr. Sabaghian joined Cyber Inspectors LLC. An information systems expert with extensive background in business management, he emerged as a strong change agent SME on many large IT projects.

About Cyber Inspectors™ LLC. Founded in 2011 and based in Burlington, MA, Cyber Inspectors is focused on cyber security and enabling companies to achieve greater organizational preparedness in responding to cyber threats and attacks. Cyber Inspectors has developed a new Business Delivery Assurance Model™ focused on cyber safe essential practices, response capabilities and strategic investment of security.