Information security in project management
I was wondering what information security in project management means practically. I am thinking that information should be protected by ensuring least privileged access rights, physical access security, etc - would this be a correct analysis of this control please?
Assign topic to the user
In short, you can think the inclusion of information security in project management as if you are going to implement a small ISMS that will fit the project's needs and be proportional to the project's lifetime and budget:
- You have to define information security objectives and include them in the project objectives, the same way you define information security objectives for an ISMS aligned with organization's objectives, the only difference is that these objectives are restricted to the scope of the project.
- You have to perform at the beginning, and periodically, information risk assessments in the project and identification of applicable legal requirements, like you would do it with other business processes, to identify necessary controls (the controls you mentioned should be based on this step)
- You have to ensure that information security practices are part of all phases of the project (e.g., from the issue of the project charter to project closing).
This article will provide you a further explanation about Information security in project management:
- How to manage security in project management according to ISO 27001 A.6.1.5 https://advisera.com/27001academy/what-is-iso-27001/
Comment as guest or Sign in
Jul 07, 2020