Sunday, September 20, 2015, AM | Leave Comment
Security on a project is often implemented as a result of your risk management process. In the mid-eighties, it was not unusual to walk in the front door of many companies and visit whomever you wanted without any challenge.
Some of these were huge companies. One company in particular started to require salespeople to register with the central receptionist.
However, this was not done in the name of security, but was a response to complaints from managers about all the salespeople knocking at their doors.
For good or for bad, those days are pretty much gone. Over the past 15 years, companies have become more conscious of the need for security at all levels.
More sophisticated security is the rule. The goal is to allow all employees to have access to everything they need to do their jobs – and not one thing more!
Security is a broad term and the development of your overall security policy requires help from many different organizations. Let’s look at some of the players who are involved.
Your Facilities Department is typically responsible for the physical safety and security of the people in the company.
This includes things like making sure that spills are cleaned up to avoid injuries and conducting fire drills to make sure people know what to do in an emergency.
Facilities is also typically responsible for having guards at the front of the building, establishing a reception area where all visitors wait, issuing badges to authorized employees and contractors, setting up badge reading equipment, etc.
All of this is to ensure a safe and secure working environment for everyone at the facility.
Human Resources (HR)
HR has two main roles in security. First, they develop policies for how people interact with each other.
From a safety and security standpoint, this includes policies on workplace harassment, threats, retribution, etc.
Second, they help determine the consequences associated with unwanted and careless behavior related to security.
For instance, workplace harassment should result in immediate termination, regardless of how “valuable” an employee is in their job.
You internal and external auditors are typically interested in making sure that you have good, sound security policies in place – and that you are following them.
The best laid plans are meaningless if they are not executed, and auditing makes sure that security is in place and enforced appropriately.
Each Business Unit needs to have security policies that cover their business information, raw data, reports, trade secrets, etc.
For instance, certain financial reports may need to be designated “Highly Confidential” and kept in locked drawers when not being used.
On the other hand, certain Human Resources information, such as the company benefits package, may be accessible by all employees (although not necessarily available to outside parties).
Different companies have different names for this group, but they are the ones responsible for the security, reliability and integrity of the computer network.
This group makes sure that the entire network is safe from hackers, firewalls protect the network from outside access, and data and databases are protected and secure.
They also watch over the email system to be diligent for viruses, and respond quickly if a virus gets onto the network.
The development group must build the proper level of security into the business applications.
This can include passwords to gain access into applications, as well as making sure that people only have access to the business information they need for their job.
This responsibility is in partnership with the Business Units. The Business Units define the policy for their applications and their data.
The development group needs to rigorously enforce that policy in the applications they develop.
Most companies have a person or a group that has overall responsibility for security. As you can see, there are many groups involved with the various aspects of security.
However, this Security Group is vital to coordinate the various activities and make sure that everything is consistent and coherent.
One of the primary roles of this group is also to build awareness.
In many cases, security breaches are not the result of malicious acts, but are the result of people not understanding the implications of their actions.
Risk management templates and more. Get your project started quickly with a pre-built set of great project management templates. Buy now and use immediately.
This column is © copyright to www.Method123.com and originally appeared in their weekly project management tip newsletter.
Use the best project management process in the world. Method123 Project Management Methodology (MPMM) is used by tens of thousands of customers around the world.
Take a test drive with the free trial download.
Buy MPMM today – NOW with extra program management and IT development modules.