安全、灾难和隐私是一个项目和一个项目经理的风险。但项目经理被训练来应对风险。当项目经理完全理解它们时,这些风险得到最好的解决。简言之,我们可以说这一切都是关于保护重要数据及其关键元素CIA(机密性、完整性和可用性),包括使用、存储和传输这些数据的机器和进程。安全性对项目经理来说是一个风险,无论是IT项目还是与电信相关的项目或项目本身。在本文中,我将包括项目经理面临的数据安全风险,如何使用各种安全策略、标准和程序来保护CIA三元组。我会尝试接触更多的信息安全相关的方面,如安全意识和隐私保护等。
What are the steps project managers must incorporate to uphold the security, privacy and disaster recovery policies to prevent Companies sensitive and vital corporate Data
Abstract- Security, disasters and privacy are risks to a project and to a project manager. But project managers are trained to deal with risks. These risks are best addressed when the project manager fully understands them. In a nutshell, we can say it's all about protection of vital data and its critical element CIA(confidentiality, integrity, and availability) including the machines and process that use, store, and transmit that data. Security is a risk to project managers for both implementing a project and perhaps the project itself if it is IT or telecom related. In this paper, I will include the data security risks facing a project manager, How to protect the CIA Triad using various security policies, standards, and procedures. And I will try to touch some more information security related aspects like Security Awareness and privacy protection, etc.
Keywords-Project management; Project Manager; Data Security; Privacy; Security Policies; Confidentiality; Security Awareness.
Almost every project generate or use, some form of information and information technology. Mostly, this information needs to be preserved or isolated by some form of security. Security planning and implementation is an integral part of the overall project life cycle which also include many different issues to be considered when planning a project. Whereas finally what is being safeguarded is the data produced by the machines, the information that data is used to create, and in some manner, the conclusions made based upon that vital data.
A security threat is something that jeopardizes any of the CIA Triad (availability, confidentiality, and integrity) of a machine's data. Security flaws and risks emerge from such threats. Solutions and planning to manage such items begins in the very initiation stages of a project's life with the identification of any of these security related flaws, risks, and threats. In parallel with each phase, efforts work towards constantly identifying new threats and reducing the identified security risks through the diligent planning and proper implementation of risk mitigation strategies specifically developed to resolve each unique threat specifically. Security of vital data and associated technology systems must be considered when planning projects, developing applications, implementing systems, or framework etc. So as to be effective and efficient, security must be organized for and embedded into the systems from the very starting, and monitored periodically throughout the life of the project, and be maintained all along the life of the system. Thereby the result is planning as soon as possible in early stages and embedding security into all phases of a project's life cycle is usually considerably easier and much less cost consuming than waiting till the later project phases to consider it. On the moment when addressing the security for the majority of the data frameworks, it might be a chance to be decayed under three principal segments that are; communications, hardware, and software. Arranging how every from claiming these zones may be ensured includes not the main attention by the people, policy, practice etc.and also, financial considerations with furnish for those Audit from claiming the framework, asset procurement, execution of security solutions, progressing security maintenance and so on.
Figure 1: CIA Triad
The image shows the main goal of such efforts which are to maintain the availability, confidentiality, and integrity of vital information. All information sy
