• Security is a broad term and the development of your overall security policy requires help from many different organisations. 

  • Security breaches are not principally the result of malicious acts, but are the result of people not understanding the implications of their actions.

  • Group responsibility for security is generally as follows:

    • Facilities. 

      • typically responsible for the physical safety and security of the people in the company including:

        • cleaning spills to avoid injuries,

        • conducting fire drills to make sure people know what to do in an emergency, 

        • guards at the front of the building, 

        • establishing a reception area where all visitors wait, 

        • issuing badges to authorised employees and contractors, 

        • setting up badge reading equipment, etc.

      • All of this is to ensure a safe and secure working environment for everyone at the facility.

    • Human Resources (HR). 

      • develop policies for how people interact with each other. From a safety and security standpoint, this includes policies on:

        • workplace harassment, 

        • threats, 

        • retribution, etc. 

      • determine the consequences associated with unwanted and careless behavior related to security. 

    • Auditing. 

      • making sure that you have good, sound security policies in place – and that you are following them. 

      • best laid plans are meaningless if they are not executed, and auditing makes sure that security is in place and enforced appropriately.

      • can be internal or external.

    • Business Units. 

      • security policies that cover:

        • business information, 

        • raw data, 

        • reports, 

        • trade secrets, etc. 

      • certain financial reports may need to be designated “Highly Confidential” and kept in locked drawers when not being used.

      • certain Human Resources information, such as the company benefits package, may be accessible by all employees (although not necessarily available to outside parties).

    • Network administration. 

      • responsibilities for the:

        • security, 

        • reliability and 

        • integrity 

        of the computer network. 

      • This group makes sure that the:

        • entire network is safe from hackers, 

        • firewalls protect the network from outside access, and 

        • data and databases are protected and secure. 

        • the email system is viruses free, and respond quickly if a virus gets onto the network.

    • IT development. 

      • The development group must build the proper level of security into the business applications. 

      • This can include:

        • passwords to gain access into applications, 

        • restricting access to only business information people need for their job. 

      • This responsibility is in partnership with the Business Units. 

      • The Business Units define the policy for their applications and their data. 

      • The development group needs to rigorously enforce that policy in the applications they develop.

    • Central coordination

      • Most companies have a person or a group that has overall responsibility for security. 

      • this person or group is vital to coordinate the various activities and make sure that everything is consistent and coherent. 

      • One of the primary is to build awareness. 

See more

Project Management Methodology, Project Management Process, Project Management Methodologies

online PM courses

The Project Management Bookstore