Management Frameworks, InfoSec Principles, and Project Execution

Posted on Oct 31, 2025 in Business Administration and Management (BAM)

Management Characteristics and Approaches

Traditional Management Functions

Management theory often utilizes two primary approaches:

  • POSDC: Planning, Organizing, Staffing, Directing, Controlling
  • POLC: Planning, Organizing, Leading, Controlling

Core Management Functions (POLC)

  • Planning

    The process that develops, creates, and implements strategies for the accomplishment of objectives. The planning process begins with the creation of strategic plans for the entire organization, then divided up into planning elements.

    • Strategic: Long term (5+ years)
    • Tactical: Short term (1ā€“5 years)
    • Operational: Day-to-day

    Goals are the end results of the planning process; Objectives are measurable steps towards achieving the goal.

  • Organizing

    Structuring resources to support the accomplishment of objectives; defining what is to be done, in what order, by whom, the method, and the timeline.

  • Leading

    Encouraging the implementation of planning and organizing; supervising behavior, performance, attendance, and attitude. This addresses the direction and motivation of human resources.

  • Controlling

    Monitoring progress and adjusting plans toward desired objectives; serves to assure the organization of the validity of the plan. This determines what must be monitored as well as applies specific control tools to gather and evaluate information.

The Problem-Solving Process

  1. Recognize and define the problem
  2. Gather facts and make assumptions
  3. Develop solutions
  4. Analyze and compare solutions
  5. Select, implement, and evaluate

Principles of Information Security Management: The Six Pā€™s

  • Planning

    Supports the design, creation, and implementation of information security strategies. Types include: Incident Response, Business Continuity Planning (BCP), Disaster Recovery Planning (DRP), policy, personnel, technology rollout, risk management, and Security Program Planning.

  • Policy

    The set of organizational guidelines that dictates certain behavior within the organization. Three general categories of policies:

    • Enterprise Information Security Policy (EISP): Sets the tone for the InfoSec department across the organization.
    • Issue-Specific Policies: Sets of rules of acceptable behavior within a specific technology.
    • System-Specific Policies (SysSPs):
      • Technical in nature and control the equipment or technology.

  • Programs

    Managed InfoSec entities (e.g., Security Education, Training, and Awareness (SETA), physical security).

  • Protection

    Executed through Risk Management, which includes risk assessment and control mechanisms, tools, and control management.

  • People

    The most critical link ā€“ includes security personnel and the security of personnel, as well as aspects of a SETA program.

  • Projects

    Each InfoSec element is treated as ongoing projects.

Project Management Fundamentals

  • Identify and control resources, measure and adjust progress.
  • InfoSec is a series of projects plus ongoing processes (e.g., risk and vulnerability assessments).
  • Defined as applying knowledge, skills, tools, and techniques.
    • Processes: Initiating, planning, executing, controlling, closing.
    • Temporary resource assembly.

Benefits of Project Management

  • No missed steps
  • Clear responsibilities
  • Defined constraints
  • Measurable milestones

Success is defined as: On-time, within budget, and meeting specifications/deliverables.

Applying Project Management to Security

  • Use PM methodologies like PMBoK (Project Management Body of Knowledge, by PMI).

PMBoK Knowledge Areas for Project Success

  • Integration Management

    Coordinate all parts; includes plan development and adjustment.

  • Scope Management

    Ensuring only necessary activities are performed; avoiding scope creep.

  • Time Management

    Finishing on schedule (activity definition, sequencing, estimating, schedule development and control).

  • Cost Management

    Completing within budget (resource planning, estimating, budgeting, control).

  • Quality Management

    Ensuring deliverables meet specifications (planning, assurance, control).

  • Human Resources Management

    Effective personnel use (planning, acquisition, team development).

  • Communications Management

    Managing project information flow.

  • Risk Management

    Assessing and mitigating risks (identification, quantification, response, control).

  • Procurement Management

    Acquiring resources (planning, selection, contracts).

Project Management Tools and Techniques

  • Software tools (e.g., MS Project) aid modeling; PMI certifications include PMP and CAPM.
  • Projectitis: Excessive focus on documentation rather than real progress.

Work Breakdown Structure (WBS)

  • Break the project into major tasks.
    • Each task includes: activities, duration, required skills, and interdependencies.
    • Add: expenses, assignments, start, and end dates.

Task Sequencing and Network Scheduling

  • Use network scheduling methods (PERT/CPM).

Program Evaluation Review Technique (PERT)

  • Key Questions: Duration? Predecessors? Successors?
  • The Critical Path is the longest path through the project.
  • Slack is the allowable delay time for non-critical tasks.
  • Pros: Simplifies large projects, clearly shows dependencies.
  • Cons: Complex, costly, and inaccurate duration estimates risk plan validity.

Gantt Charts and Automation

Gantt Charts: A bar chart showing activities versus a timeline, which is easy to interpret.

Automated Tools: Help execution but are not a substitute for good management.