Managing Security Projects: Proposition of a Cost Model



Security project management must take into consideration the business requirements of the enterprise, the extension and complexity of its networked information system and the evolution of attack techniques. The efficiency of such project presumes a thorough cost-benefit analysis of the structure and dynamics of the IT components as well as the assessment of human and organisational parameters. Managers are more and more concerned with how security costs are planned, monitored and controlled. To this end, managers need a cost model including cost representation and risk parameters and capable of adapting company operational procedures, resource management, and corporate strategy to the evolution of digital risk. However, we have noticed a lack of security cost models in the project management literature. Only cost factors related to the technical task of security project have been addressed. This paper discusses the limits of the available technical cost models and proposes additional cost parameters including organizational, human and managerial aspects that must be considered and assessed in order to provide a more accurate estimation of security project cost. Our attempt is to provide two general cost models integrating these parameters. To conduct an accurate estimation of the involved parameters, a methodology is described based on expert intervention and decision making.


Cost Model Business Requirement Enterprise Activity Effort Multiplier Security Cost 
These keywords were added by machine and not by the authors. This process is experimental and the keywords may be updated as the learning algorithm improves.


Unable to display preview. Download preview PDF.

Unable to display preview. Download preview PDF.


  1. 1.
    Yeo, K. T. (2002) Critical factors in information system projects, International Journal of Project Management 20: 241–246.CrossRefGoogle Scholar
  2. 2.
    Stewart, R. A. (2008) A framework for the life cycle management of information technology projects: ProjectIT, International Journal of Project Management, 26: 203–212.CrossRefGoogle Scholar
  3. 3.
    Raymond, L. and F. Bergeron (2008) Project management information systems: An empirical study of their impact on project managers and project success, International Journal of Project Management, 26: 213–220.CrossRefGoogle Scholar
  4. 4.
    Liang, C. and Q. Li (2007) Enterprise information system project selection with regard to BOCR, International Journal of Project Management, article in press.Google Scholar
  5. 5.
    Henry, R.M., McCray, G.E., Purvis, R.L. and Roberts, T.L. (2007) Exploiting organizational knowledge in developing IS project cost and schedule estimates: An empirical study, Information and Management, 44: 598–612.CrossRefGoogle Scholar
  6. 6.
    Whelan, E. and F. McGrath (2002) A study of the total life cycle costs of an E-commerce investment. A research in progress, Evaluation and Program Planning 25: 191–196.CrossRefGoogle Scholar
  7. 7.
    Boehm, B. W., C. Abts, et al. (2000) Software Cost Estimation with COCOMO II, Prentice Hall, Englewood Cliffs, NJ.Google Scholar
  8. 8.
    Boehm, B. W., R. Valerdi, et al. (2005) COCOMO Suite Methodology and Evolution, CROSSTALK The Journal of Defense Software Engineering, 20–25.Google Scholar
  9. 9.
    Krichene, J., and N. Boudriga (2007) Network Security Project Management: A Security Policy-based Approach, IEEE International Conference on Systems, Man, and Cybernetics, Canada.Google Scholar
  10. 10.
    Krichene, J., and N. Boudriga (2008) Managing Network Security Projects: Classification models and Scale Effect, The International Conference on Information & Communication Technologies: from Theory to Applications, Damascus, Syria.Google Scholar

Copyright information

© Physica-Verlag Heidelberg 2009

Authors and Affiliations

  1. 1.Institute of Technology in CommunicationsTunisTunisia

Personalised recommendations