Abstract
Security project management must take into consideration the business requirements of the enterprise, the extension and complexity of its networked information system and the evolution of attack techniques. The efficiency of such project presumes a thorough cost-benefit analysis of the structure and dynamics of the IT components as well as the assessment of human and organisational parameters. Managers are more and more concerned with how security costs are planned, monitored and controlled. To this end, managers need a cost model including cost representation and risk parameters and capable of adapting company operational procedures, resource management, and corporate strategy to the evolution of digital risk. However, we have noticed a lack of security cost models in the project management literature. Only cost factors related to the technical task of security project have been addressed. This paper discusses the limits of the available technical cost models and proposes additional cost parameters including organizational, human and managerial aspects that must be considered and assessed in order to provide a more accurate estimation of security project cost. Our attempt is to provide two general cost models integrating these parameters. To conduct an accurate estimation of the involved parameters, a methodology is described based on expert intervention and decision making.
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Yeo, K. T. (2002) Critical factors in information system projects, International Journal of Project Management 20: 241–246.
Stewart, R. A. (2008) A framework for the life cycle management of information technology projects: ProjectIT, International Journal of Project Management, 26: 203–212.
Raymond, L. and F. Bergeron (2008) Project management information systems: An empirical study of their impact on project managers and project success, International Journal of Project Management, 26: 213–220.
Liang, C. and Q. Li (2007) Enterprise information system project selection with regard to BOCR, International Journal of Project Management, article in press.
Henry, R.M., McCray, G.E., Purvis, R.L. and Roberts, T.L. (2007) Exploiting organizational knowledge in developing IS project cost and schedule estimates: An empirical study, Information and Management, 44: 598–612.
Whelan, E. and F. McGrath (2002) A study of the total life cycle costs of an E-commerce investment. A research in progress, Evaluation and Program Planning 25: 191–196.
Boehm, B. W., C. Abts, et al. (2000) Software Cost Estimation with COCOMO II, Prentice Hall, Englewood Cliffs, NJ.
Boehm, B. W., R. Valerdi, et al. (2005) COCOMO Suite Methodology and Evolution, CROSSTALK The Journal of Defense Software Engineering, 20–25.
Krichene, J., and N. Boudriga (2007) Network Security Project Management: A Security Policy-based Approach, IEEE International Conference on Systems, Man, and Cybernetics, Canada.
Krichene, J., and N. Boudriga (2008) Managing Network Security Projects: Classification models and Scale Effect, The International Conference on Information & Communication Technologies: from Theory to Applications, Damascus, Syria.
Author information
Authors and Affiliations
Corresponding author
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2009 Physica-Verlag Heidelberg
About this chapter
Cite this chapter
Sadok, M. (2009). Managing Security Projects: Proposition of a Cost Model. In: D'Atri, A., Saccà , D. (eds) Information Systems: People, Organizations, Institutions, and Technologies. Physica-Verlag HD. https://doi.org/10.1007/978-3-7908-2148-2_28
Download citation
DOI: https://doi.org/10.1007/978-3-7908-2148-2_28
Published:
Publisher Name: Physica-Verlag HD
Print ISBN: 978-3-7908-2147-5
Online ISBN: 978-3-7908-2148-2
eBook Packages: Business and EconomicsBusiness and Management (R0)