Managing Security Projects: Proposition of a Cost Model
Security project management must take into consideration the business requirements of the enterprise, the extension and complexity of its networked information system and the evolution of attack techniques. The efficiency of such project presumes a thorough cost-benefit analysis of the structure and dynamics of the IT components as well as the assessment of human and organisational parameters. Managers are more and more concerned with how security costs are planned, monitored and controlled. To this end, managers need a cost model including cost representation and risk parameters and capable of adapting company operational procedures, resource management, and corporate strategy to the evolution of digital risk. However, we have noticed a lack of security cost models in the project management literature. Only cost factors related to the technical task of security project have been addressed. This paper discusses the limits of the available technical cost models and proposes additional cost parameters including organizational, human and managerial aspects that must be considered and assessed in order to provide a more accurate estimation of security project cost. Our attempt is to provide two general cost models integrating these parameters. To conduct an accurate estimation of the involved parameters, a methodology is described based on expert intervention and decision making.
KeywordsCost Model Business Requirement Enterprise Activity Effort Multiplier Security Cost
Unable to display preview. Download preview PDF.
- 4.Liang, C. and Q. Li (2007) Enterprise information system project selection with regard to BOCR, International Journal of Project Management, article in press.Google Scholar
- 7.Boehm, B. W., C. Abts, et al. (2000) Software Cost Estimation with COCOMO II, Prentice Hall, Englewood Cliffs, NJ.Google Scholar
- 8.Boehm, B. W., R. Valerdi, et al. (2005) COCOMO Suite Methodology and Evolution, CROSSTALK The Journal of Defense Software Engineering, 20–25.Google Scholar
- 9.Krichene, J., and N. Boudriga (2007) Network Security Project Management: A Security Policy-based Approach, IEEE International Conference on Systems, Man, and Cybernetics, Canada.Google Scholar
- 10.Krichene, J., and N. Boudriga (2008) Managing Network Security Projects: Classification models and Scale Effect, The International Conference on Information & Communication Technologies: from Theory to Applications, Damascus, Syria.Google Scholar