Projects and stakeholders
Kees just wrote something about project management, change management and the involvement of the information security officer in projects.
He argues that the information security officer should be involved in almost any project and he’s probably right about that.
More generally speaking, the information security officer is ‘just another stakeholder’ for any project. And for a project to be successful, it should pay attention to the needs of its stakeholders.
But… while there are many stakeholders, there is usually only one sponsor of the project. Does he consider ‘information security’ important to ‘his’ project? Who would have to convince him that he should reserve some resources to achieve an acceptable level of information security?
Seems like a perfect role for the information security officer. Even better if that officer is backed by a proper information security policy (I guess it isn’t a coincidence that Kees has an opinion about that too ;-)).
Doesn’t it all come down to the fact that we tend to overlook the Ilities in projects?
