Project wk 9
1
2
DIT
Student
Instructor
University affiliation
Class Name
Date
Research Topic
Information Security Governance and Risk Management in IT Project Management
Analysis of the Existing Project Management Literature
Project risk management is essential in IT project management. This process involves defining, assessing, and managing risks that may hinder project success, as defined by Ayat et al. (2021). Experiences presented as works of literature contain different aspects of Risk Management Frameworks like PRINCE2 and PMBOK. They have also focused on including risk management in the overall project life cycle to aid in decision-making and consequently boost the projects’ performance (Project Management Institute, 2017). Further, the literature has indicated that information security governance can assist in managing risks attributed to data breaches, cyber threats, and compliance risks.
Further, there is literature involving different cases pointing out the absence of integration between information security and project risk management, which is highlighted by tremendous project failure. For instance, major data breaches and system downtimes are linked to mediocre risk management frameworks that failed to adequately address information security (Aquino Cruz et al., 2020). Thus, there is a pressing need to adequately garner strategies that address both realms.
Research Problem Background
However, there are some limitations in the existing literature regarding the implementation of frameworks of project risk management in information security governance. Many organizations struggle to implement sufficient risk management strategies in relation to their information security policies because most are unnaturally exposed to cyber threats. This void can be observed in IT project management based on Alghamdi et al., 2020.
Also, the importance of information security governance in maintaining organizational integrity and compliance with legal requirements is being recognized. Sound governance contributes to the sustainable and continuous implementation of information security policies in line with the organization’s goals (Malatji, 2023). This study will seek to bring the existing knowledge gap that currently separates information security governance and project risk management into focus when managing information technology projects.
Research Problem Statement
This concern is alarming in the current world, where organizations’ operations rely heavily on digital infrastructure, which comes with the threat of cyber risks. Managers tend to deal with information security and project management separately, and this brings vulnerabilities that enemies will exploit. Thus, the research aims to create a framework to minimize risks and meet the objectives and requirements of the organization.
Purpose and Scope
This research work deconstructs the contemporary strategies for integrating information security supervision with the supervision of project risks in IT project management. It provides a universal model to address the gaps that have been identified. In this kind of student study, many relevant components are analyzed, including critical aspects from existing literature, assessment of examples in practice, and development of a proper conceptual framework to be applied to real-life IT projects.
Research Question
What approach would best facilitate coordinating and incorporating information security oversight into project risk management to enhance the overall risk-handling approach in IT project management?
Methods
This research will, therefore, use a generalized quantitative research approach comprising lively and interactive interviews with IT project managers and information security personnel, among other relevant individuals (Liamputtong, 2020). The interviews will last between fifteen to thirty minutes per conversation and focus on the interviewees’ views and practice of integrating information security governance and project risk management. Data will be thematically analyzed from these discussions.
Theoretical Foundation
The investigation into technology acceptance will use a model known as the Technology Acceptance Model (TAM), accompanied by the General Systems Theory. Similarly, TAM is believed to help explain aspects that influence the acceptance and usage of integrated risk management strategies (Davis et al., 2024). At the same time, according to the concept of General Systems Theory, which focuses on interactions, the relationships between information security governance and project risk management will be presented.
Target Population
The population of interest for this research involves responding to IT project managers, information security specialists, and other entities involved with managing IT projects within medium—to large organizations, focusing on technological and financial industry sectors.
Eligibility Criteria
They must also have a minimum of five years of experience in project management within the IT field or supervising the ISG program. They should have worked on at least one IT project that involved extensive risk management activities.
Ethical Considerations
Concerns with ethics for this study include the privacy of the participants, obtaining consent, and protecting them from harm, as suggested by Zimmer (2020). Each subject will be informed of the purpose of the research activity, their individual responsibilities, and their right to withdraw from participation at any time. This data shall be kept confidential and only be used for research without divulging the participants' identities.
Gaps in Practice (DIT)
There is a clear absence and possible direction for further research regarding integrating risk management frameworks that combine information security governance with project risk management (Lee, 2020). Many organizations cannot coordinate these aspects and integrate them smoothly, which leads to complications and an increased risk level. This research plans to fill this gap by providing a comprehensive framework for practitioners to follow, which is an attempt to improve risk management practices in IT projects.
References
AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & security, 99, 102030.
Aquino Cruz, M., Huallpa Laguna, J. N., Huillcen Baca, H. A., Carpio Vargas, E. E., & Palomino Valdivia, F. D. L. (2020, October). Implementation of an Information Security Management System based on the ISO/IEC 27001: 2013 standard for the information technology division. In The International Conference on Advances in Emerging Trends and Technologies (pp. 264-272). Cham: Springer International Publishing.
Ayat, M., Imran, M., Ullah, A., & Kang, C. W. (2021). Current trends analysis and prioritization of success factors: a systematic literature review of ICT projects. International journal of managing projects in business, 14(3), 652-679.
Davis, F. D., Granić, A., & Marangunić, N. (2024). The technology acceptance model: 30 years of TAM. Springer International Publishing AG.
ISO/IEC 27001:2013. Information technology – Security techniques – Information security management systems – Requirements.
Lee, I. (2020). Internet of Things (IoT) cybersecurity: Literature review and IoT cyber risk management. Future internet, 12(9), 157.
Liamputtong, P. (2020). Qualitative research methods.
Malatji, M. (2023, January). Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. In 2023 International conference on cyber management and engineering (CyMaEn) (pp. 117-122). IEEE.
Prince2. (2017). Managing Successful Projects with PRINCE2.
Project Management Institute. (2017). A Guide to the Project Management Body of Knowledge (PMBOK Guide).
Zimmer, M. (2020). “But the data is already public”: on the ethics of research in Facebook. In The ethics of information technologies (pp. 229-241). Routledge.