Project wk 9

profilebribri201316
week2TopicDefintionStatementLA.docx

1

2

DIT

Student

Instructor

University affiliation

Class Name

Date

Research Topic

Information Security Governance and Risk Management in IT Project Management

Analysis of the Existing Project Management Literature

Project risk management is essential in IT project management. This process involves defining, assessing, and managing risks that may hinder project success, as defined by Ayat et al. (2021). Experiences presented as works of literature contain different aspects of Risk Management Frameworks like PRINCE2 and PMBOK. They have also focused on including risk management in the overall project life cycle to aid in decision-making and consequently boost the projects’ performance (Project Management Institute, 2017). Further, the literature has indicated that information security governance can assist in managing risks attributed to data breaches, cyber threats, and compliance risks.

Further, there is literature involving different cases pointing out the absence of integration between information security and project risk management, which is highlighted by tremendous project failure. For instance, major data breaches and system downtimes are linked to mediocre risk management frameworks that failed to adequately address information security (Aquino Cruz et al., 2020). Thus, there is a pressing need to adequately garner strategies that address both realms.

Research Problem Background

However, there are some limitations in the existing literature regarding the implementation of frameworks of project risk management in information security governance. Many organizations struggle to implement sufficient risk management strategies in relation to their information security policies because most are unnaturally exposed to cyber threats. This void can be observed in IT project management based on Alghamdi et al., 2020.

Also, the importance of information security governance in maintaining organizational integrity and compliance with legal requirements is being recognized. Sound governance contributes to the sustainable and continuous implementation of information security policies in line with the organization’s goals (Malatji, 2023). This study will seek to bring the existing knowledge gap that currently separates information security governance and project risk management into focus when managing information technology projects.

Research Problem Statement

The following study seeks to understand the poor implementation of ISG and PRM within IT project management. Its purpose is to determine how these two critical components can be improved to become more in phase, thus, improving the general management of risks within information technology projects.

This concern is alarming in the current world, where organizations’ operations rely heavily on digital infrastructure, which comes with the threat of cyber risks. Managers tend to deal with information security and project management separately, and this brings vulnerabilities that enemies will exploit. Thus, the research aims to create a framework to minimize risks and meet the objectives and requirements of the organization.

Purpose and Scope

This research work deconstructs the contemporary strategies for integrating information security supervision with the supervision of project risks in IT project management. It provides a universal model to address the gaps that have been identified. In this kind of student study, many relevant components are analyzed, including critical aspects from existing literature, assessment of examples in practice, and development of a proper conceptual framework to be applied to real-life IT projects.

Research Question

What approach would best facilitate coordinating and incorporating information security oversight into project risk management to enhance the overall risk-handling approach in IT project management?

Methods

This research will, therefore, use a generalized quantitative research approach comprising lively and interactive interviews with IT project managers and information security personnel, among other relevant individuals (Liamputtong, 2020). The interviews will last between fifteen to thirty minutes per conversation and focus on the interviewees’ views and practice of integrating information security governance and project risk management. Data will be thematically analyzed from these discussions.

Theoretical Foundation

The investigation into technology acceptance will use a model known as the Technology Acceptance Model (TAM), accompanied by the General Systems Theory. Similarly, TAM is believed to help explain aspects that influence the acceptance and usage of integrated risk management strategies (Davis et al., 2024). At the same time, according to the concept of General Systems Theory, which focuses on interactions, the relationships between information security governance and project risk management will be presented.

Target Population

The population of interest for this research involves responding to IT project managers, information security specialists, and other entities involved with managing IT projects within medium—to large organizations, focusing on technological and financial industry sectors.

Eligibility Criteria

They must also have a minimum of five years of experience in project management within the IT field or supervising the ISG program. They should have worked on at least one IT project that involved extensive risk management activities.

Ethical Considerations

Concerns with ethics for this study include the privacy of the participants, obtaining consent, and protecting them from harm, as suggested by Zimmer (2020). Each subject will be informed of the purpose of the research activity, their individual responsibilities, and their right to withdraw from participation at any time. This data shall be kept confidential and only be used for research without divulging the participants' identities.

Gaps in Practice (DIT)

There is a clear absence and possible direction for further research regarding integrating risk management frameworks that combine information security governance with project risk management (Lee, 2020). Many organizations cannot coordinate these aspects and integrate them smoothly, which leads to complications and an increased risk level. This research plans to fill this gap by providing a comprehensive framework for practitioners to follow, which is an attempt to improve risk management practices in IT projects.

References

AlGhamdi, S., Win, K. T., & Vlahu-Gjorgievska, E. (2020). Information security governance challenges and critical success factors: Systematic review. Computers & security, 99, 102030.

Aquino Cruz, M., Huallpa Laguna, J. N., Huillcen Baca, H. A., Carpio Vargas, E. E., & Palomino Valdivia, F. D. L. (2020, October). Implementation of an Information Security Management System based on the ISO/IEC 27001: 2013 standard for the information technology division. In The International Conference on Advances in Emerging Trends and Technologies (pp. 264-272). Cham: Springer International Publishing.

Ayat, M., Imran, M., Ullah, A., & Kang, C. W. (2021). Current trends analysis and prioritization of success factors: a systematic literature review of ICT projects. International journal of managing projects in business, 14(3), 652-679.

Davis, F. D., Granić, A., & Marangunić, N. (2024). The technology acceptance model: 30 years of TAM. Springer International Publishing AG.

ISO/IEC 27001:2013. Information technology – Security techniques – Information security management systems – Requirements.

Lee, I. (2020). Internet of Things (IoT) cybersecurity: Literature review and IoT cyber risk management. Future internet, 12(9), 157.

Liamputtong, P. (2020). Qualitative research methods.

Malatji, M. (2023, January). Management of enterprise cyber security: A review of ISO/IEC 27001: 2022. In 2023 International conference on cyber management and engineering (CyMaEn) (pp. 117-122). IEEE.

Prince2. (2017). Managing Successful Projects with PRINCE2.

Project Management Institute. (2017). A Guide to the Project Management Body of Knowledge (PMBOK Guide).

Zimmer, M. (2020). “But the data is already public”: on the ethics of research in Facebook. In The ethics of information technologies (pp. 229-241). Routledge.