V IE WPOIN TS
>Join the discussion on PMI.org/Voices
In “Risk Simulation” Sanjay Saini, PMP, says
there are two risks common to IT projects: a
critical project worker going on emergency
leave, and a database server crashing. He suggests simulating each of these risks to see how
you manage the project and your team.
tracks whether security restrictions are operating as
defined. We perform a positive test to, say, ensure an
accounts payable clerk can create purchase orders, followed by a negative test to ensure that he or she cannot
perform conflicting responsibilities such as executing the
payment run. Project managers must ensure that a cycle of
negative testing is included in the project plan to highlight
potential security threats.
Tip 5: Don’t lose momentum.
As the go-live date approaches, project teams have to distribute access changes and set up new users. Passwords will
need resetting, and user accounts must activate on day one
and not before. These activities all need to be timed appropriately to ensure minimal disruption to the business.
VOICES ON PROJECT MANAGEMENT
“In a project where time is a constraint, you
can’t afford to spend time on simulating the basic
risks,” writes Prasad Karnati, PMP, in a comment.
Tip 4: Test, test and test again.
Security is often overlooked during the test phase of a
project. But performing user-acceptance testing helps
ensure that everything runs smoothly on go-live day and
there are no holdups due to system access restrictions.
Testing new functionality often needs to be performed
with wide system access to ensure things work effectively
without constraints. However, these tests must be repeated
with security restrictions in place. For example, initial testing of the staff address update function of a new employee
self-service portal might take place using wide access to
make sure the system works. However, in the live environment, employees typically have very limited access to the
human resources system. An organization must test that,
once access is restricted to its intended levels, the employees who need to can still update the necessary information.
Teams must also implement negative testing, which
Involving IT security throughout the project life cycle will
ensure that security is a fully integrated part of the process
and all team members are pulling in the same direction. It
also demonstrates an organization’s commitment to best
practices—and safeguards its potentially business-critical
information assets. PM
Richard Hunt founded Turnkey Consulting, an IT security
company, in 2004. Based in
London, England, he has worked
on security projects for more
than a decade across the United
Kingdom, Asia and Australia.
RAISE YOUR VOICE No one knows project management better than you, the
practitioners “in the trenches.” Every month, project managers share ideas, experiences and
opinions on everything from sustainability to talent management and all points in between in the
Voices on Project Management column. If you’re interested in contributing, please send your idea