A project’s data-security risks “should be addressed
from day zero” and then continuously revisited, says
Anass El Alaoui El Bahi, PMP, senior IT project manager for Moroccan broadcaster Société Nationale de
Radiodi;usion et de Télévision, Rabat, Morocco. He
recommends factoring the risk of a breach into a
project’s overall risk-breakdown structure and developing controls accordingly.
Mr. Schaufenbuel takes a philosophical stance:
“;is is destined to be an eternal game of cat and
mouse. I never cease to be amazed at the ingenuity
of my foes, but I do believe it’s possible for us to
reach a stalemate.” PM
an additional security control: two-factor authentication. ;is requires team members to present multiple
proofs of identity before logging in—not only a password, but also a biometric element or a physical device
they own. ;at way, stolen devices and passwords are
rendered less vulnerable because the attacker would
also need the device or biometric component.
“We have to say now that we can’t trust any
password or device, but we can still trust the users
themselves,” says Andrew Kemshall, co-founder and
technical director of SecurEnvoy, Reading, England.
However, as the cyberwars have made clear, no
defense is impregnable. So in addition to upgrading their cyberdefense tools and strategies, project
managers are factoring data-security concerns into
their project risk assessments.
“This is destined to be an eternal game of
cat and mouse. I never cease to be amazed
at the ingenuity of my foes, but I do believe
it’s possible for us to reach a stalemate.”
—Bradley J. Schaufenbuel, PMP