Information Security and Project Management: How to Integrate Them?

Unfortunately, many people find it difficult to understand what information security involves in project management. But the concept is actually quite simple: it’s about protecting project-related information from an information security perspective.

That’s what I want to talk to you about in this article: how can we establish information security in project management?

To properly protect the information surrounding any project, we need to focus on safeguarding the information that is essential to managing that specific project (such as project-related data, business data, resources, personal data, etc.).

In addition, it’s extremely important to identify the classification of the information, as its value is not always the same. For example, names and surnames are considered public, while employee salary information is considered private.

However, even if some information is deemed public, we still need to protect it. The reason is that it can be altered without our permission and lead to minor disruptions or even serious problems.

For example, the prices on an e-commerce website are considered public information, right? But does that mean this information doesn’t need protection? Of course it does.

In this case, the site could suffer a significant loss in revenue if someone were to change the publicly visible prices, increasing them by R$100.00. Imagine if the site has 1,000 or 2,000 products — how long would it take to detect and fix that? So the best approach is prevention, by protecting the data, even if it's public.

Therefore, one important point to consider is identifying the information in your project — that is, defining the classification of information and understanding that not all data should be treated equally. Now, let’s take a look at how ISO 27001 helps establish information security in project management.

What is ISO 27001 and what is it for?

ISO 27001 is a standard that provides one of the most important certifications in information security. The most crucial aspect of ISO 27001 is risk management, which is a key point if you want to manage projects in accordance with this security standard.

ISO 27001 includes a specific control related to risk management, under which you must define the following:

• Clearly define roles and responsibilities related to information security (CISOs, information security auditors, developers, system administrators, etc.).

• Define the objectives of information security, such as reducing the number of incidents and improving the confidentiality of external access to information.

• Conduct risk assessment and risk treatment, for example, risks related to source code in software development or risks concerning a company’s entire IT infrastructure.

• Develop specific information security policies for the project. If the project involves software development, it would be wise to establish policies for secure coding practices.

• 
  

Benefits of information security in project management

Clearly, there are many risks when it comes to establishing information security in project management. While they can be dangerous for your business, the good news is that they are also easily avoidable.

You simply need to pay close attention to information security throughout the project lifecycle. Risk management is the most suitable tool to identify what you need to change in your project to avoid issues and carry it out securely.

Some may wonder if it’s possible to run a project without considering information security. Technically, yes — but the likelihood of failure is significantly higher.

From a professional standpoint, and since information security should be a top priority for any project manager, the main benefit of secure project management is crystal clear: to avoid any potential information security breaches within a project.

Fortunately, ISO 27001 was specifically designed to establish appropriate information security measures, while also having a dedicated control for handling information security in project management. Therefore, ISO 27001 can be an excellent tool for executing secure projects in your organization.