This section covers project constraints as they pertain to IT security project planning. If this is not a concept you are familiar with, refer to Chapter 1 in ITPM for a more detailed explanation.
Every project has four constraints: scope, time, cost, and quality.The relationship between these elements is described by different people in different ways, but the essential understanding is that there is a relationship between these elements.The total amount of work that can be accomplished (scope) is determined by how much time you have, how much you are willing to spend, and what level of quality is required. Conversely, the amount of time you need to complete a project is related to what you are willing to spend, what level of quality is required, and how much work you need to accomplish.The relationship is often shown in this manner: Scope = Time x Cost x Quality
Let's look at the reverse of this. If you define a project and your division manager says that it is fine except you have to reduce the cost by 30 percent, you are forced to make some hard decisions.You can reduce the scope of work to reduce the cost, or you can reduce the quality to reduce the cost. If you change one of the constraints you also have to change another one. Changing one constraint without revisiting the others sets the project up for failure.
The scope of an IT security project can be defined by the IT security master plan or sub-plans. Reducing the scope allows you to reduce the time and cost of the project while still delivering high quality. Ideally, you should create an IT security project plan overview and then create separate sub-plans, which will allow you to manage the scope, time, cost, and quality more effectively.
In addition to understanding the interaction of the four constraints in a project, it is also important to understand how to prioritize those constraints. In every project, one constraint is typically "etched in stone" (e.g., the executive team tells you that your project cannot exceed $100,000 or that it must be completed within 6 months maximum). When you have this type of constraint, you have to make the other constraints more flexible. For example, suppose that in 12 months your company is going public through an Initial Public Offering (IPO). As part of the rigorous process, your company wants to make sure its network security is firmly in place at least 6 months prior to the IPO. Therefore, you are given 6 months to put your network security plan in place. Depending on a number of factors (e.g., how large your network is, what security is already in place), you may determine that 6 months is manageable only if you hire outside security consultants for assistance. That means that because time is the top priority and least flexible constraint in this project, you have to be more flexible with the other constraints. In this case, the cost will probably increase to accommodate the constraint. If the company executives are inflexible on all four constraints, the project will probably fail.
There is a saying in project management that states, "Things are more likely to go wrong than they are to go right." If the four project constraints are etched in stone, you have little chance for success. Increase your odds by negotiating with the executive team for one or more flexible constraints.That doesn't mean they open the checkbook and let you spend without limit. It does mean that they will need to understand that with a hard deadline that is fairly aggressive, they will have to give on the cost or the scope. If they refuse, the result will be what typically happens in many organizations. The team agrees to unrealistic targets because it really has no choice and then it fails to meet those targets because they were unrealistic.The plan changes in the middle of the project because something has to give way. Saying that it's not allowed to happen doesn't prevent it from happening. Negotiate up front for realistic parameters and priorities so that everyone benefits.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.