As stated earlier, a project with multiple milestones is usually more successful than a project with few milestones. Milestones are checkpoints in a security project plan: the more often you step back and take a look at where you are, the more successful your project will be. Milestones in your IT security project plan should include, among others, checkpoints on required activities and documentation related to compliance issues. As you move through your project work, keeping an eye on these two key elements will be crucial. It's very difficult to go back and create documentation, and it takes much less time and effort to create it concurrent with the security activity. Be sure you have milestones in your project plan for these key tasks. Also be sure to include milestones related to any external events or activities including hard deadlines for compliance, timelines for external audits (if any), and checkpoints to determine if there have been any relevant changes to the laws or regulations to which your IT security project might be subject.
In addition to regulatory issues, you want to ensure that your project is progressing as planned. In today's IT environment, it's easy to find multiple, conflicting demands pulling on your IT staff or security project plan team. It's easy to get off track under these conditions; therefore, it's critical that you, as the project manager, actively manage this situation.You'll have to use your best management skills to keep people focused and motivated on the tasks at hand while recognizing the conflicting demands staff face.
We're not going to get into a discussion of various methods of evaluating project progress other than to say that there are numerous methods you can use, including percent complete and earned value analysis (EVA), to name two common ones. Percent complete is really a ballpark estimate unless you use real metrics (e.g., if your entire project is scheduled for 60 days and you've hit the 30-day mark, are you actually 50 percent complete?) It depends on whether or not the tasks scheduled to be started, in progress, and complete by the 30th day are all on track. Percent complete can be deceiving (intentionally or unintentionally). EVA can also be an excellent tool but again, is subject to various kinds of intentional or unintentional manipulation and is not always accurate. Many people are intimidated or confused by EVA and choose not to use this method. Other people feel that for some projects, EVA takes more time to calculate than the actual work it is calculating. Whatever method(s) you use, be sure you apply it consistently as you move through your security project plan, so that you can keep yourself, your project team, your project sponsor, and the organization apprised of your progress.
While you're managing the project, be sure to keep your project sponsor in the loop using the agreed-upon timelines and deliverables for project status reporting.The project sponsor rarely needs to know all the gritty project details, but he or she should know the current status and issues well enough to help support (and possibly defend) the project to upper management should the need arise. Key check-in points should also be identified via project milestones.
Was this article helpful?
What you need to know about… Project Management Made Easy! Project management consists of more than just a large building project and can encompass small projects as well. No matter what the size of your project, you need to have some sort of project management. How you manage your project has everything to do with its outcome.