2.6 Risk Management for IT Projects

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *

Already have an account? Sign In »

6 hours 30 minutes
Video Transcription
now, as I mentioned before, many I t endeavors are managed as projects and project specifically have a start date in an instant and an end date. They're usually constrained by cost and schedule and scope of work to be performed. So
one of the things that's so essential in managing my project is understanding risks.
Now the nice thing about a project framework and a risk management framework and a business framework and an organizational or enterprise framework,
the framework should not be. In contrast, the framework should work together.
So one of the things that will look at in this particular course is well, look att p M I. The project management institutes framework specifically on how they address risk. Now we, of course, have a project management professional, a PNP certification course here on Cyber Harry, but
it's not necessary to do well on the sea risk exam. But what I'm showing you is the PM my framework for addressing projects, the management of projects and you'll see down towards the bottom. There's an entire section on risks and PM I says, Look, you've got a series of processes
that you need to use effectively and efficiently
to mitigate the amount of risks on your projects. Okay, so the way P m I works is each one of these processes. Okay, So let me let me show you these on the first column, these air not luxurious,
these air areas for which a project manager should have some knowledge and should have understanding.
Project Manager needs to know how to manage scope in time and cost. So they're just called knowledge areas
now across the top, we have what are called process groups because the process is under each one of these process group headers. They all have something in common. They're working towards the same goal. So in initiating, we're getting the project authorized in planning. We're trying to get our plan set up so that we can
execute and then monitor and then closed the project.
So what you'll notice if we go down for risk is we have a lot of processes here, cause thes air individual processes in the planning portion of risk. Well, of course, we do wins the best time to address risk
before it happens. Right? And then we have control risks, which simply means go back and evaluate and make sure our risk management plans and strategy is working.
So the way P m I works is for every one of these processes their set of inputs, things that are necessary for me to plan risk management. I have to have something on which to base it.
Then I'm going to create an output. Each process uses inputs, produces an output. The output for plan risk management's gonna be a risk management plan.
That risk made is what plan's gonna help me identify risks and identifying risks as a process is going to create the stakeholder registered.
Okay, so the idea is just if you're cooking, you have to have input. So I'm gonna make an omelet. I need some eggs. I need some cheese. Okay. And if my processes create novel, I should output an omelet.
Now, one of the things to keep in mind is when we look at these processes six total processes per p m. I.
Some of them have a lot of inputs. Some of them have a lot of tools and techniques. Some of them have ah lot of outputs. You know, if you look here at identify risks,
you don't need to get caught up in memorizing all of these, but you should kind of have the gist. In order to think about risks. You have an overarching plan for the project, called the Project Management Plan.
We use expert judgments, and out of that we get a risk management plan.
Then our job is to identify risk. And what we're trying to get to is a super important document called the Risk Register,
and that risk register is gonna be a big topic for the exam will start with talking about the risk register in the next domain, really, in our first domain. But the risk register is a central repositories for information about risks that I used to communicate risk information. I sign ownership to risks.
I track risks of this risk registers really important,
and it's created in the process called Identify Risk.
The next process has performed qualitative analysis, which gives me subjective terms.
And when we talk about these subjective terms, we're talking about low, medium high as opposed to quantitative analysis, and quantitative analysis gives us dollar value or at least empirical numeric value.
We'd like dollars a lot of times because that's usually the easiest for us to make our decisions on. But we want quantitative information.
All right. From that quantitative information, we can now justify our risk response. And that really is the purpose of quantitative analysis to justify our risk responses.
And once we have our risk responses,
now that's in places. We've updated our documents, like, specifically our risk register. We've put elements in place so that we know what we're looking for. The last thing that were left doing is controlling risks. We look at those documents, we look up. Excuse me.
We look at those documents we've created, we go back and we look at what's happening. We look at a risk register, and ultimately what we want to know is are the controls that we've put in place managing risk sufficiently. And if not, you know what? We gotta make some changes.
We're gonna have to go right back in
and start all over, which is not unusual for risk management. Risk management is a big revolving door because you're never done managing risks
Up Next