Project Management Practices

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
7 hours 15 minutes
Difficulty
Intermediate
CEU/CPE
8
Video Transcription
00:00
>> Hi there and welcome to our next module,
00:00
Project Management Practices. Let's begin.
00:00
So in this module, we'll cover
00:00
a little bit about project planning,
00:00
a little bit on project cost estimation,
00:00
function point analysis that cost budgets,
00:00
some software cost estimation
00:00
techniques and considerations,
00:00
and what the role of
00:00
the auditor is in this particular process.
00:00
This is probably touching it at
00:00
a very high level in
00:00
terms of project management and it might be
00:00
something that you may need to target for a little bit of
00:00
additional rating if you don't
00:00
have a strong background in this area.
00:00
Project planning for start.
00:00
Quite obviously, projects
00:00
must be planned and controlled.
00:00
They need to have a beginning and
00:00
an end and a finite cost,
00:00
a finite amount of resources.
00:00
Basically, project managers need to determine scope,
00:00
what tasks actually need to be done in
00:00
that scope and the sequence of those tasks,
00:00
how long they're going to last,
00:00
priority of each of those tasks,
00:00
what resources are needed,
00:00
and the budget and the source for those tasks.
00:00
Project cost estimation.
00:00
There's a number of different ways that this can be done.
00:00
It will vary from project to
00:00
project and depending upon the complexity.
00:00
But you have analogous estimating.
00:00
As the name would suggest,
00:00
it's basically looking at data from previous projects and
00:00
using an estimate of the cost of your new project.
00:00
Parametric estimating. In this case,
00:00
the project manager will look at the same data used in
00:00
analogous estimating and leverage
00:00
some statistical data to develop an estimate.
00:00
Bottom-up estimating, again, as the name would suggest,
00:00
the cost of each activity in the project is
00:00
estimated in the greatest amount of detail possible,
00:00
starting at the bottom and then the costs
00:00
arrived at the cost estimate for the entire project.
00:00
For actual cost,
00:00
similar to analogous estimating,
00:00
this approach takes an extrapolation from
00:00
the actual costs that were incurred in
00:00
the same system during past projects.
00:00
Software size estimation.
00:00
This is a method of determining
00:00
the relative physical size of the software
00:00
to be developed and so
00:00
this provides a guide for the resource,
00:00
time, cost, and effort that will need to
00:00
go into the development of the software.
00:00
Traditionally, they use source lines of
00:00
code or SLOC as a measurement.
00:00
But the current approaches can vary.
00:00
It depends upon diagrams, objects, spreadsheet cells,
00:00
any database queries or graphic user interface widgets
00:00
that are contained in the actual software itself.
00:00
Now, function point analysis.
00:00
This is a multiple-point technique and it's used for
00:00
estimating complexity in large business applications.
00:00
It's a measure of the size of
00:00
an information system based upon
00:00
the number and complexity of the inputs,
00:00
the outputs, number of files used,
00:00
interfaces, and queries.
00:00
It's looking at the functions as a method of estimating
00:00
the cost and also looking at cost budget.
00:00
Personnel hours by type.
00:00
We're looking at basically a cost
00:00
based upon the number of programs,
00:00
the number of developers,
00:00
the number of UI interface developers, etc.
00:00
Could also be looked based
00:00
upon the number of machine hours,
00:00
particularly with large mainframe
00:00
or timeshare type systems,
00:00
that could be a particular cost and also external cost.
00:00
So for example, third-party software,
00:00
in which case this problem is still there,
00:00
but it's merely outsourced.
00:00
Now software cost estimation.
00:00
This can vary, but it will depend
00:00
upon things such as the source code language,
00:00
the execution time constraints,
00:00
how fast that the software is meant to be running,
00:00
the main storage constraints,
00:00
any data storage constraints,
00:00
computer access requirements,
00:00
target machines used for evaluation,
00:00
the security environment, and also the staff expertise.
00:00
These are all factors that need to be taken into
00:00
account for the software cost estimation.
00:00
A few other considerations.
00:00
Basically, we're looking at
00:00
Gantt charts, critical path methodology,
00:00
program evaluation review techniques,
00:00
timebox management, management of scope changes,
00:00
which is a fairly important aspect
00:00
within project management as projects,
00:00
particularly very large and complex ones,
00:00
will often experience some scope change
00:00
throughout the life cycle,
00:00
the management of resource usage and
00:00
that's fairly critical, once again,
00:00
in a very large project where you've got a number of
00:00
different resources under the project,
00:00
and management of risks and project closing requirements.
00:00
As an auditor, what's your role in this?
00:00
Well, primarily, is you meet with
00:00
key system development and user project team members.
00:00
You need to talk to the stakeholders involved
00:00
and look at the discussion of
00:00
the selection of the appropriate controls,
00:00
looking at what is
00:00
an appropriate control to mitigate risks.
00:00
This is also looking at
00:00
other elements within the project structure as well.
00:00
You also need to evaluate
00:00
the implementation of the controls.
00:00
So if control has been selected to mitigate risk,
00:00
has the implementation of
00:00
that control been done successfully?
00:00
Obviously, the key aspect here is
00:00
reviewing documentation and deliverables,
00:00
which will be your key artifacts
00:00
as an auditor in this process.
00:00
That is the end of our lesson.
00:00
So we've covered a little bit on project planning,
00:00
some on project cost and size estimation,
00:00
function point analysis reviews, cost budgets.
00:00
We've covered software cost estimation and
00:00
considerations for you as an auditor in this process.
00:00
I hope you enjoyed
00:00
this lesson and I will see you in the next one.
Up Next