3. INTRODUCTION TO IT PROJECT MANAGEMENT
STRATEGIC PMO, IT SERVICE AND DESIGN
General Introduction and Opening
E-Commerce and Information Technology
Strategic Management
Project Management
Risk Management
IT სერვისების სტრატეგია და დიზაინი
Bahman Moghimi
THE UNIVERSITY OF GEORGIA, TBILISI, GEORGIA.
4. Please introduce yourself in 30 seconds
Name, Surname:
About your Family Businesses:
Relevant Communication Jobs:
Expectations:
B.Moghimi@ug.edu.ge
5. How did we think before? ......
B.Moghimi@ug.edu.ge
8. B.Moghimi@ug.edu.ge
What is “Paradigm Shift” ?
Information Age
Buy-Side Market Place
Competitors
High Expectations
High Rate of Change
in Buying Behavior
E-Life !!!!
9. The Way To Paradigm Shift ...
B.Moghimi@ug.edu.ge
10. THREE OVERARCHING THEMES
Implementing a good
strategy is at least as
important as creating
one, yet many
managers give too
little thought to
implementation
Strategic leadership
is responsible for
making substantive
resource allocation
decisions and
developing key-
stakeholder support
of the strategy
We need to see a firm’s competitive position, not as a
snapshot, but as an ongoing movie
Firms and
industries are
dynamic in
nature
To succeed,
the formulation
of a good strategy
and its implementa-
tion should be
inextricably
connected
Strategic leader-
ship is essential if a
firm is able to both
formulate and imple-
ment strategies that
create value
B.Moghimi@ug.edu.ge
11. Old Economy New Economy
Organize by product units
Focus on profitable transactions
Look primarily at financial scorecard
Focus on shareholders
Marketing does the marketing
Build brands through advertising
Focus on customer acquisition
No customer satisfaction measurement
Over-promise, under-deliver
Organize by customer segments
Focus on customer lifetime value
Look also at marketing scorecard
Focus on stakeholders
Everyone does the marketing
Build brands through behavior
Focus on customer retention and growth
Measure customer satisfaction & retention
Under-promise, over-deliver
First Things Tomorrow Check-List !
B.Moghimi@ug.edu.ge
20. B.Moghimi@ug.edu.ge
The Scope of Marketing
Marketing: is seen as all the tasks of creating,
promoting, and delivering goods and services
to consumers and businesses to create a life-
long and mutually benefited to all the
stakeholders.
21. B.Moghimi@ug.edu.ge
Value – Class Discussion
What is value really?
– Brand value, Image value
– Monetary value
– Behavioral value
– Location value
– WHAT ELSE????
What is the first reason you buy something?
When do you feel valued?
How can we create value?
27. B.Moghimi@ug.edu.ge
Value in IT systems
Knowledge management is the art of
creating commercial value from intangible
assets.
For creating value in any IT systems; we
need crucial information that is just
available in KM.
28. B.Moghimi@ug.edu.ge
Quote :
"The best single lesson I ever learned was to
maximize the intellect of the company.
You need to gather the knowledge of
individuals, share those ideas and celebrate
the sharing. That, in the end, is how a
company becomes great.“
Jack Welch
Former chairman and CEO
General Electric
30. B.Moghimi@ug.edu.ge
KM: Other’s Point of View
• “Knowledge management is a formal, structured initiative to
improve the creation, distribution, or use of knowledge in an
organization. It is a formal process of turning corporate
knowledge into corporate value.”
– Thomas Davenport
• “Knowledge management is the art of creating commercial
value from intangible assets.”
– Karl Erik Sveiby
• “Learning the processes and content of intellectual capital to
enhance the organization’s ability to achieve its mission.”
– Computer Science Corporation (CSC)
32. B.Moghimi@ug.edu.ge
KM Role in Information Technology
World
• Integrate KM with the traditional CRM functionalities
• To create knowledge-enabled CRM processes
– allow companies to evaluate key business
measures such as customer satisfaction, customer
profitability, or customer loyalty to support their
business decisions
33. B.Moghimi@ug.edu.ge
KM & CRM: Example
• A hospital sends a new mother flowers after a baby is born
– Not at the same time everyone else does BUT
– 30 days after the birth
• Perfect time, because
– All the flowers she received earlier are gone!
– The exhaustion that accompanies having a new baby has
set in
• The new mother really appreciates this thoughtful gesture
• It comes at a time when she doesn’t expect it
34. B.Moghimi@ug.edu.ge
Problems with Traditional Organizations
Lack of customer focus
Internal empires
Priorities conflicts
Lack of innovation
Lack of flexibility
“Buffers” of time
“Buffers” of inventory
“Buffers” of quality
Duplication & redundancy
36. BPR involves rethinking and redesigning business processes to
create value to Customers.
B.Moghimi@ug.edu.ge
37. B.Moghimi@ug.edu.ge
What are main BPR Sections?
Business Process Reengineering:
– Aims to achieve quantum improvements.
– Saving Time and Cost/ Increasing Satisfaction
– Using IT as the primary facilitator/enabler
38. B.Moghimi@ug.edu.ge
Business Process Reengineering
BPR is the fundamental rethinking and radical redesign of
business processes to achieve drastic improvements in
critical measurements of performance (such as time, cost,
and quality).
(Hammer and Champy, 1993)
A business process is a collection of tasks that together
create value for a customer.
(Jelasi Tofiq, 2005)
40. B.Moghimi@ug.edu.ge
BPR is Crucial for Information Systems
BPR helps companies to transform from a bureaucratic
situation to a flat and clear very customer-centered
orientation: By reducing process time and
improving quality
41. B.Moghimi@ug.edu.ge
Redesign Principles & Tactics
• Principles
– can be used as a checklist to suggest ways
of redesigning the process
• Tactics
– can be used to trigger ideas about how to
implement changes
44. STRATEGY
General
Lower officer (e.g., supply
logistics infantry, heavy
armored vehicles)
Strategos: “the general’s view”
Holistic “big picture”
Tactical details
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
45. THE MILITARY ROOTS OF STRATEGY
“The individualist without strategy
who takes opponents lightly will
inevitably become the captive of
others.”
– Master Sun
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
46. THE STRATEGIC MANAGEMENT PROCESS
Strategic analyses
• Internal
• External
Vision and
mission
• Fundamental
organizational
purpose
• Organizational
values
Strategy
• Arenas
• Vehicles
• Differentiators
• Staging
• Economic logic
The central, integrated,
externally oriented
concept of how a firm
will achieve its
objectives
Implementation
levers
and
Strategic
leadership
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
47. THE STRATEGIC MANAGEMENT PROCESS
Strategic analyses
• Internal
• External
Vision and
mission
• Fundamental
organizational
purpose
• Organizational
values
Strategy
• Arenas
• Vehicles
• Differentiators
• Staging
• Economic logic
The central, integrated,
externally oriented
concept of how a firm
will achieve its
objectives
Implementation
levers
and
Strategic
leadership
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
48. QUESTIONS OF CORPORATE-LEVEL AND BUSINESS-LEVEL STRATEGY
Unit of measure
Corporate-level strategy should ask
• In which markets do we compete today?
• In which markets do we want to
compete tomorrow?
• How does our ownership of a business
ensure its competitiveness today and in
the future?
• How do we compete in this market
today?
• How will we compete in this market
in the future?
Business-level strategy should ask
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
49. STRATEGY AND IMPLEMENTATION ITERATE
WAL-MART EXAMPLE
Strategy:
The process
of deciding
what to do
Implementation:
The process of
performing all the
activities
necessary to do
what has been
planned
Compete as
discount
retailer in rural
markets
Leverage inventory
and sourcing
systems to be low-
cost leader
Invest heavily in
organizational
structure, systems,
and processes
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
50. BUSINESS STRATEGY DIAMOND
Staging
Differentiators
Economic
logic
Vehicles
Arenas
• What will be our speed and
sequence of moves?
– Speed of expansion?
– Sequence of initiatives
Staging
• How will returns be obtained?
– Lowest costs through scale
advantages?
– Lowest costs through scope
and replication advantages
– Premium prices due to
unmatchable service?
– Premium prices due to
proprietary product features?
Economic logic
• How will we get there?
– Internal development?
– Joint ventures?
– Licensing/franchising?
– Experimentation?
– Acquisitions?
Vehicles
• How will we win?
– Image?
– Customization?
– Price?
– Styling?
– Product reliability?
– Speed to market?
Differentiators
• Where will we be active? ( and with
how much emphasis?)
– Which product categories?
– Which channels?
– Which market segments?
– Which geographic areas?
– Which core technologies
– Which value-creation strategies?
Arenas
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
51. JET BLUE STRATEGY
Objective
To “bring
humanity
back to air
travel”
Arenas
• Low fare commercial air carrier
• Underserved but over-priced US cities
Vehicles
• Start from scratch and achieve all growth
internally (i.e., do not purchase a regional airline)
Differentiators
• High level of service compared to low fare competitors
(e.g., leather seating, satellite TV)
Strategy
• Grow from one route between two cities to serving 20
cities in just 3 years
Economic logic
• Secure cost advantage by being willing and able to
perform key tasks differently
– One type of plan
– JFK home base
– Secondary location
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
52. GOALS OF STRATEGY IMPLEMENTATION
To make sure strategy formulation
is comprehensive and well
informed
1
To translate good ideas into
actions that can be executed (and
sometimes to use execution to
generate or identify good ideas)
2
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
53. IMPORTANCE OF EXECUTION
“The important decisions, the
decisions that really matter, are
strategic . . . [But] more important
and more difficult is to make
effective the course of action
decided upon.”
– Peter Drucker
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
54. FRAMEWORK FOR STRATEGY IMPLEMENTATION
Intended
Strategy
Realized
and
Emergent
Strategies
Key Factors of Strategy Implementation
Implementation levers
• Organizational structure
• Systems and processes
• People and rewards
Strategic leadership
• Lever- and resource-allocation decisions
• Decision support among stakeholders
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
56. STRATEGIC LEADERSHIP
The task of exerting
influence on other
people’s pursuit of
goals in an
organizational context
Leadership:
Managing an overall
enterprise and influencing
key organizational out-
comes, such as company
wide performance,
competitive superiority,
innovation, strategic
change, and survival
Strategic leadership:
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
57. FIVE LEVEL STRATEGIC LEADERS
Level 5
leaders
Build greatness through
combination of will and humility
Level 4 leaders
Can lead a group to superior
levels of performance
Level 3 leaders
Organize people resources to
accomplish predetermined
objectives
Level 2 leaders
Work effectively with others as a
member of a team to achieve group
objectives
Level 1 leaders
Make individual contributions
through talent and work ethic
Capabilities
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
58. Professional
modesty
TWO ATTRIBUTES OF LEVEL 5 LEADERS
Professional
will
•The ability to
translate strategic
intent into the
resolve needed to
pursue a strategy
•and usually to
make hard choices
over a period of
time
Being someone
• who prefers to
share credit rather
than hog it
• who tends to shun
public attention,
• act with calm
determination, and
• exercise ambitions
on the company’s
behalf rather than
one’s own
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
59. VISION, MISSION AND STRATEGY
Vision and Mission
• Fundamental purpose
• Values
• View of future
Strategic Goals
and objectives
• Specific targets
• Measurable
outcomes
Strategy
The central, integrated,
externally-oriented concept
of how the firm will achieve
its objectives. Consists of
5 elements: arenas,
vehicles, differentiators,
staging, and economic
logic
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
60. VISION – USES OF AMBITION AND AMBIGUITY
Sony’s vision in early 1950’s:
“becoming the company that
most changes the worldwide
image of Japanese products as
being of poor quality.”
CitiBank’s vision in 1915:
“the most powerful, the most
serviceable, the most far
reaching world financial
institution the world has ever
seen.”
Vision statements
•generally express
long-term action
horizons,
•are ambitious and
force the firm to
stretch.
•their ambiguity
allows flexibility for
changing strategy or
implementation
tactics
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
61. STRATEGY COHERENCE
• The symmetrical co-
alignment of the five
elements of a firm’s strategy
• The congruence of policies in
functions (e.g., finance,
production, marketing) with
these elements
• The overarching fit of various
businesses under the
corporate umbrella
Strategic coherence is
Staging
Differentiators
Economic
logic
Vehicles
Arenas
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
62. BENEFITS OF USING STAKEHOLDER ANALYSIS
1.Can use the opinions of the most powerful stakeholders to shape your
strategy and tactics at an early stage.
2.Gain support from powerful stakeholders to help win more resources.
3.Can ensure that stakeholders fully understand what you are doing and
understand the benefits of your project.
4.Can anticipate what people’s reactions to your project may be and build
actions into the plan that will win people’s support.
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
63. STAKEHOLDER ANALYSIS
Stakeholders:
Individuals or groups
who have an interest
in an organization’s
ability to deliver
intended results and
maintain the viability
of its products and
services
Steps in identifying
stakeholders
1. Determine influences
on strategy
formulation decisions
2. Determine stake-
holders power and
influence over
strategy execution
decisions
3. Determine the effects
of strategic decisions
After identifying stakeholders ask
• Have I identified any vulnerable points
in either the strategy or its potential
implementation?
• Which groups are mobilized and active
in promoting their interests?
• Have I identified supporters and
opponents of the strategy?
• Which groups will benefit from
successful execution of the strategy
and which may be adversely affected?
• Where are various groups located?
Who belong to them, and who
represents them?
B.Moghimi@ug.edu.ge
B.Moghimi@ug.edu.ge
65. The world as a whole spends nearly $10 trillion of
its $40.7 trillion gross product on projects of all
kinds
More than 16 million people regard project
management as their profession
The overall information and communications
technology market grew by 6 percent to almost $3
trillion in 2010
Motivation for Studying Information
Technology (IT) Project Management
B.Moghimi@ug.edu.ge
66. Motivation for Studying Information
Technology (IT) Project Management
IT Projects have a terrible track record, as described in the
“What Went Wrong?”
B.Moghimi@ug.edu.ge
67. Advantages of Formal Project Management
Better control of financial, physical, and human
resources
Improved customer relations
Shorter development times
Lower costs
Higher quality and increased reliability
Higher profit margins
Improved productivity
Better internal coordination
Higher worker morale
B.Moghimi@ug.edu.ge
68. What Is a Project?
A project is “a temporary endeavor undertaken to create
a unique product, service, or result” (PMBOK® Guide, Fifth Edition, 2012)
B.Moghimi@ug.edu.ge
69. Project Attributes
A project
has a unique purpose
is temporary
is developed using progressive elaboration
requires resources, often from various areas
should have a primary customer or sponsor
The project sponsor usually provides the
direction and funding for the project
involves uncertainty
B.Moghimi@ug.edu.ge
70. Project and Program Managers
Project managers work with project
sponsors, project team, and other people
involved in a project to meet project goals
Program: group of related projects managed
in a coordinated way to obtain benefits and
control not available from managing them
individually (PMBOK® Guide, Fifth Edition,
2012)
B.Moghimi@ug.edu.ge
71. Program and Project Portfolio
Management
A program is “a group of related projects
managed in a coordinated way to obtain
benefits and control not available from
managing them individually” (PMBOK®
Guide, Fifth Edition, 2012)
A program manager provides leadership and
direction for the project managers heading the
projects within the program
B.Moghimi@ug.edu.ge
72. PM Network: What’s in a Name?
Programs vs. Projects
Should there be a difference?
What are the problems with labeling a
program as a large project?
Are different skills needed to be a program
manager compared to a project manager?
B.Moghimi@ug.edu.ge
76. History of Project Management
Early methodologies not well-documented, but results
still stand: the pyramids, Stonehenge, mass human
migrations
Late 19th century
Construction of intercontinental railroad, other large
projects
Early 20th Century
Frederick Taylor created Scientific Management of
industrial processes
Henry Gantt developed a bar-chart approach to
illustrating timing of project tasks and progress
B.Moghimi@ug.edu.ge
77. History of Project Management
(continued)
Mid-20th century
CPM and PERT methodologies identified the importance of
task sequences, task dependencies and the concept of the
critical path.
Project management as a profession
Project Management Institute (PMI) was founded
Project Management Body of Knowledge (PMBOK) was created
B.Moghimi@ug.edu.ge
78. History of Project Management
(continued)
Today
Increasing recognition of project management as a
specialized set of skills applicable to many different
industries
Project Management certifications: PMP, CAPM,
specializations
PMBOK is in its 5th edition
Variations on methodologies:
phased (waterfall approach)
Agile methods
The importance of integrating projects into portfolios and programs
B.Moghimi@ug.edu.ge
79. Project Management Offices
A Project Management Office (PMO) is an
organizational group responsible for
coordinating the project management function
throughout an organization
B.Moghimi@ug.edu.ge
80. PM Network - PMO 2.0
Why do PMOs fail?
What is the primary reason cited for failure?
How do you resurrect a failed PMO?
How do you ensure longevity of a PMO?
When should a PMO just be closed?
B.Moghimi@ug.edu.ge
82. What is Project Management?
“the application of knowledge, skills, tools and techniques
to project activities to meet project requirements” (PMBOK®
Guide, Fourth Edition, 2012)
B.Moghimi@ug.edu.ge
Stakeholders Core Functions
Facilitating
Functions
83. Project Management Knowledge Areas
Knowledge areas describe the key competencies
that project managers must develop
Core Functions
Facilitating Functions
Integration Function
B.Moghimi@ug.edu.ge
84. Project Management Tools and
Techniques
Project management tools and techniques
assist project managers and their teams in
various aspects of project management
Gantt chart
network diagram
B.Moghimi@ug.edu.ge
85. Project Stakeholders
Stakeholders are the people involved in or
affected by project activities
Who are the stakeholders in a project?
B.Moghimi@ug.edu.ge
86. What Went Right? Improved
Project Performance
Why the Improvements?
B.Moghimi@ug.edu.ge
88. Project Success
There are several ways to define project
success:
Triple Constraint
Customer/Sponsor Satisfaction
The results of the project met its main
objective
B.Moghimi@ug.edu.ge
89. What Helps Projects Succeed?*
1. User involvement
2. Executive support
3. Clear business objectives
4. Emotional maturity
5. Optimizing scope
6. Agile process
7. Project management expertise
8. Skilled resources
9. Execution
10. Tools and infrastructure
B.Moghimi@ug.edu.ge
*The Standish Group, “CHAOS Activity News” (August 2011).
90. The Role of the Project Manager
Job descriptions vary, but most include
responsibilities like planning, scheduling,
coordinating, and working with people to
achieve project goals
Remember that 97% of successful projects
were led by experienced project managers,
who can often help influence success factors
B.Moghimi@ug.edu.ge
91. Suggested Skills for Project Managers
The Project Management Body of Knowledge
Application area knowledge, standards, and
regulations
Project environment knowledge
General management knowledge and skills
Soft skills or human relations skills
B.Moghimi@ug.edu.ge
92. Ten Most Important Skills and Competencies
for Project Managers
1. People skills
2. Leadership
3. Listening
4. Integrity, ethical behavior, consistent
5. Strong at building trust
6. Verbal communication
7. Strong at building teams
8. Conflict resolution, conflict management
9. Critical thinking, problem solving
10. Understands, balances priorities
B.Moghimi@ug.edu.ge
93. Importance of Leadership Skills
Effective project managers provide leadership
by example
A leader focuses on long-term goals and big-
picture objectives while inspiring people to
reach those goals
A manager deals with the day-to-day details
of meeting specific goals
Project managers often take on the role of
both leader and manager
B.Moghimi@ug.edu.ge
94. Different Skills Needed in Different
Situations
Large projects
High uncertainty projects
Very novel projects
B.Moghimi@ug.edu.ge
95. Careers for IT Project Managers
In a 2012 survey, IT
executives listed the “nine
hottest skills” they
planned to hire for in
2013
Project management was
second only to
programming and
application development
B.Moghimi@ug.edu.ge
Job Categories Total
Current
Employees
Rank
Growth
Rank
Big Data / Analyst 6 1
Business/Systems
Analyst
3 3
(tie)
Database Admin /
Analyst
7 3 (tie)
Networks / Security
5 5
Project Management
4 2
Software Development
2 6
Other IT Skills(
Primarily Help Desk)
1 7
96. Nine Hottest Skills*
Skill Percentage of
Respondents
Programming and application development 60%
Project management 44%
Help desk/technical support 35%
Networking 35%
Business intelligence 23%
Data center 18%
Web 2.0 18%
Security 17%
Telecommunications 9%
*Source: Rick Saia, “9 Hot IT Skills for 2012,” Computerworld, September 26, 2011.
B.Moghimi@ug.edu.ge
97. The Project Management Profession
The profession of project management is
growing at a very rapid pace
It is helpful to understand the history of the
field, the role of professional societies like
the Project Management Institute, and the
growth in project management software
B.Moghimi@ug.edu.ge
98. Global Issues
Several global dynamics are forcing organizations
to rethink their practices:
Talent development for project and program
managers is a top concern
Good project portfolio management is crucial in
tight economic conditions
Basic project management techniques are core
competencies
Organizations want to use more agile approaches
to project management
Benefits realization of projects is a key metric
B.Moghimi@ug.edu.ge
99. Project Management Certification
The Project Management Institute (PMI) is an international
professional society for project managers with 380,000
members worldwide in 2012
Project Management Professional (PMP) has
documented sufficient project experience, agreed to follow a
code of ethics, and passed the PMP exam
Certified Associate in PM (CAPM) is achievable with less
experience
CompTIA offers another certification option
CompTIA Project+ has less requirements but is not as well
recognized as PMP
B.Moghimi@ug.edu.ge
100. Ethics in Project Management
Ethics, loosely defined, is a set of principles that
guide our decision making based on personal values
of what is “right” and “wrong”
Project managers often face ethical dilemmas
In order to earn PMP certification, applicants must
agree to PMI’s Code of Ethics and Professional
Conduct
Several questions on the PMP exam are related to
professional responsibility, including ethics
B.Moghimi@ug.edu.ge
101. Project Management Software
There are hundreds of different products to assist
in performing project management
Three main categories of tools:
Low-end tools
Midrange tools
High-end tools
B.Moghimi@ug.edu.ge
103. Careers Using Project
Management Skills
Everyone carries out projects, every role in every
organization.
Projects can be any size from one-person doing his
or her homework to thousands of people working
together with billion-dollar budgets.
B.Moghimi@ug.edu.ge
105. Industry sectors
Business owners
Agriculture and Natural Resources
Arts, Media and Entertainment
Building Trades and Construction
Energy and Utilities
Engineering and Design
Fashion
Finance
. . . continued on next slide
B.Moghimi@ug.edu.ge
106. Industry sectors (continued)
Health and Human Services
Hospitality, Tourism and recreation
Manufacturing and Product Development
Education
Public Services
Retail and Wholesale Trade
Transportation
Information Technology
B.Moghimi@ug.edu.ge
108. “Take calculated risks. That is quite different
from being rash.” General George S. Patton
“Only those who risk going too far can possibly
find out how far they can go” T.S. Elliot
“Of course you have to go out on a limb
sometimes; that’s where the fruit is” Unknown
Risk
B.Moghimi@ug.edu.ge
110. What is “Risk”?
Risk is the net mission impact considering both the
likelihood that a particular threat-source will exercise
(accidentally trigger or intentionally exploit) a
particular information system vulnerability, and the
resulting impact on the organization if this should
occur (NIST)
Risk is the probability of a vulnerability being
exploited in the current environment, leading to a
degree of loss of confidentiality, integrity, or
availability, of an asset. (Microsoft)
B.Moghimi@ug.edu.ge
111. What is Risk Management?
The total process of identifying, controlling,
and minimizing information system related
risks to a level commensurate with the value
of the assets protected
The goal of a risk management program is
to protect the organization and its ability to
perform its mission from IT-related risk
B.Moghimi@ug.edu.ge
112. National Institute of Standards and Technology SP 800-30
The Ten Steps of Risk Assessment
1) System Characterization
2) Threat Identification
3) Vulnerability Identification
4) Control Analysis
5) Identify Threat-source/Vulnerability Pairs
6) Likelihood Determination
7) Impact Analysis
8) Risk Determination
9) Control Recommendations
10) Results Documentation
B.Moghimi@ug.edu.ge
113. Risk Management is the
Keystone of Information Security
B.Moghimi@ug.edu.ge
114. Golden and Silver Rules of RM
Golden: All risk is owned!
Silver: Risk that is not assigned is owned by
the organization’s Director
B.Moghimi@ug.edu.ge
115. Threats to What Vulnerabilities?
Unlocked doors
Unlocked windows
Misconfigured systems
Missing patches
Antivirus out-of-date
Poorly written apps
Vendor backdoors
Spyware
Software Configuration
Systems not monitored
Unnecessary protocols
Poorly defined procedures
Stolen credentials
Poor password protection
Poor Disaster Recovery
Violations not reported
B.Moghimi@ug.edu.ge
116. Vulnerabilities Protected by What Security Controls?
Controls Physical Technical Administrative
Preventive Key-card access
to enter area
System & Network
Monitoring
Security Awareness
Training for staff
Detective Seals on archive
file cabinets
Admin message on
3 incorrect logins
Audit of employee
exit procedures
Deterrent Closed-circuit
camera monitor
Account lockout
after 3 attempts
Data owner
approval of rights
Corrective Physical Isolation
of servers
Firewall changes
from past events
Arranging for day
time cleaning
Recovery Electronic records
recreate physical
Netware’s file
“Salvage” option
Contact police after
security breach
B.Moghimi@ug.edu.ge
118. Microsoft Says . .
Risk Management Has Four Phases
1) Assessing Risk – Triage an entire list of security
risks, identifying the most important
2) Conducting Decision Support – Potential control
solutions are evaluated, and the best are
recommended for mitigating top risks
3) Implementing Controls – Control solutions are put
in place
4) Measuring Program Effectiveness – Checking to
make sure that the controls are providing the
expected protection
B.Moghimi@ug.edu.ge
120. National Institute of Standards and Technology SP 800-30
The Ten Steps of Risk Assessment
1) System Characterization
2) Threat Identification
3) Vulnerability Identification
4) Control Analysis
5) Identify Threat-source/Vulnerability Pairs
6) Likelihood Determination
7) Impact Analysis
8) Risk Determination
9) Control Recommendations
10) Results Documentation
B.Moghimi@ug.edu.ge