Meet Tonight’s Speaker
What an exciting time to attend yet another successful in-person event. Extending a heart filled appreciation to share an evening filled with knowledge from Kristine Hayes Munson, MBA, CISM, PMP, CIA. She is a VP, IT Risk & Compliance Manager at State Street. PMI-OC recognized Ms. Hayes Munson as a PMI-OC Fellow. She remains an active chapter volunteer supporting the Fellows Nominating Committee and the New Member Orientation team. She has a very prestigious background as an IT leader with a proven track record of successfully completing projects in the finance, printing, and construction industries. She specializes in implementing high-profile, cross-discipline projects resulting in deliverables aligned with the organization’s strategic objectives.
Meet Industry Affinity Group
Before we migrate into the informative presentation from our speaker, we will take a moment to introduce you to one of PMI-OC’s newest divisions. Industry Affinity Group is a program with a focus on helping Orange County to “hear and answer the need for projects.” Their main objective is on making connections among project managers within diverse industries for a maximum impact upon local businesses and clients everywhere. With the rapid changes of our time, the need for projects is in the highest demand to date. The time is now to align project management professionals to meet those needs.
The Basics of Security Project Documentation and Project Data
I am convinced that there are only two types of companies: those that have been hacked and those that will be. And even they are converging into one category: companies that have been hacked and will be hacked again. —Robert Mueller, while serving as FBI Director, at 2012 RSA Cyber Security Conference
It is absolutely to look back at some of the nation’s most famous security breaches of the century. As a matter of fact the last decade has been plagued with the likes of the Target debacle of 2013 which effected as many as 110 million customer’s credit/debit card information. What about the breath taking 2017 Equifax fallout leaving 143 million customer’s personal information grasping for the nearest oxygen tank.
You can peek at the remaining disasters at: www.npr.org/2019/07/30/746509206/capital-one-data-breach-exposes-over-100-million-customers
Don’t forget to do your due diligence in monitoring your personal data. Some simple yet affective ways of utilizing an eagle eye is by monitoring your credit reports and/or signing up for a monitoring service. If you should find any erroneous information you are advised to file a complaint with IC3.gov and placing a fraud alert on each credit reporting company.
How to Identify Your Project and Product Data
It is so easy to depend on the company IT Department to magically secure all data but as a project manager it was suggested to build an information security standard into the project and product KPIs. As a reference recall the NIST CSF Framework.
As a review let review a few definitions a few key terms covered throughout the remainder of the seminar. Data Asset Inventory is the data existing and where it is housed within the company. Structured Data is what you know as electronic and can be accessed via an application itself. An Unstructured Data can also be electronic and classified as reports or information extracted from an application. Kristine absolutely blew all of our minds with the following statistic. Food for thought isn’t it? How about you or your company, do you know whom is the Data Owner and all of the responsibility this type of ownership would entail? Hint: Neither IT nor your Cyber Security team owns the data unless it is specific for their business unity. These are vital questions and issues that should be addressed in every project and directly contribute to the success of your projects.
Data Classification is divided into 3 categories: Confidential, Company Internal, and General Public and should be noted that throughout the business life cycle it can change.
High-Level Information Security Risk-Analysis for Your Projects
Remember you are not alone in your quest to a secure project and product data, in fact there are rules and regulations to follow. Refer to California Consumer Privacy Act of 2018 (CCPA) or Global Data Protection Regulation (GDPR) and others not mentioned here. When thinking about a full scale risk analysis you would automatically reminiscence of your Probability and Impact matrix. All these considerations can seem cumbersome when you are working through each area but the ultimate goal reach project success while maintaining alignment to your company’s business need. Kristine closed our session with a reminder for each of us to build a communication with our stakeholders and project teams to target creating a security minded culture. This will ensure that the right people will see the right data at the right times.