The Information Technology (IT) Operations of the companies that I have worked at have instituted policies whereby Engineering develops a product, then they train Operations and then the project looks at the the Security. At a detailed level the flow looks like this: Engineering →Operations → Help Desk→Security. This process has put the hardest part of the project with the least amount of time associated with it. In order to improve your project flow and improve the committment to project dates, the flow needs to change.
Projects need to start with Security. Inserting the security tasks at the end of the project will lead to significant deployment delays. Security can choose to initiate the project or they can provide the initial listing of features and requirements. The security requirements for IT projects is growing larger by the day as companies are under constant attack! Security requirements need to comply with Department of Defense (DoD) and National Institutes of Standard of Technology (NIST). These requirements can have several architectural items that makes the deployment of the product or feature difficult. Understanding the security requirements at the beginning of the project can set the proper duartion for the deployment. In the organizations that I read about, Engineering develops the durations and then is “surprised” when they engage Security at the end of the program. Securing the product should be the top level of your project.
Once the Security requirements are collected, the Engineering team can implement the requirements into the project or feature that they want to deploy. This allows Engineering to develop a test plan that will test for the security requirements to confirm that they have been implemented. This layered approach with the early coordination with security sets realistic project durations.
The completed Engineering design and deployment complete with the Security Requirements can be delivered to the Operations area. Your operations area should prioritize the training with your help desk team. Coordinating early discussions with the Operations area will allow you to gather the documents that they need to learn and test the product.
Prioritizing Security in your Project Flow will enhance your ability to set project completion dates and improve your products that you deliver in your organization. Your flow will now be represented as: Security →Engineering →Operations →Help Desk