Providing a model for establishing information security project management (based on PMBOK standard)

Dissertation for M.Sc. degree.

Computer engineering field - software orientation

Thesis abstract (according to the abstract included in the thesis):

Based on the topic of this thesis, it is better to start the abstract with a few questions to determine the importance of this thesis:

1- Why is project management of great importance? Currently, the problem that exists in the process of optimal implementation of any project is the lack of timing management and its legal performance. However, with the expansion of project management science, this gap has been resolved in projects related to industrial engineering, and with the emergence of standards such as PMBOK, the final version of which will be published on 01/01/2013 (it is worth noting that its trial version was published by the American Project Management Organization), it has led to the creation of specialized courses PMP (Project Management Professional) and PMI (Project Management Institute), which are being conducted by the Project Management Association, which also has a branch in Iran. But there was this problem that these documents were issued to individuals and no organization had a valid management certificate until the ISO organization released the first standard under the title of ISO 21500 and awarded this certificate to organizations according to specific terms and conditions. Considering the progress of information technology science and the entry into the world of IT technology, this need was felt in order to be able to provide a solution for the management of information technology projects according to the project management standard. Therefore, the Iranian Petrochemical Industries Development Management Company for the first time presented a book on IT project management and was able to manage the information technology projects of its organization. Then, with the spread of this topic, several articles on the management of these types of projects were presented and recorded in various sources, including project management conferences, which were mostly conducted by the Ariana Industrial Research Group, which started in 2013. In this regard, researches and experiments were carried out, which unfortunately are less than the number of fingers. Although these articles solved the problems of the organizations to some extent, they also had many problems. 3- Why information security project management: In part 1 and 2, we realized that information technology project management for project integrity management, project scope management, project time management, project cost management, project quality management, human resource management, project communication management, project risk management, and project procurement management is of great importance according to PMBOK, and for the implementation of a successful project, the following factors must be always examined and completed its chart. But currently, no articles have been published on the integration of ISO 27000, which is the information security standard, with PMBOK regarding the management of information security projects, due to the high importance of this issue, and the need is felt that a group with expertise in information technology engineering and software engineering, as well as industrial engineers, can provide an intelligent solution in this regard and prepare a specific chart. The project manager should always be under the doubt and stress of what will happen if one day the programmer or any of the people involved in the project wants to leave the project.

5 - Conclusion of the thesis: In this thesis, which has a practical aspect, we intend to guarantee by designing a specific method and flowchart that we can prevent any disruptions or problems in the process of information security projects. and optimize the three important factors of risk, quality and security.

Why is project management of great importance? Currently, the problem that exists in the process of optimal implementation of any project is the lack of timing management and its legal performance.However, with the expansion of project management science, this gap has been resolved in projects related to industrial engineering, and with the emergence of standards such as PMBOK, the final version of which will be published on 01/01/2013 (it is worth noting that its trial version was published by the American Project Management Organization), it has led to the creation of specialized courses PMP (Project Management Professional) and PMI (Project Management Institute), which are being conducted by the Project Management Association, which also has a branch in Iran. But there was this problem that these documents were issued to individuals and no organization had a valid management certificate until the ISO organization offered the first standard under the title of ISO 21500 and awarded this certificate to organizations according to specific terms and conditions. Considering the progress of information technology science and the entry into the world of IT technology, this need was felt in order to be able to provide a solution for the management of information technology projects according to the project management standard. Therefore, the Iranian Petrochemical Industries Development Management Company for the first time presented a book on IT project management and was able to manage the information technology projects of its organization. Then, with the spread of this topic, several articles on the management of these types of projects were presented and recorded in various sources, including project management conferences, which were mostly conducted by the Ariana Industrial Research Group, which started in 2013. In this regard, researches and experiments were carried out, which unfortunately are less than the number of fingers. Although these articles solved the problems of the organizations to a certain extent, they also had many problems. 3 - Why information security project management: In part 1 and 2, we realized that information technology project management for project integrity management, project scope management, project time management, project cost management, project quality management, human resource management, project communication management, project risk management, and project procurement management according to PMBOK is of great importance and to implement a successful project, the aforementioned factors should always be considered. examined and completed the chart. But currently, no articles have been published on the integration of ISO 27000, which is the information security standard, with PMBOK regarding the management of information security projects due to the high importance of this issue, and the need is felt that a group with expertise in information technology engineering and software engineering, as well as industrial engineers, can provide an intelligent solution in this regard and prepare a specific chart. There should always be this doubt and stress that what will happen if one day the programmer or any of the people involved in the project wants to leave the project one day.

5 - Conclusion of the thesis: In this thesis, which has a practical aspect, we intend to guarantee by designing a specific method and flowchart that by acting on it at the end of the topic, we can prevent any disruptions or problems in the process of carrying out information security projects. and optimize the three important factors of risk, quality and security.

In this thesis, we intend to:

(images are available in the main file)

In the first part, we discuss project management based on the PMBOK standard, and we examine project management methods and express the determining factors in project management. In the second part, according to the conclusions from the first chapter, we discuss the management of information technology projects, which is called IT Security Mmanagement, and at the end of this section, according to the articles and authoritative references, we express project management in the framework of information technology and specify a solution in the form of a flowchart. In the section related to information security and the concepts of ISO 27000 and its branches, we discuss 10 issues of information security and express each of them based on the ISO 27000 standard. In the fourth part, we are going to introduce the discussion of information security into the project management flowchart that we have obtained from the third part, and by changing the project management method and adding parts to it, we have obtained the information security project management method flowchart, and we will test it on several key projects and record the results. In the fifth section, after drawing the information security project management flowchart, we will examine three important factors out of the nine PMBOK factors, which are risk, quality, and security, and determine the amount of progress or regression compared to the standard PMBOK project management flowchart in a table and diagram. Then, in the sixth section, we will conclude the proposed plan and its advantages and disadvantages