project scope management information technology project management, fifth edition note: some slides...
TRANSCRIPT
Project Scope ManagementProject Scope Management
Information Technology Project Information Technology Project Management,Management,Fifth EditionFifth EditionNote: some slides have been removed from the author’s original presentation.Some slides are added to address security projects
What is Project Scope Management?Scope refers to all the work involved in creating
the products of the project and the processes used to create them
A deliverable is a product produced as part of a project, such as hardware or software, planning documents, or meeting minutes
Project scope management includes the processes involved in defining and controlling what is or is not included in a project
Information Technology Project Management, Fifth Edition, Copyright 20072
Project Scope Management Processes1. Scope planning: deciding how the scope will be defined,
verified, and controlled
2. Scope definition: reviewing the project charter and preliminary scope statement and adding more information as requirements are developed and change requests are approved
3. Creating the WBS: subdividing the major project deliverables into smaller, more manageable components
4. Scope verification: formalizing acceptance of the project scope
5. Scope control: controlling changes to project scope
Information Technology Project Management, Fifth Edition, Copyright 20073
Figure 5-1: Project Scope Management Summary
Information Technology Project Management, Fifth Edition, Copyright 20074
1. Scope Planning and the Scope Management Plan
The scope management plan is a document that includes descriptions of how the team will prepare the project scope statement, create the WBS, verify completion of the project deliverables, and control requests for changes to the project scope
Key inputs include the project charter, preliminary scope statement, and project management plan
Information Technology Project Management, Fifth Edition, Copyright 20075
2. Scope Definition and theProject Scope StatementThe preliminary scope statement, project charter,
organizational process assets, and approved change requests provide a basis for creating the project scope statement
As time progresses, the scope of a project should become more clear and specific
Information Technology Project Management, Fifth Edition, Copyright 20076
Scope definitionThe scope may be described in many different
ways, dependently on the project natureFor example:
The list of functions to be deliveredOutline of technology environment to be coveredCategory of devices to be includedParticular technology solutions to be incorporated
Information Technology Project Management, Fifth Edition, Copyright 20077
3. Creating the Work Breakdown Structure (WBS)A WBS is a deliverable-oriented grouping of the
work involved in a project that defines the total scope of the project
WBS is a foundation document that provides the basis for planning and managing project schedules, costs, resources, and changes
Decomposition is subdividing project deliverables into smaller pieces
A work package is a task at the lowest level of the WBS
Information Technology Project Management, Fifth Edition, Copyright 20078
Approaches to Developing WBSsUsing guidelines: some organizations provide
guidelines for preparing WBSsThe analogy approach: review WBSs of similar
projects and tailor to your projectThe top-down approach: start with the largest
items of the project and break them downThe bottom-up approach: start with the specific
tasks and roll them upMind-mapping approach: mind mapping is a
technique that uses branches radiating out from a core idea to structure thoughts and ideas
Information Technology Project Management, Fifth Edition, Copyright 20079
Figure 5-6: Sample Mind-Mapping Approach for Creating a WBS
Information Technology Project Management, Fifth Edition, Copyright 200710
What Went Wrong?A project scope that is too broad and grandiose
can cause severe problemsScope creep and an overemphasis on technology for
technology’s sake resulted in the bankruptcy of a large pharmaceutical firm, Texas-based FoxMeyer Drug p. 201
In 2001, McDonald’s fast-food chain initiated a project to create an intranet that would connect its headquarters with all of its restaurants to provide detailed operational information in real time; after spending $170 million on consultants and initial implementation planning, McDonald’s realized that the project was too much to handle and terminated it. p.202
Northrop Grumman insurance, 1980’s, system dubbed “Naziware”; not in touch with how end users did their work. p202
Information Technology Project Management, Fifth Edition, Copyright 200711
4. Scope VerificationIt is very difficult to create a good scope statement
and WBS for a projectIt is even more difficult to verify project scope and
minimize scope changesScope verification involves formal acceptance of
the completed project scope by the stakeholdersAcceptance is often achieved by a customer
inspection and then sign-off on key deliverables
Information Technology Project Management, Fifth Edition, Copyright 200712
5. Scope ControlScope control involves controlling changes to
the project scopeGoals of scope control are to:
Influence the factors that cause scope changesAssure changes are processed according to
procedures developed as part of integrated change control
Manage changes when they occurVariance is the difference between planned and
actual performance
Information Technology Project Management, Fifth Edition, Copyright 200713
ScopeCreep
Best Practices for Avoiding Scope Problems1. Keep the scope realistic …
2. Involve users in project scope management …
3. Use off-the-shelf hardware and software whenever possible …
4. Follow good project management processes: …
Information Technology Project Management, Fifth Edition, Copyright 200714
Define Security Project Scope Make sure that your scope covers most vulnerable
assetsPerform vulnerability analysis to identify key areas for your
projectEvaluate outstanding assets and perform risks
analysisUse the company-wide methodology of security risks
management Write so called Residual Risks Statement
Outline security risks that remain after the project implementation
Send the statement to the manager
Information Technology Project Management, Fifth Edition, Copyright 200715
Create Security Project WBSThe same approach as for any other project
Use applicable tasks, e.g installation, hardening, configuration
Practical things to think about:Needs to verify the project deliverables against the enterprise-wide
security architectureNeeds to verify and adjust access control policy and implementationNeeds to change other security policiesNeeds to change SETA (security education, training, and awareness
program)Needs to implement users trainingNeeds to perform security risks assessment after the project
implementation and provide final Residual Risks StatementNeeds to update Business Continuity Plan (aka Disaster Recovery)
Information Technology Project Management, Fifth Edition, Copyright 200716
Verifying Security Project Scope Review with Information Security department at a minimum Review with Risk Management and Compliance for more serious
projects If you have to reduce the scope make sure that the security level is
not silently impacted – go with residual risks statement If the project affects end users, talk to them. Make sure that usability
remains at the acceptable level Talk to IT people. Make sure that the system non-functional
requirements (scalability, performance, flexibility) are not impacted
Information Technology Project Management, Fifth Edition, Copyright 200717
Build WBS on the basis of SDLCThere is misunderstanding of SDLC as it would
apply to the software development projectsSDLC applies to ANY IT projectANY solution assumes
RequirementsDesignImplementation in QATestingLaunch to production
Build your WBS on the basis of SDLC
Information Technology Project Management, Fifth Edition, Copyright 200718