Projects & Operations

CISO projects operations

Domain 3: Management – Project and Operations


  • For each information systems project develop a clear project scope statement in alignment with organizational objectives.
  • Define activities needed to successfully execute the information systems program, estimate activity duration, and develop a schedule and staffing plan.
  • Develop, manage and monitor the information systems program budget, estimate and control costs of individual projects.
  • Identify, negotiate, acquire and manage the resources needed for successful design and implementation of the information systems program (e.g., people, infrastructure, and architecture).
  • Acquire, develop and manage information security project team.
  • Assign clear information security personnel job functions and provide continuous training to ensure effective performance and accountability.
  • Direct information security personnel and establish communications, and team activities, between the information systems team and other security-related personnel (e.g., technical support, incident management, security engineering).
  • Resolve personnel and teamwork issues within time, cost, and quality constraints.
  • Identify, negotiate and manage vendor agreement and communication.
  • Participate with vendors and stakeholders to review/assess recommended solutions, identify incompatibilities, challenges, or issues with proposed solutions.
  • Evaluate the project management practices and controls to determine whether business requirements are achieved in a cost-effective manner while managing risks to the organization.
  • Develop a plan to continuously measure the effectiveness of the information systems projects to ensure optimal system performance.
  • Identify stakeholders, manage stakeholders’ expectations and communicate effectively to report progress and performance.
  • Ensure that necessary changes and improvements to the information systems processes are implemented as required.