3.1.5 Cyber Security in Project Management
| No: 381000091275 | Date(g): 24/5/2017 | Date(h): 28/8/1438 | Status: In-Force |
Principle
Cyber security should be addressed in project management and project governance.
Objective
To ensure that the all the Member Organization's projects meet cyber security requirements.
Control considerations
| 1. | Cyber security should be integrated into the Member Organization's project management methodology to ensure that cyber security risks are identified and addressed as part of a project. | |
| 2. | The Member Organization's project management methodology should ensure that: | |
| a. | cyber security objectives are included in project objectives; | |
| b. | the cyber security function is part of all phases of the project; | |
| c. | a risk assessment is performed at the start of the project to determine the cyber security risks and to ensure that cyber security requirements are addressed either by the existing cyber security controls (based on cyber security standards) or to be developed; | |
| d. | cyber security risks are registered in the project-risk register and tracked; | |
| e. | responsibilities for cyber security are defined and allocated; | |
| f. | a cyber security review is performed by an independent internal or external party. | |