Start Date
16-8-2018 12:00 AM
Description
Information technology projects can be divided into three meta-phases – project conception, project execution, and project deliverable use. Each of these meta-phases has associated cybersecurity risks and the potential for being impacted by these risks. This paper performs an analysis of four recent major, publicized project-related cybersecurity incidents and found evidence of cybersecurity risk across project meta-phases. By identifying where cybersecurity risks became vulnerabilities and where vulnerabilities became realized as actual events and outcomes, this research effort suggests that project risk management efforts should begin prior to the project start and consider cybersecurity risks that may affect stakeholders long after the project concludes. This paper hopes to contribute to both research and practice by focusing more attention on how early project cybersecurity affects long-term cybersecurity outcomes.
Recommended Citation
Presley, Steven; Landry, Jeffrey; and Shropshire, Jordan, "Cybersecurity Threats in the Context of Project Meta-Phases" (2018). AMCIS 2018 Proceedings. 10.
https://aisel.aisnet.org/amcis2018/ITProjMgmt/Presentations/10
Cybersecurity Threats in the Context of Project Meta-Phases
Information technology projects can be divided into three meta-phases – project conception, project execution, and project deliverable use. Each of these meta-phases has associated cybersecurity risks and the potential for being impacted by these risks. This paper performs an analysis of four recent major, publicized project-related cybersecurity incidents and found evidence of cybersecurity risk across project meta-phases. By identifying where cybersecurity risks became vulnerabilities and where vulnerabilities became realized as actual events and outcomes, this research effort suggests that project risk management efforts should begin prior to the project start and consider cybersecurity risks that may affect stakeholders long after the project concludes. This paper hopes to contribute to both research and practice by focusing more attention on how early project cybersecurity affects long-term cybersecurity outcomes.