Advertise on ITWeb         Wed, 24 May, 15:39:45 PM

Why infosec projects bomb

There are several reasons why information security projects don't succeed, and they are not generally due to technical issues, said Raymond du Plessis, managing consultant at Mobius Consulting.

He spoke at ITWeb Security Summit 2015, in Midrand, yesterday, and outlined the reasons for project failure.

According to Du Plessis, information security projects end up as ‘shelfware' because:

* They don't meet business expectations;
* They aren't operationally effective;
* They fail to effectively mitigate risks;
* There is user, business and IT adoption failure;
* The project did not develop and embed processes and procedures;
* There was too much focus on the technological aspects and not enough on ‘soft' issues;
* There was a lack of appreciation of the required resources, skills and capacity;
* There was a lack of communication; and
* The project had over-ambitious goals and lacked a long-term approach.

Du Plessis recommended avoiding these pitfalls by considering the technical, business and operational requirements before moving a project to tender stage. He said companies need to understand and plan their resource and skills requirements upfront, and also include long-term plans in their requests for proposals.

These issues, he noted, need to be detailed in the tender process.

Related stories:

Enjoyed this story? Subscribe to ITWeb's Security News newsletter.

Our comments policy does not allow anonymous postings. Read the policy here




Sponsors Message

Event Videos

ITWeb Events: The Infosec International Boys Club

ITWeb sits down with a few male international speakers on the agenda at the Security Summit 2017 to discuss how hacking is perceived in the media and how the ’threatscape’ has changed.