Why infosec projects bomb

Read time 1min 20sec

There are several reasons why information security projects don't succeed, and they are not generally due to technical issues, said Raymond du Plessis, managing consultant at Mobius Consulting.

He spoke at ITWeb Security Summit 2015, in Midrand, yesterday, and outlined the reasons for project failure.

According to Du Plessis, information security projects end up as 'shelfware' because:

* They don't meet business expectations;
* They aren't operationally effective;
* They fail to effectively mitigate risks;
* There is user, business and IT adoption failure;
* The project did not develop and embed processes and procedures;
* There was too much focus on the technological aspects and not enough on 'soft' issues;
* There was a lack of appreciation of the required resources, skills and capacity;
* There was a lack of communication; and
* The project had over-ambitious goals and lacked a long-term approach.

Du Plessis recommended avoiding these pitfalls by considering the technical, business and operational requirements before moving a project to tender stage. He said companies need to understand and plan their resource and skills requirements upfront, and also include long-term plans in their requests for proposals.

These issues, he noted, need to be detailed in the tender process.

See also