Task 1 - ICTPMG505_CapoquianCarl

ICTPMG505 Manage ICT Projects ID No. DAN6138 Name: Carl Lesther Capoquian Date: 20 November, 2023

1. Define the project a. Appendix A – Project Scope Plan Project Name: IT Cybersecurity Plan Project No: 1 Project Manager: Carl Lesther Capoquian Start date: 23/02/2015 Background data: Problem/Opportunity The Port of Tacoma aims to improve its cybersecurity in response to federal initiatives for port facility security. Organisation and Project Objective Enhance the cybersecurity of the Port's technology infrastructure. Comply with federal cybersecurity regulations. Identify vulnerabilities and develop a prioritized set of actions to lessen risks. Project deliverables Detailed assessment report. Recommendations to improve security. Prioritized plan for future cybersecurity enhancements. In Scope Cybersecurity Vulnerability Assessment. Review of current security measures. Assessment of network vulnerabilities. Out of scope Implementing cybersecurity solutions. Ongoing monitoring post-assessment Project constraints Budget is limited to $100,000.00. Project duration until August 31, 2016. Assumptions Selected vendor will sign required agreements. Proposed timeline and budget are feasible. Proposed high-level project timeline Phase Dates Notes Initiation 1 st week Team introduction Planning 2-3 rd week Detailed planning, resource allocation Executing 4-5 th week Cybersecurity assessment activities Monitoring 6-7 th week Weekly reports, weekly communications Closure 8-9 th week Reporting, project closure, final assessment Proposed high-level budget (cost and human resources) 1. Initiation Phase: Cost: $5,000 Resources: Project Manager, IT Security Consultant 2. Planning Phase: Cost: $15,000 Resources: Project Manager, IT Security Consultant, Support Staff 3. Execution Phase: Cost: $60,000 Resources: Project Manager, IT Security Consultant

2. Establish the project (Project Charter) a. Project Background - This project aims to fortify cybersecurity at the Port of Tacoma, aligning with federal initiatives for critical infrastructure security. b. Project purpose and justification - To conduct a thorough cybersecurity assessment, comply with federal regulations, and enhance the Port's cybersecurity posture. c. High Level Project scope Statement Project Objectives and Success Criteria Objectives :  Conduct Thorough Assessment: Identify IT vulnerabilities within the Port's infrastructure and policies.  Create Mitigation Plan: Prioritize and address identified vulnerabilities to enhance cybersecurity. SMART Success Criteria:  Specific : Identify 80% of critical IT vulnerabilities.  Measurable : Reduce risks by 30% within six months through mitigation actions.  Achievable : Implement industry best practices to fortify cybersecurity.  Relevant : Ensure compliance with federal cybersecurity regulations.  Time-bound : Complete assessment and mitigation plan by August 31, 2016. This project supports broader organizational goals by improving critical infrastructure cybersecurity, ensuring compliance, and fortifying the Port's cybersecurity defenses. High Level Project Scope and Requirements In scope  Cybersecurity Vulnerability Assessment.  Review of current security measures.  Assessment of network vulnerabilities. Out of scope  Implementing cybersecurity solutions.  Ongoing monitoring post-assessment. Assumptions The main assumptions are:  Selected vendor will sign required agreements.  Proposed timeline and budget are feasible. Constraints The main constraints are:  Budget is limited to $100,000.00.  Project duration until August 31, 2016. d. Project Methodology and Approach

- The project will follow the NIST Cybersecurity Framework and the OpSec Five Step Process. The Phases include Initiation , Planning , Execution , Monitoring , and Closure , each with specific deliverables aligned with the assessment and plan. Here is the description for each:  Initiation -Define project objectives and stakeholders' roles.  Planning -Create a detailed project plan and resource allocation.  Execution -Conduct cybersecurity assessment and policy review.  Monitoring -Monitor progress and manage risks.  Closure -Finalize assessment reports and ensure project closure. e. Project Structure f. Project Stakeholders and Authority Name Title Authority Michael Keim Senior Contract Administrator Overall oversight of contractual aspects and project governance. Carl Capoquian Project Manager Responsible for project management, decision- making, and coordination among stakeholders. Kristel Angela IT Security Consultant Technical expertise in conducting cybersecurity assessments and providing recommendations. Melvin Cyrus Justin Ralph Kiara Margareth IT Department Staff Collaboration and support roles, providing necessary resources and cooperation as per project requirements. g. Project high level risks Port of Tacoma, Client Carl Capoquian, Project Manager IT Securiy Consultant IT Department Staf Michael Keim, CPPB

Carl 17/10/23 Carl Definitions Term/Abbreviation Full name Description 3. Develop a Project Plan a.  Scope Changes: Engage Project Manager, IT Security Consultants, and Stakeholders when altering project scope for comprehensive assessment.  Risk Management: Consult Project Manager, IT Security Consultants to identify and address project risks.  Resource Allocation: Project Manager, Support Staff to manage resources and workload effectively.  Quality Review: Project Manager, IT Security Consultants to ensure deliverables meet quality standards. b.  National Institute of Standards and Technology (NIST) Framework - Offers guidelines and standards for improving critical infrastructure cybersecurity. It provides a framework that aligns with best practices for cybersecurity assessments.  Federal Information Security Modernization Act (FISMA): - Directs federal agencies in securing their data, information systems, and infrastructure. It is relevant for assessing and enhancing cybersecurity measures within federal entities or projects involving federal grants. c. Task no Phases/Tasks/Milestones Duration Start Date (based on elapsed) Finish Date (based on elapsed) Sequence/predecessors Resources 1 Initiation Phase: Define project objectives and stakeholders' roles 7 days 23/02/201 5 2/3/2015 - Project Manager, IT Security Consultant 2 Planning Phase: Create a detailed project plan and resource allocation 14 days 2/3/2015 16/3/201 5 1 Project Manager, IT Security Consultant , Support Staff(IT Staff) 3 Execution Phase: Conduct cybersecurity assessment and policy review 14 days 16/3/2015 30/3/201 5 2 Project Manager, IT Security Consultant 4 Monitoring Phase: Monitor progress and manage risks 14 days 30/3/2015 13/4/201 5 3 Project Manager, IT Security Consultant 5 Closure Phase: Finalize assessment reports and ensure project closure 14 days 13/4/2015 27/4/201 5 4 Project Manager, IT Security Consultant

Risk no. Risk Description Risk Priority Risk Mitigation Strategy 1 Insufficient cooperation from internal IT staff Probability: Medium Impact: High Overall: Critical Mitigation: Encourage open communication, provide incentives, and offer training to engage IT staff effectively. 2 Inadequate documentation of IT infrastructure Probability: Medium Impact: High Overall: Critical Mitigation: Implement a structured documentation process, conduct regular audits, and involve external experts if necessary. 3 Non-compliance with Sensitive Security Information (SSI) regulations Probability: Medium Impact: Low Overall: Medium Mitigation: Regular training sessions on SSI guidelines, continuous monitoring, and compliance checks. 4 Technical difficulties in assessing wireless network vulnerabilities Probability: Low Impact: High Overall: High Mitigation: Engage specialized consultants, conduct thorough testing, and implement additional security measures. Categor y Item Quantity/Ho urs Cost per Item/Hour Total Cost Labour Project Manager - $50/hour $15,000 Labour IT Security Consultant - $80/hour $24,000 Labour IT Department Staf - $40/hour $6,000 Materials Software Licenses 3 licenses $1,000/license $3,000 Materials Documentation Supplies - $500 $500 Equipme nt IT Testing Equipment - $5,000 $5,000 Travel Project-related travel - $2,000 $2,000 Others Contingency - $10,000 $10,000 Total - - - $65,500 i. Work Breakdown Structure (WBS) and WBS dictionary Work Breakdown Structure (WBS) 1. Initiation Phase  1.1 Define Project Objectives  1.2 Identify Stakeholders  1.3 Develop Project Charter 2. Planning Phase  2.1 Create Project Plan  2.2 Resource Allocation  2.3 Risk Assessment 3. Execution Phase  3.1 Conduct Cybersecurity Assessment  3.2 Policy Review  3.3 Vulnerability Testing

iii. Roles and Responsibilities of the Project Team 1. CPPB (Senior Contract Administrator):  Facilitates procurement and contractual aspects.  Liaises between the organization and external parties.  Ensures compliance with procurement guidelines and regulations. 2. Project Manager:  Oversees the entire project lifecycle and its successful delivery.  Develops project plans, schedules, and resource allocation.  Manages communication among stakeholders, ensuring project objectives are met. 3. IT Security Consultant:  Conducts comprehensive cybersecurity assessments.  Identifies vulnerabilities and recommends risk mitigation strategies.  Assists in developing cybersecurity plans aligned with industry standards. 4. IT Department Staff:  Provides technical support and expertise in the organization's IT infrastructure.  Collaborates with the IT Security Consultant for assessment and policy implementation.  Assists in implementing recommended cybersecurity measures and ensuring system compliance. d. 1. Prepare a Clear Proposal : Outline project goals, scope, resources needed, and expected outcomes 2. Discuss with Team: Share the proposal with the project team. Address questions or concerns. 3. Seek Team Approval: Request formal approval from each team member. Document their consent. 4. Senior Approval: If needed, seek approval from senior management or stakeholders. 5. Finalize and Implement: Incorporate feedback into the proposal. Start the project according to the approved plan. 4. Administering and Monitoring the Project a. To ensure stakeholders know their responsibilities and tasks:  Document Roles: Create a clear document outlining each stakeholder's role, tasks, and deadlines.  Meetings or Emails: Hold brief meetings or send emails to explain individual responsibilities and tasks.  Regular Updates: Provide periodic updates to reinforce roles and clarify any changes or concerns.  Open Communication: Establish accessible channels for stakeholders to ask questions or seek clarification.

 Confirm Understanding: Request stakeholders to acknowledge their understanding of their assigned tasks and responsibilities. b.  Scheduling Concern: Ensuring adequate time allocation for cybersecurity assessment without impacting ongoing IT operations.  Quality Concern: Verifying the accuracy and completeness of vulnerability assessments to meet industry standards and ensure strong cybersecurity measures. i. Scheduling Concern : Evaluate the project team's workload and redistribute tasks if necessary to accommodate the cybersecurity assessment, Also implement a flexible schedule, allowing for adjustments without disrupting critical IT operations. Quality Concern : Conduct regular internal reviews and audits to ensure thoroughness and adherence to industry best practices. c. Risk Control i. Scope : Regularly review and update project scope documents. Have clear change management procedures to handle scope alterations. ii. Time : Use schedules and deadlines, track progress, and address delays promptly. iii. Finances : Maintain accurate financial records, conduct regular budget reviews, and seek authorization for any budget modifications. iv. Resources : Monitor available resources, adjust as needed, and ensure the right people are allocated to tasks. v. Quality : Set quality benchmarks, conduct regular quality checks, and employ continuous monitoring to maintain set standards. vi. Risks : Continuously identify and assess risks, implement strategies to mitigate them, and regularly review risk plans for updates. d. Appendix C Project deliverable Standards or Requirements Quality Assurance Quality Control Cybersecurity Vulnerability Assessment Report Department of Homeland Security guidelines, National Institute of Standards and Technology (NIST) Cybersecurity Framework, Port of Tacoma IT Security Policies Ongoing review of assessment methodologies against DHS and NIST frameworks, continuous internal audits to ensure compliance, regular stakeholder consultations for alignment with Port's policies. Final review by an external cybersecurity audit firm, validation against agreed-upon Port of Tacoma security benchmarks, formal approval from Port's IT Security team before submission. Vulnerability Mitigation Plan Alignment with NIST Cybersecurity Framework, DHS guidelines, and Port of Tacoma IT Security Policies Rigorous assessment of proposed mitigation strategies against NIST and DHS guidelines, peer reviews by cybersecurity experts, regular updates based on emerging threats. Independent validation of proposed actions, comprehensive review by the Port's IT security team, validation of the roadmap's effectiveness against agreed benchmarks. IT Policies and Procedure Recommendations Conformity with NIST Cybersecurity Framework, Port of In-depth analysis to ensure alignment with NIST Independent assessment of proposed policies

d. Here is the project Checklist:  Review cybersecurity assessment report against initially defined vulnerabilities.  Validate mitigation plan completeness and alignment with identified risks.  Ensure IT policies and procedure recommendations adhere to agreed-upon standards. And yes, the project would be considered successful if it met the objectives outlined in the plan, effectively identifying vulnerabilities and providing actionable strategies. e. i. The Project Manager, IT Security Consultant, IT Department Staff would be involved. ii. Insights on the effectiveness of methodologies used, challenges faced during implementation, and suggestions for improvements. iii. Conducting team meetings or surveys to gather feedback, organizing review sessions to discuss experiences and suggestions for enhancing future project outcomes. f. Identify four key lessons and suggest how you would change your approach to your next project. Date Description Recommended action Raised by Communication gaps occurred between the IT department and consultants, affecting the assessment progress Implement regular cross-functional meetings to enhance communication and collaboration. Project Manager Underestimated resource requirements during the execution phase, leading to delays. Conduct a thorough resource assessment and maintain flexibility in resource allocation. IT Security Consultant Insufficient contingency planning for unexpected technical complexities. Develop a comprehensive risk mitigation strategy with specific focus on technical uncertainties. IT Department Staff Inadequate stakeholder engagement during the planning phase affected alignment with organizational objectives. Prioritize stakeholder involvement at each project stage to ensure alignment with organizational goals. Project Manager