Considerations for Information Security in Projects


By Neelov Kar

Dallas, Texas, USA



Use of information in our daily life has become essential in the 21st century. Projects are planned and executed based on a plethora of information that has accumulated in the past or has been generated during the process. Information processing has become a part and parcel of any project, whether it is constructing a high rise condo, building a nuclear submarine, developing a new application, building a new hospital or manufacturing a self-driving car. On one hand information helps us to develop a sophisticated service but at the same time it becomes our responsibility to protect it from unauthorized access.

We deal with sensitive information such as intellectual property or personally identifiable information. For example, we cannot think of building a new hospital without an integrated information processing system that is interfaced with the medical devices used in different departments such as radiology or pathology etc., as well as the front office where patient registration happens. At every step of the way we are either receiving sensitive information from the patient or generating new information during the service or storing the information for future use.

During the project planning we must analyze the security exposer and should plan to protect the information. Some of the international standards define this as mandatory requirements.

The author would like to provide the basic requirements from different international standards such as ISO 27001, ISO 27018, PCI, SSAE16 and CSA STAR that are relevant for project initiation, planning, execution, control and closing phases.


Information technology is part of our daily life. As a project manager we use social media, web based application and other IT tools to manage our projects. People are biggest risk for information security. We need to be careful about who we recruit and how we maintain the information security discipline in the team. We not only have to protect the project information but also need to analyze if there is any security vulnerability that can impact information security of the project. Here are some examples that can happen to your projects.


To read entire paper, click here


Editor’s note: Second Editions are previously published papers that have continued relevance in today’s project management world, or which were originally published in conference proceedings or in a language other than English.  Original publication acknowledged; authors retain copyright.  This paper was originally presented at the 11th Annual UT Dallas Project Management Symposium in August 2017.  It is republished here with the permission of the authors and conference organizers.

About the Author

Neelov Kar

Dallas, Texas, USA



Neelov Kar
has been working as Account Manager (Client Executive) in Perot Systems since 1998, where he has been instrumental in opening new accounts and managing and expanding existing accounts at different client sites with different technologies and domain expertise. As an Account Manager/ Program Manager he has implemented multiple large projects on mainframe and client server environment.  He was also involved in recruiting and training/ mentoring the project managers and helped them in their career progression.

He is a PMP, RABQSA certified ISO 9000 Lead Auditor, ISO 14001 Lead Auditor, ISO 27000 Lead Auditor, ISO/IEC 20000 certified, Six Sigma Certified, CSA STAR certified and a Certified Quality Analyst.  Neelov can be contacted at [email protected]