Finance Monthly October 2019 Edition

to create an appropriate plan to mitigate risk factors and ensure the safety of confidential data. Appropriate measures should then be taken to fortify systems against identified risks. Security can be an enabler of and contribute to the profitability of a project – whilst also helping to control costs and minimise any negative impacts that might deflect from the ultimate project goal, in some cases. To ensure security is always a top priority, it needs to be integrated and maintained at every level of the project. This might involve anything from limiting data access to authorised individuals only, setting up two- step verification processes and encrypting files and communications to implementing appropriate security software solutions, offering training to team members and upgrading networks and systems regularly to ensure they are utilising the latest safety features. We take a look at three steps managers can take to minimise risks when managing IT projects… 1. Controls and requirements Before undertaking any transformational project, it is important to have clear controls in place. Most companies will already enforce certain requirements, but project managers should also consider whether any further, more specific safety measures are needed – for example, due to the nature of the data being shared or a client’s own security preferences. Even the most robust defences can be taken down using stolen credentials, so adequate protection and measures to secure passwords are essential. For instance, teammembers should be required to update their passwords frequently and create strong passwords which make use of two-step verification. Controls regarding encryption and the sharing of information can also help reduce the risks of a breach and keep communications secure. In order to control and automate the building, testing and deployment of applications, it may also be worth using a Continuous Integration or Continuous Deployment (CI/CD) pipeline to bridge the gap between development and operations teams – helping to enable fast product iterations, provide standardised feedback and remove manual errors. For example, online triage tool Asure automates the assurance process and provides project managers with a 360° view of security risks associated with change and transformation. 2. Application security testing and code scanning Advanced software plays a big part in maintaining security. Fortunately, we are now in a better position to evaluate and mitigate risk than ever before thanks to an increasing number of application security testing and code scanning tools on all systems software and infrastructure. 3. Championing security No matter what type of project you’re working on, ensuring all team members are fully aligned and adequately trained is imperative; this is especially true when it comes to Security Assurance and managing risks. Through proper training, team members will be better equipped to identify risks and understand the measures needed to minimise them – allowing them to take responsibility for and champion security individually as well as collectively. A crucial skill for any project manager is the ability to foresee risks. But they are not expected to be security experts. This is why it is worth seeking the help of a cybersecurity specialist to ensure project goals are met, whilst keeping systems and information secure. Security should also always be planned upfront, during the initial stages of a project, so as not to impact time and cost further down the line. Burning Tree is uncompromising when it comes to cybersecurity. Get in touch today to find out how the company can help you minimise risks through their advanced Consulting Services and Innovative Technology Solutions – so you can get on with managing all the other aspects of your project. www.burningtree.co.uk 49 www.finance-monthly.com FINANCIAL INNOVATION & FINTECH - RISK