I need to write a Project Plan for my Cybersecurity Project management course. I will attach the instructions in a document below, along with the project charter. Thank you!
Implementation of a cybersecurity awareness program with the goal of training employees to identify potential threats to the organization accurately. Cybersecurity policies are as strong as their weakest link, and employees are the largest source of successful attacks. The goal of the awareness program is to encourage employees to take personal responsibility for safeguarding information and maintain compliance with established cybersecurity measures.
Vision:
An educated workforce that can identify potential threats and risks to company data.
Business problem or opportunity:
The project is launched to minimize the risk involved in increasing social engineering and phishing attacks.
Objectives:
Establish minimum acceptable security awareness
Firm understanding of the organization's cybersecurity procedures and policies
Emphasize strong password hygiene
Enhance email security practices
Reduce risk associated with remote workers
Reduce risk associated with social media
Reduce risk associated with employee's personal devices (cellphones, laptops)
Provide instructions on identifying suspicious content for malware (viruses, spyware, etc.)
Implement mock attacks
Minimize successful phishing attacks
Minimize successful social engineering attacks
Deliverables:
The project will provide the organization with a trained workforce equipped to identify cybersecurity threats, thus reducing the overall risk from social engineering and phishing attacks.
High-Level Schedule:
Project Start Date
Project Planning Dates:
Project Execution Dates:
Customer Feedback Dates:
Constraints:
Lack of time, resources, and support
Assumptions:
Employees will be engaged
Employees will change their behavior
Organization members understand what must be protected
Risks:
Employees do not practice good password hygiene
Employees act impulsively or with emotion
Employees fail to report potential threats
Employees take action that results in a successful attack
Cyberattacks executed before project completion
Cyberattacks not covered by the project are executed.
Failure to engage employees and change behavior
Team Roles and Responsibilities:
Project sponsor - Defines the project's vision, assists in scope development and management, and emphasizes project significance to internal and external stakeholders. Usually a member of senior management.
Project manager - Leads the team in planning and project implementation from start to finish. Reports directly to project sponsor. Oversees each phase of a project is completed thoroughly and on time.
Communications Advisor - Assists in clear communication of the project to the intended audience internally and externally. Assists in resolving communication issues throughout the team and organization.
Subject Matter Expert - Develops content utilized in the awareness program. Distributes relevant materials, tools, and resources to employees. The subject matter expert team members are selected from cybersecurity teams and various departments.
Budget:
Between 5%-15% of the annual IT budget
Scope:
All employees in the organization are included in this project, and each individual represents a separate unique security risk. As such, all individuals must be educated and aware.
