However, converging the two managements has drawbacks as well. More often than not, drawbacks weigh more than success on the first stages of the implementation. In light of the mentioned union, his paper will discuss the risks brought about by the new technology, the tasks to be dealt with in developing the Enterprise Information Security Program, and the adherence to executing risk management. The life of any organization or enterprise moving to build up a gateway lies in making goals into reality, and maintaining a successful position in the industry.
Dealing with new things may bring more thoughts to ponder. The unification of Information Security Program Management and Project Management comes with new security threats/risks that must be addressed accordingly. "Unfortunately, in the context of security, requirements and specifications are most often overlooked. This may in turn account for the estimated 92% of security vulnerabilities NIST3 recently attributed to applications."1 Organizations wanting to advance with Information Security Program are susceptible to the possible hazards for the Project Management in setting up new systems to adhere with the goals of both managements. A partner of Hurwitz and Associates, Fran Howarth, wrote an article about "The Convergence of Physical and IT Security." Howarth stated that "IT systems are increasingly being attacked-and not in the way they used to be, by hackers concerned most with gaining the respect of their peers for their exploits, but by criminals intent on financial gain."2 Howarth further explained that:
the heightened security threats that we face today-especially given the high levels of international terrorism that we face-affect huge parts of our lives. In recent years, public buildings, hotels, embassies and transport links have all been targeted by terrorists. And huge parts of our critical national infrastructures, including power, water and food supply, transport links and facilities, government and commercial facilities remain vulnerable, not just to terrorist attacks, but also to theft, sabotage and environmental disasters.3
An executive summary of a research entitled "Making Security an Integral Part of the Management" from Computer Electronics Inc. reveals that "security should be an important element of project management, to ensure that the security implications of these changes are addressed."4 A skilled and knowledgeable project manager must be aware of the security requirements in managing projects.
In addition, A Guideline to the Project & Program Management Standard produced by the International Association of Project and Program Management for the benefit of the project managers who need "to attain project success according to schedule, cost, quality, and to customer expectations."5 IAPPM sees a greater need in developing new techniques as organizations compete to be more accessible in providing solutions, products and services.6 IAPPM describes project management as "the centralized management by an individual to plan, organize, control and deploy key milestones, deliverables and resources from conception through retirement, according to customer goals. Often project managers are skilled to use specific templates and techniques to manage through the preferred project life-cycle."7 For example, a