Cybersecurity is one of the central issues in the operation of any modern technology or program. Any projects involve the transfer of confidential data both for internal use by companies and for external developments. Currently, I work as an IT project manager and lead a team that develops various products and programs for clients’ needs. I know that an IT project manager must operate significant amounts of information, ensure its confidentiality, and correct use to meet the needs of clients. For this reason, it is essential for me to know the features of cryptography algorithms as an IT project manager to ensure the security of customer information and develop the most secure and convenient product.
A project manager is a professional who provides communication between clients and the team that creates the product. My main tasks as a project manager include the definition and set of tasks, control over their implementation, documentation, and constant communication with the client. For this reason, I constantly transmit, create, and manage a significant amount of documents and confidential information, which must be protected from unauthorized persons. Often this information has commercial value, so its leakage can cause losses to customers and legal consequences for performers. Consequently, one of my concerns as a project manager is knowing secure communication channels and ensuring that they are used correctly.
For this reason, I must be able to assess the security risks and weaknesses of communication channels to prevent their use by intruders. For example, Alali et al. (2018) present a Fuzzy Inference Model for assessing security risks and highlight that the most common threats areas are DoS (and DDoS), malware, web-site defamation, spam, and e-mail phishing attacks. A correct risk assessment by a manager and taking measures to prevent them, for example, training the team and clients using special encryption programs for e-mail and secure communication systems will help keep client information safe. Thus, my other responsibility is to find and prevent all possible causes of information leakage and ensure that all my team members and clients know how to use different pieces of software and web-sites developed for internal communication.
Moreover, this knowledge of data security risk assessment contributes to the correct determination of the client’s needs and the setting of tasks for the team. For example, gadgets connected to smartphones over wireless communication require different security protocols and encryption algorithms than payment systems for online shops. Hence, I, as the project manager, must understand the differences to attract the necessary professionals to the project. In addition, as Haney et al. (2017) note, 90% of organizations turn to cryptographic standards to develop cryptographic implications and often also apply them for product design and testing.
Therefore, knowledge of these standards is necessary for a project manager to monitor team members’ work and report progress to clients. At the same time, knowledge of cryptography is vital for me to explain the features of the product in simple words, since specialists most often use terminology that is unclear and confusing to ordinary users (Haney et al., 2017). Thus, an understanding of the basic data protection processes is necessary for a projector manager to set the tasks for the team correctly.
Another important aspect for a project manager is understanding the basic algorithms and models of data encryption and their differences to find the most suitable option for the client. Patil et al. (2016), in their study, compare the main algorithms of symmetric and asymmetric encryption and demonstrate that they have significant differences affecting the functioning of products. For example, while asymmetric algorithms are considered more secure due to the presence of a private, confidential key, they require more operative memory and more time to encrypt data (Patil et al., 2016).
At the same time, the symmetric AES algorithm requires the highest bandwidth for transmission, which is also difficult and more expensive for some products (Patil et al., 2016). Therefore, this cryptographic algorithm may not be available for some programs due to their limited functionality or the cost of a project. Hence, my knowledge of these differences will help me reduce the number of consultations by specialists and the project planning process, which will decrease the time for its implementation. In this way, customers and the team will be more satisfied with the collaboration due to the reduction of unnecessary discussions.
In conclusion, this review demonstrates that knowledge of basic theories and concepts of cryptography is a necessary skill for me as an IT project manager. The ability to assess security risks allows me to ensure the confidentiality of customer data by providing secure transmission and storage channels. In addition, this skill helps to identify the necessary aspects for inclusion in the development of product safety systems. At the same time, knowing the differences between the main encryption algorithms allows a manager to determine the most suitable option for clients, set tasks for the team, and shorten the period for discussing requirements. Therefore, I will be able direct a team more efficiently and provides high-quality customer service.
References
Alali, M., Almogren, A., Hassan, M. M., Rassan, I. A. L., & Bhuiyan, M. Z. (2018). Improving risk assessment model of cyber security using fuzzy logic inference system. Computers & Security, 74, 323–339. Web.
Haney, J. M., Garfinkel, S. L., & Theofanos, M. F. (2017). Organizational practices in cryptographic development and testing. 2017 IEEE Conference on Communications and Network Security (CNS). IEEE. Web.
Patil, P., Narayankar, P., Narayan D.G., & Meena S.M. (2016). A comprehensive evaluation of cryptographic algorithms: DES, 3DES, AES, RSA and Blowfish. Procedia Computer Science, 78, 617–624. Web.