bloodhound02xOne of the key risk enhancers to many technology projects is the lack of evaluation of the cyber-security risk, introduced to the organization by carrying out the project. If organizations do carry this out it is usually at the end of the project or after the event (if at all). Unevaluated risks could include:

Project Management processes should include formal gateposts built in whereby a security analysis is required to take place. The objectives of the security gatepost in the projects should be:

You must identify issues within change and project management practices related to security controls and implement improvements within those processes.