Managing a Firewall upgrade project using COBIT

I was asked to analyse a case scenario to manage a project - for firewall upgrade. The case description was as below :

You have had a permanent position at the ITS department at NMIT for around a year, within firewall configuration and maintenance. You are therefore already familiar with the procedures and the structure of the department.

You are now approached by your team leader because the ITS department is planning to implement a new firewall product, and he knows that you recently have taken a level 8 IT security project management course. Therefore, you would be a potential manager candidate for the project.

As you already know your team leader, and he knows that you master the tasks you are doing presently, the interview is not a job interview, and you don’t have to worry about losing your present position. But you would obviously like to advance your career and convince him about your capabilities in project management.

The suggested approach for managing the provided project would be as illustrated below :

1. Initiating the project

This involves understanding the short-comings in the existing firewall implementation, and the benefits of upgrade. The next step would be to understand and estimate the level of acceptance from the people in the organization for the project, followed by stake-holder analysis.

2. Methodology Level :

Since the proposed project has a lifecycle and process flow, COBIT framework would be the best pick for this.

As the project is for the firewall implementation; we could use the BAI (Build, Acquire and Implement) process. As a project manager, I would consult a COBIT implementer to understand the processes and sub-processes which could be used for the project.

3. Method :

Now we have the framework , and the next phase would be to estimate the processes which would be best suited for the proposed project.

a. BAI01 :- Manage programs and projects

This process has its own sub-processes which can be well used for the project management. As an alternative, COBIT gives the flexibility to incorporate other project management frameworks in this particular phase. If the choice is to use a well versed PM framework, DEVOPS would be a good choice here; as the development and operation can go well in tandem.

b. BAI04 :- Manage availability and Capacity

Required sub-processes should be chosen such that the Availability and Capacity of the new firewall could be managed.

c. BAI06 :- Manage Changes

d. BAI07 : Manage change acceptance and Transitioning

e. BAI08 :- Manage knowledge (to record the information through a knowledge base; this is an optional process)

f. BAI10 :- Manage configuration; to record the firewall configurations.

4. Software Tools :

Few of the software tools which could be used for Project management would be

a. Work breakdown structure

b. Gantt chart.

c. Change management and Release management (IT service management)

d. Configuration management database and knowledge base (IT Service management)

e. Feed-back mechanism - through surveys and questionnaires.