Study goals
Understand and organize the different steps and information required to implement a proper cybersecurity strategy, thus, considering the different concepts of the project management field to plan and execute the deployment of new protections according to the demands and requirements of companies.
Relevance / originality
A multidisciplinary approach based on the main steps and information required to simplify the adoption of cybersecurity strategies while optimizing the time and resource usage during the planning and execution of projects to deploy new protections in a company.
Methodology / approach
Mapping of the processes, stakeholders, and critical information for the definition of cybersecurity strategies, followed by a literature review of approaches exploring project management in cybersecurity. Next, the SECProject framework is proposed and evaluated by taking all mapped elements into account.
Main results
The SECProject framework is presented as the main result. The framework, supported by key project management concepts, defines the steps and information required for planning and deploying cybersecurity strategies in companies. Also, the economic aspects of cybersecurity are investigated and considered.
Theoretical / methodological contributions
Mapping all steps for the definition of the project requirements, threat analysis, cost management, risk management, and execution of a project for the deployment of cybersecurity strategies in SMEs. The relevant steps and information are detailed and considered in the SECProject framework.
Social / management contributions
Mapping the steps for defining the project requirements, threat analysis, cost management, risk management, and execution of a project for deploying cybersecurity strategies in SMEs. Using the SECProject, companies without technical expertise can reduce their business risks and optimize their investments.