Project Management Overview

Questions and Answers

What is the primary difference between a Business Case and a Project Charter?

A Business Case justifies the monetary or business gain from a project, while a Project Charter authorizes the project manager to use company resources.

List the six project constraints mentioned in project management.

Scope, Time, Cost, Quality, Risk, Resources.

What is the purpose of a Stakeholder Register in project management?

The Stakeholder Register records all stakeholders involved in the project and orders them based on their impact and interest.

Explain the term 'Project Management Framework'.

A Project Management Framework is a structured approach that outlines the processes and methodologies to manage a project effectively.

Define the term 'Portfolio' in the context of project management.

A Portfolio focuses on managing all projects and programs to achieve broader strategic objectives of an organization.

What are the five Process Groups in project management?

Initiating, Planning, Executing, Monitoring & Controlling, and Closing.

What is the role of the Assumptions Log in a project?

The Assumptions Log records any assumptions or constraints related to the project.

What is the significance of 'Requirements Gathering' in Scope Planning?

Requirements Gathering identifies what stakeholders need from the project, ensuring that the project scope aligns with their expectations.

What does the acronym DREAD stand for in threat modeling?

DREAD stands for Damage, Reproducibility, Exploitability, Affected Users, and Discoverability.

Explain the difference between an MVP and an MMP.

An MVP (Minimum Viable Product) focuses on features that provide early customer feedback, while an MMP (Minimally Marketable Product) includes core functionalities necessary for marketing the product.

What are the key components of the LINDDUN privacy threat modeling framework?

The key components of LINDDUN are Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance.

In the MoSCoW prioritization technique, what does the term 'Must' signify?

'Must' signifies requirements that are critical and must be implemented for the project to succeed.

What is the purpose of the Definition of Done (DoD) in Agile?

The Definition of Done (DoD) ensures that tasks meet specific criteria like peer review, unit testing, and acceptance criteria before they are considered complete.

What are the four key concepts defined under risk in the context of security?

The four key concepts are asset, threat, vulnerability, and weakness.

How does the principle of least privilege contribute to security?

The principle of least privilege ensures users have the minimum level of access necessary to perform their duties.

What is the purpose of security by design?

Security by design aims to guide security design decisions to meet the system's security goals.

Define the term 'vulnerability' in a security context.

A vulnerability refers to a weakness or gap in protection efforts that can be exploited by threats.

What is a core aim of the CIA Triad?

The CIA Triad aims to ensure confidentiality, integrity, and availability of information.

List one mitigation strategy for unauthorized data access.

Data encryption is a key strategy to prevent unauthorized access to sensitive data.

What does STRIDE stand for in security threat modeling?

STRIDE stands for Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Elevation of Privilege.

What is the main purpose of logging and monitoring in security?

The main purpose of logging and monitoring is to maintain detailed logs for audit trails and security analysis.

What role does threat modeling play in software design?

Threat modeling helps identify potential threats and weaknesses in a system's design.

How can periodic audits enhance security in an organization?

Periodic audits help identify and correct unnecessary privileges and access rights.

What is the purpose of a non-repudiation service?

A non-repudiation service ensures that actions cannot be denied by the users who carried them out.

Why is multi-factor authentication recommended for spoofing mitigation?

Multi-factor authentication adds extra layers of verification, making unauthorized access more difficult.

What distinction does penetration testing have in the SDL process?

Penetration testing identifies vulnerabilities through simulated attacks on the system.

Explain the term 'data flow diagram' in the context of threat modeling.

A data flow diagram describes how data flows through a system, highlighting potential vulnerabilities.

What is a scope statement in project management?

A scope statement describes the product characteristics, requirements, user acceptance criteria, and deliverables of a project.

What is the difference between deliverables and activities in a project?

Deliverables are the outputs of a project, while activities are the specific actions taken to produce those outputs.

Define critical path in project management.

The critical path is the longest sequence of tasks in a project that determines the shortest possible completion time, with no delays allowed.

What are fixed costs and variable costs in project management?

Fixed costs remain constant regardless of project activity while variable costs fluctuate based on the level of work completed.

What purpose does a Risk Register serve in a project?

A Risk Register identifies potential risks along with their categories, severity, and root causes, facilitating better risk management.

What is the purpose of resource planning in project cost management?

Resource planning determines what resources are needed based on project objectives and scope, ensuring efficient resource allocation.

How does quality assurance differ from quality control?

Quality assurance focuses on the processes that ensure quality standards are met, while quality control monitors results to identify and correct defects.

What is a RACI chart and its significance?

A RACI chart outlines who is Responsible, Accountable, Consulted, and Informed for tasks in a project, clarifying roles and responsibilities.

What does the term 'float' or 'slack' refer to in project scheduling?

Float or slack refers to the amount of time that a task can be delayed without affecting the project's overall completion date.

What is the purpose of the milestone list in project scheduling?

The milestone list identifies significant points or events within a project, aiding in tracking progress and project accountability.

What is the main goal of cost budgeting in project management?

The main goal of cost budgeting is to create a cost baseline for measuring and monitoring project cost performance.

What are parallel activities in project management?

Parallel activities are tasks that can occur independently or simultaneously without waiting for each other to be completed.

What is the purpose of cost control in project management?

Cost control monitors project expenditures to ensure that they align with the established cost baseline and budget.

Explain what management reserves are in project cost management.

Management reserves are funds set aside to cover unknown risks that may arise during the project.

Flashcards

Project

A temporary endeavor undertaken to create a unique product, service, or result.

Operation

A regular endeavor to sustain the business.

Business Case

A document that identifies the reason for initiating a project, outlines the value/benefit, and what it is designed to solve.

Project Charter

A document that contains all necessary information to authorize a project manager to use a company's resources to perform the project.

Process Group

A series of actions directed towards a particular result within a project, like initiating, planning, executing, monitoring & controlling, and closing.

Assumptions Log

Records any assumptions or constraints related to a project.

Stakeholder Register

A list of all stakeholders involved in the project, ordered by their impact and interest.

Requirements Gathering

A method for gathering requirements for a project, similar to agile backlogs.

Scope Statement

A document that describes the product's characteristics, requirements, user acceptance criteria, and deliverables.

Work Breakdown Structure (WBS)

The breakdown of a project into the smallest deliverable pieces, called work packages.

Project Schedule

The process of outlining all the tasks required to complete a project, their duration, and their sequence.

Activity (Project Management)

An element of a project that requires time to complete.

Parallel Activities

Activities that can occur independently and simultaneously if desired.

Merge Activity

An activity that depends on two or more preceding activities.

Burst Activity

An activity that has more than one activity immediately following it.

Milestone

A specific point in time when an activity starts or completes, but doesn't consume any time.

Float/Slack

The difference between the earliest and latest start/finish dates of a task.

Critical Path

The longest path through the project, with no room for delays.

Cost Management

The process of planning, estimating, budgeting, and controlling the costs of a project.

Fixed Costs

Costs that remain constant regardless of the project's size or activities.

Variable Costs

Costs that change based on the project's activity level or output.

Cost Baseline

A baseline for comparing actual project costs to the planned budget.

Quality Planning

A plan that ensures the project meets predefined quality standards and requirements.

Vulnerability

Any weakness or gap in our security measures that could be exploited by a threat.

Risk

The potential for loss, damage, or destruction of an asset due to a threat exploiting a vulnerability.

Design Principle

A high-level guideline that informs good software design practices. Examples include least privilege, defense in depth, and secure by default.

Threat Modelling

A process for identifying, mitigating, and validating security threats to an application.

SDL (Secure Development Lifecycle)

A systematic approach to building secure software throughout its lifecycle. Includes phases like training, requirements, design, implementation, verification, release, and response.

Confidentiality

Ensuring data is only accessible to authorized users.

Integrity

Verifying that data or activity is authentic and hasn't been modified.

Availability

Guaranteeing authorized users can access data or functionality whenever they need it.

Identification

A fundamental security control that assigns unique identifiers to users in a system.

Authentication

A security control that allows users to prove their identity.

Authorization

A security control that grants access rights based on a user's verified identity.

Logging

A security control that records events and actions performed by users in a system.

Auditing

A security control that reviews and analyzes logged events to understand past activity and identify potential threats.

Data Flow Diagram

A diagram that describes the flow of data within a system.

Sequence Diagram

A diagram that shows interactions of system components in a sequence.

What does LINDDUN stand for?

A privacy threat modelling framework that examines seven key privacy risks: Linkability, Identifiability, Non-repudiation, Detectability, Disclosure of information, Unawareness, and Non-compliance.

What is an MVP?

A software release that includes the core features necessary to get early customer feedback. It's a basic version used for testing and gathering user insights.

What is an MMP?

A list of features that form the core functionality of a product. It includes the essential aspects for the product to be marketable.

What is MoSCoW prioritization?

A method of prioritizing requirements based on their importance. Requirements are categorized as Must (essential), Should (highly desirable), Could (nice to have), and Will Not (not considered).

What does DREAD stand for?

A framework to assess the severity of security vulnerabilities. DREAD stands for: Damage (impact of exploitation), Reproducibility (ease of exploitation), Exploitability (technical complexity), Affected Users (number of people affected), Discoverability (ease of detection).

Study Notes

Project Management

• Project: A temporary endeavor designed to produce a unique product, service, or result.
• Operation: Ongoing activities performed to sustain a business.
• Project Constraints: Factors that restrict a project's execution, including scope, time, cost, quality, risk, and resources.
• Project Management: The application of knowledge, skills, tools, and techniques to achieve project objectives.
• Project Management Frameworks: Systematic approaches for managing projects.
• Stakeholders: Individuals or groups affected by or involved in a project.
• Process Groups: Sequential steps within a project, like initiating, planning, executing, monitoring & controlling, and closing.
• Knowledge Areas: Essential skills and expertise required for project management.
• Programme: A group of related projects managed together to achieve a larger goal.
• Portfolio: A collection of projects and programmes managed to achieve broader organizational strategies.

Project Artefacts and Documentations

• Business Case: A document justifying a project's initiation, outlining value and goals. Used for high-level project justification to stakeholders.
• Project Charter: A document authorizing a project manager to use resources. Includes high-level project descriptions and project personnel, justifying company investment.
• Initiation Process: Steps involved in starting a project, such as creating a project charter, assumption log, stakeholder register, and kick-off meeting.
• Assumptions Log: Records assumptions about a project, including potential constraints.
• Stakeholder Register: A record of all key stakeholders, prioritized by interest and impact.

Scope Planning

• Scope Management: Overall approach for defining and controlling the project scope.
• Requirements Gathering: Collecting information and specifications from stakeholders about the project. Similar to Agile backlogs.
• Define Scope: Defining product characteristics, requirements, and deliverables — including acceptance criteria.
• Work Breakdown Structure (WBS): Breaking down a project into smaller, manageable tasks.
• Scope Structure: A definition of scope deliverables, exclusions, constraints, assumptions, and acceptance criteria.

Project Schedule

• Project Schedule: Details regarding project tasks, duration, and sequences to complete the project.
• Identification of Activities: Breaking down work packages into individual tasks.
• Sequencing of Activities: Determining the dependencies between tasks.
• Activity List: A comprehensive list of all activities with definitions and unique IDs.
• Activity Attributes: Detailed specifications for every activity (predecessors, successors, dependencies, resources, constraints, imposed dates).
• Milestone List: Key events or stages in the project with no assigned time to complete.
• Network Diagrams: Visual representation of activity dependencies and task sequences. (e.g., AON Diagrams)
• Program Evaluation and Review Technique (PERT): A method for project scheduling and risk management

Cost Management

• Resource Planning: Identifying resources based on project objectives and scope.
• Cost Estimation: Determining project costs, including fixed (e.g., equipment) and variable (e.g., workforce) costs.
• Cost Budgeting: Creating a cost baseline for monitoring and control.
• Contingency Reserve: Funds for known project risks.
• Management Reserve: Funds for unexpected risks.
• Cost Baseline: Sum of all work packages' cost estimates and associated contingency reserves.
• Project Budget: Summation of the cost baseline and management reserves.

Quality

• Quality Planning: Process of defining quality standards and objectives.
• Quality Assurance: Activities to ensure adherence to defined quality standards.
• Quality Control: Evaluating the delivered project to ensure adherence to quality standards and measure the project against the desired objectives.
• Cost of Quality: Costs associated—preventing quality issues versus their detection and correction.

Resource and Communication Management

• Project Organizational Chart: Representation of project team members and roles.
• Responsibility Matrices (RACI charts): Tables that show project task ownership and stakeholder involvement.
• Resource Histograms: Charts of required resources overtime in a project.
• Activity Resource Estimation: Quantifying the specific resources needed for each project activity.
• Communications Planning: Strategies for communicating project progress and information to stakeholders.

Risk Management

• Risk Register: A document outlining identified risks.
• Risk Analysis: Evaluating the impact and probability of risks.
• Responding to Risks: Strategies for dealing with identified risks (avoidance, mitigation, transfer, acceptance).

Contract Types

• Cost Plus/Cost Reimbursable Contract: Buyer pays actual cost plus profit.
• Fixed Price/Lumpsum Contract: Buyer pays a fixed price.
• Rate Contract: Buyer/Seller agree on a rate per unit of work.

Monitoring and Control

• Monitoring: Tracking project progress against objectives.
• Control: Taking action when deviations from the project plan occur.
• Corrective actions: Addressing issues to return to the project plan.
• Preventative actions: To fix the cause and avoid repeating problems.

Secure Development

• Asset: Anything that must be protected.
• Threat: Any element that could compromise or damage an asset.
• Weakness: A flaw or vulnerability within a system or process.
• Vulnerability: A flaw in protection systems that allows a threat to succeed.
• Risk: The potential of loss linked to successfully exploiting vulnerabilities by threats.
• Security by Design: Approach of incorporating security in the system’s design.
• Design Principles: Guiding principles for secure system design. (e.g., least privilege, defence in depth, secure by default)
• Secure Development Lifecycle (SDL): Applying security considerations throughout the software development lifecycle.
• Threat Modelling: Identifying potential threats and vulnerabilities.
• STRIDE: A threat modelling framework identifying specific types of threat vectors as spoofing, tampering…
• DREAD: Framework for rating severity of security risks
• LINDDUN: Framework for privacy considerations.
• CIA Triad: Confidentiality, Integrity, Availability – Core tenets of information security.
• Fundamental Security Controls: Identification, Authentication, Authorization, Logging, Auditing.

Agile

• Definition of Done (DoD): Criteria for marking a task completed in Agile methods.
• Kanban: Agile method focused on visualizing work flow and continuous improvement.
• Minimum Viable Product (MVP): Basic version of a product launched with core features.
• Minimum Marketable Product (MMP): Product features considered essential for market launch.
• User Stories: Descriptions of desired product functionalities from a user perspective.
• MoSCoW Method: Prioritization technique categorizing requirements as must-have, should-have, could-have, and won’t-have.

Integration Planning

• Project integration planning: Activities that coordinate and ensure all different plans and features of the project work together.

Description

Dive into the fundamentals of project management with this quiz. Explore key concepts such as project constraints, stakeholder involvement, and different management frameworks. Test your knowledge on process groups and the skills required for effective project execution.