IT Project Management for the Self-Service Password Reset Project

Invitees (* indicates unable to attend):

Attendees:

  • Joyce Landreth *
  • Daniel Fisher
  • Karen Herrington
  • Dean Kirstein
  • Brad Tilley *
  • Ken McCrery *
  • Rhonda Randel
  • Kevin Rooney
  • Marc DeBonis *
  • Mary Dunker *
  • Randy Marchany *
  • Wayne Donald *

Agenda

Note: This project follows the IT low risk project form.

  1. Project Time Management
    1. If requirements are complete (i.e., we have defined the scope of the project), then we need a list of tasks to accomplish the requirements, called define activities.
      • I assume the activity list will come from Ken, Daniel, and Kevin???
      • Ideally activities are narrow enough in scope (detailed enough) to be able to give a reasonable duration estimate.
    2. Next we organize activities in an order based on dependencies, called sequence activities.
    3. Next we estimate the type and quantity of resources required, called estimate activity resources.
      • For this project that is primarily human resources costs.
    4. Next we estimate how long it will take to do each activity, called estimate activity durations.
    5. Once the activity durations are in place a network diagram is established that shows project work flow, dependencies, and the critical path.
      • This is optional but is nice from a project management perspective.
    6. Finally, we develop [the] schedule so those doing the work know when their work is supposed to be done.
  2. Project Communications Management
    1. Review and complete the IT Project Communications Plan SSPWDReset-CommunicationsWorksheet.pdf
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/communicationsplan.html)
  3. Project Risk Management
    1. Review and complete the IT Project Risk Management Plan SSPWDReset-RiskWorksheet.pdf
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/riskplan.html)
    2. Review and complete the IT Project Security Plan SSPWDReset-SecurityForm.xls
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/securityplan.html)
  4. Project Quality Management
    1. Review and complete the IT Project Testing Plan SSPWDResetTestingWorksheet.pdf
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/testingplan.html)
    2. If needed, review and complete the IT Project Training Plan SSPWDReset-TrainingWorksheet.pdf
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/trainingplan.html)
  5. Project Human Resource Management
    1. Review and complete the IT Project Resources and Staffing Plan SSPWDReset-ResourcesStaffingWorksheet.pdf
      (blank form is here: https://secure.hosting.vt.edu/www.itplanning.org.vt.edu/pm/resourcesstaffing.html)
  6. Other
    1. Production ownership, support, and maintenance
  • No labels

2 Comments

  1. Greg Kroll

    May 07, 2009

    May 7, 2009 Meeting Notes:

    • We need to create a requirements document before we can discuss activities or tasks. Daniel & Kevin will work on requirements. We recommend reconvening in 2 weeks to discuss a draft of a requirements document. Once all requirements issues and clarifications are complete then activity lists can be generated, durations estimated and a project schedule produced.
    • The scope of this project contains several unknows.
      1. CAPTCHA technology. We do not have experience with this technology. Build or buy decisions?
      2. How extensive are modifications to PIDGEN to incorporate creation of secret questions? Unknown side effects?
    • In light of the comment by the IT Security Office on this wiki, regarding the end result of this project adding risk that does not currently exist, does a decision need to be made on whether to continue with this project?
    • We need to remember that an original requirement for this project is to produce a process that is at least as secure as the current process (for resetting passwords).
    • Since the project management (PM) forms depend on requirements and this project does not have defined requirements, the PM forms shoudl wait until a requirements document is complete.
    • The PM IT Security Form comments have mixed tenses.
    • Daniel & Kevin agreed that a minimum of 2 weeks is required to produce a draft of initial requirements. If next weeks meeting is not needed for another purpose we recommend canceling it.
    • Is there a deadline for completion of this project?
    • Are there any other projects dependent on completion of this project?

  2. Mary Dunker

    May 08, 2009

    I will attempt to answer:

    • Are there any other projects dependent on completion of this project?

    The origin of the project was in response to my understanding (from several years ago) that the Board of Visitors wanted to require people to periodically change their PID passwords -- once a year? The feeling at that time was that the calls to 4Help would be overwhelming if such a password change were mandated with no way to reset them online.  

    • In light of the comment by the IT Security Office on this wiki, regarding the end result of this project adding risk that does not currently exist, does a decision need to be made on whether to continue with this project?

    The Security Office wisely recommends incorporating monitors and limits for resets into the requirements in order to mitigate any potential security threats. Risks of an online process and risks of the current telephone process have been documented. If the Security Office is supportive of the project and the sponsors wish to continue it, further discussion of the value of the project seems counter productive. If, on the other hand, the Security Office believes further dicsussion of the value of continuing the project is needed, then lets' have those discussions now, before resources are expended to produce a requirements document for a project that may not go forward.

    I recommend we get clarification from the Security Office, and if further discussion is needed, we use the May 14 meeting for that purpose. I will not be able to meet on May 21 meeting; Daniel may be absent as well.