Despite the best efforts of federal agencies and the near constant media coverage of threats, most government cybersecurity initiatives remain reactive. Once a threat is detected, agency teams typically scramble to identify the source of the intrusion and take necessary steps to mitigate its impact. The nature of the business can make planning and, therefore, budgeting a seemingly impossible task.
Unfortunately, federal IT security professionals’ and program managers’ hands are tied, thanks to limited budgets and time. They worry about the costs and schedules involved in proactively creating a compelling cybersecurity program. Beyond that, they traditionally have not had the necessary tools to develop accurate estimates of what it will take to create these programs. They have been left only able to make educated guesses that leave them stuck in reactive mode.
Agency project managers need to be able to build and develop their cybersecurity systems just as they would a software project. They need accurate planning and estimation that will allow them to consider timeframes, appropriate staff, potential costs, quality, risk, and other key factors.
QSM’s Proven Estimation Approach Applied to Cybersecurity