Theses and Dissertations

Effective Cybersecurity Risk Management in Projects

Date of Award


Document Type


Degree Name




Committee Chair

Jeffrey, Landry, Ph.D.


Project meta-phases describe the life stages in which project and sponsoring organizations are exposed to cybersecurity risk. Three hypotheses were formulated to examine whether cybersecurity risk was evident in each of three project meta-phases. Project assets for a typical information systems project were identified and associated with each project meta-phase. Whitman’s Threat, Vulnerability and Asset (TVA) risk management process was used to create project threat scenarios, which formed the basis of a risk assessment questionnaire. An online tool was used to administer the survey to 66 project and/or cybersecurity professionals. Participants were asked to rate each scenario’s probability of occurrence and potential consequences. ISRAM methodology was used to aggregate responses and estimate resultant risk categories. Both one sample and paired sample t-tests were conducted to examine the meaningfulness of risk in each threat scenario. All three hypotheses, each corresponding to the presence of risk in one of the three project meta-phases, were supported by the sample data analysis. The study is intended to support the broader question of what, for projects, constitutes effective cybersecurity risk management, such as early cybersecurity risk identification and ongoing management throughout the project life stages. This effort also seeks to contribute to the academic study of project risk management and cybersecurity management and provide a practical method for prioritizing and managing project cybersecurity risk.

This document is currently not available here.