Measuring the implementation of best practices for project security
MetadataShow full item record
The information presented in this thesis follows earlier research initiated by the National Institute of Standards and Technology (NIST) in conjunction with the Construction Industry Institute (CII). The thesis documents observations derived from the execution of project security practices and details the degree of practice implementation in accordance with the 9-step process defined in Implementing Project Security Practices (CII Implementation Resource (IR) BMM-3). Face-to-face interaction with project teams served to inform them of the security practices and increased their awareness of the implementation process. The teams used the Security Rating Index (SRI) on current and completed projects to quantitatively assess the level of security practices use. During preparation for these assessments, the need for a systematic process evaluating project threat and consequence levels required for the use of the SRI was identified and developed. The process followed in the research enabled the collection of project data through a facilitated approach for comparison to previously collected data that did not have the benefit of face-to-face interaction. Through actual project level observations, this research records a team's ability to implement the practices and develops lessons learned for better integrating the security practices into the project delivery process.