Network Security


Network Security

Historical and Cultural Analysis

Until recently in the United States (US) and around the world, internet technology companies were not considered to have any historical presence, however Normandin Street has been in business is the early days of information security. The first known computer virus was unleashed on the Arpanet in the 1970s and later released on the internet in the 1980s. Known as The Creeper it displayed, “I’m the creeper, catch me if you can”! (Creeper, 2019). A quarter-century later, computer viruses have become a pandemic for which there is no vaccination.

Historical and Cultural Analysis

Many consider information security to be an issue of the modern day and a byproduct of computer use, however it has been used throughout history.  From wax, seals, and secret messengers, documents were protected against security risks.

One form of secret writing used by both the British and American armies was invisible ink. During the Revolutionary War, invisible ink usually consisted of a mixture of ferrous sulfate and water. The secret writing was placed between the lines of an innocent letter and could be discerned by treating the letter with heat or a chemical substance. The recipient placed the paper over the flame of a candle or treated it with a chemical reagent, such as sodium carbonate, which would reveal the letter’s hidden contents. Acquiring intelligence about troop movements, supplies, and battle plans was General Washington’s highest priority. Washington suggested that reports could be written in the invisible ink “on the blank leaves of a pamphlet. . . a common pocket book, or on the blank leaves at each end of registers, almanacks, or any publication or book of small value” (Spy Techniques of the Revolutionary War, n. d.).

Companies such as Normandin Street consider the internet to be a worldwide resource that needs to be protected for all users, not just a specific segment of users. The internet is worldwide, so Normandin Street’s compatibility with all types of information and cybersecurity is universal.  As the company is already tapped into international markets, it makes sense to move into the US market for the next growth segment. At Normandin Street, we believe that we can offer protection like no other company because we have a homegrown understanding of international threats. Most threads today are not developed in the US but are developed in countries like Russia and China. As Normandin street is based in several countries, we believe that we are uniquely positioned to protect US users.

Normandin Street is developing artificial intelligence that operates in the binary code of devices. We believe that this will help deal with the shortage of cyber security professionals. With a current estimated 350,000 open cyber security positions in the US, and a predicted global shortfall of 3.5 million cyber security jobs by 2021 (Morgan, 2017). Artificial intelligence may take the lead in protection on the internet in the coming years. By developing artificial intelligence that can protect binary code we believe that we are taking the lead and protecting the free market.  It only makes sense to also protect the leader of the free world that is considered to be the US.

The biggest struggle that Normandin Street will face as we attempt to enter the US market is the fact that we are an international internet security company we may be a threat to US securities. However, we feel that we have sufficient core values that aligned themselves with American beliefs.

Normandin Street feels that the internet needs to remain free and clean for all views as a democratic society. We are committed to keeping the internet free and open so that users can express their views freely and openly just as the settlers in the new world did without fear of repercussion.

The First Amendment to the United States Constitution protects the freedom of speech and expression against all levels of government censorship. This freedom and protection is an essential component of the American experience and allows our country to have the arguably most diverse population in the world. This protection extends to cyberspace and thus there is relatively minimal governmental technical filtering of online content in the United States” (US Censorship Policy, n.d.).

Governments censor internet content and examine the consequences of such amendments to free speech, including effects on the vast amounts of information dispersed online and reactions from the hundreds of millions of Internet users. At Normandin Street, it is not about censorship, it is about safety. Keeping the internet and information safe in cyberspace is our goal.



Creeper: The world’s first computer virus. (2019, March 5). Retrieved July 8, 2019, from Exabeam website:

Morgan, S. (2017, May 31). Cybersecurity jobs report 2018-2021. Retrieved July 8, 2019, from Cybercrime Magazine website:

Spy techniques of the revolutionary war. (n.d.). Retrieved July 13, 2019, from George Washington’s Mount Vernon website:

US censorship policy. (n.d.). Retrieved July 8, 2019, from Free Express VS Social Cohesion website:

Network Security

Privacy NOW!

The Normandin Street, LLC Privacy NOW! Communications Plan will provide an approach for communications and support for the Privacy NOW! project. Normandin Street is undergoing a network renovation with the Privacy NOW! Platform. The Privacy NOW! platform provides true integration and automation across an organization’s security infrastructure, delivering unparalleled protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises.

The purpose of this document is to facilitate centralized communications between all identified project audiences.  Combining the audience’s needs with methods for standardizing communications will enable processes for conveying project awareness, status, and issues and provide a means for feedback.

Various types of information are being communicated throughout the life of the Privacy NOW! project.  For the purpose of this project four types of information categories have been determined: 

The Privacy NOW! audience has been broken into four broad categories:

A detailed matrix has been created to match audiences with the appropriate type of information.  Frequency and media have also been identified for each type of communication.  The communications matrix will serve as the foundation of who, what, where, when, why and how the Privacy NOW! project team will communicate with project stakeholders.

Project description

Normandin Street is undergoing a network renovation with the Privacy NOW! Platform. The Privacy NOW! platform provides true integration and automation across an organization’s security infrastructure, delivering unparalleled protection and visibility to every network segment, device, and appliance, whether virtual, in the cloud, or on-premises.

Communication Objectives

The objective of this document is to provide support to the Privacy NOW! Project team by:

The Audience

Four broad audiences have been identified for the purpose of communications: the Core Team, Extended Team, Normandin Street, LLC and Fortinet, Inc.

Core Team

The Core Team consists of individuals that comprise the Privacy NOW! Project Team.  This audience communicates Privacy NOW! project specific information on a daily basis.  In addition, this audience category is often the source of Privacy NOW! information needed for communicating with the other audience categories.  The Privacy NOW! Team includes a number of sub-categories.  These sub-categories represent the ways in which the Privacy NOW! Core Team organizes itself to accomplish various activities.

The Privacy NOW! Core Team sub-categories include:

Privacy NOW! Extended Team

The Privacy NOW! Extended Team consists of individuals who spend time on the Privacy NOW! project, but maintain full time positions elsewhere in [Agency’s Names].

The Privacy NOW! Extended Team sub-categories include:

  • Leadership Committee

Normandin Street, LLC

The Normandin Street, LLC audience consists of all Normandin Street, LLC employees.  This audience is primarily concerned with Privacy NOW! education and general information related to action needed.  In addition to addressing the category as a whole (all Normandin Street, LLC employees), a number of sub-categories exist to meet specific communication needs. 

The Internal Normandin Street, LLC sub-categories include:

Fortinet, Inc.

The Fortinet, Inc. audience includes groups that exist outside the Normandin Street, LLC organization that may have an interest in Normandin Street, LLC Privacy NOW! project.     

The Fortinet, Inc. sub-categories include:

Information Categories

The information needs of the specific audiences determined the types of information that needs to be communicated.  Given the large number of identified audiences, it was difficult to find universal information that would satisfy the communications needs of all audience categories.  A number of different types of information were identified and then categorized by the nature of the information (see Appendix A for a detailed outline of each information type).  The communication information list describes the type of information, but does not necessarily define the specific forms (i.e. layout) or message.  Specific message definition and form will be developed for each identified communications type.  In addition, as the need arises, new types of information will be added to the communication plan.  The following is a detailed list of the types of information: 

Project Execution

The information pertaining to the day-to-day project procedures ;(Project plans and schedules, testing strategy, administrative activities, project staffing, team building activities, etc.).  

Privacy NOW! Project Status

Describe the project status, progress and those issues and risks that may impede progress.

Project Awareness Information

Describe Information pertaining to the Privacy NOW! project as well as other related projects.

Privacy NOW! Generic Information

Information regarding Privacy NOW! efforts outside of Normandin Street, LLC (ex. popular press articles)

Levels of Information / Communication

Depending on their level of involvement in the project and its impact on their work, all Normandin Street, LLC employees from top management to front line associates; as well as vendors, suppliers and other business partners should be provided with the appropriate level of project detail.  Two levels of information have been established: For your Information (FYI) and For Your Action (FYA).

Communication Matrix

The communications matrix matches the various types of information with the appropriate audiences.  In addition, the matrix identifies the communications frequency and medium for the information, by audience.  The matrix format is dynamic in that it allows for changes in types of information received, how often and in what format.

A significant amount of the information communicated is focused within the Privacy NOW! Project Team.  The reason for this focus is predicated on the fact that a well-informed team is better prepared to effectively communicate the strategy, goals, objectives and status of the Privacy NOW! efforts.  In addition, the majority of the communications information originates within the team.  Therefore, effective communications within the Privacy NOW! Project Team contributes to the success of the communication efforts with the other audiences.

The following key identifies the various frequency and media options for communications.    

Communications Frequency
Upon Document Publications
As needed
Upon Joining Project


Communications Media
Lead Agency Publications
Documents / Presentations
Electronic Mail
Web Site
Voice Mail
Tele/Video meeting

Privacy NOW! Core Team

Topic Information Venue / Media Frequency Purpose
Project Execution / Status Core team project accomplishments, project progress, issues and challenges Project Team Lead Meeting / Individual Team Meeting Daily FYA
Status High-level project status / progress (Weekly Highlights) Electronic Mail Weekly FYI / FYA
Project Execution Issues and challenges Project Office Meeting Weekly FYA
Status Detailed project progress Status Report (written document) BI-Weekly FYI / FYA
Status Overview of project progress Monthly Extended Team Status Meeting / e-mail Monthly FYA / FYI
Status High-level project progress All Hands Meeting Quarterly FYI
Generic Information / Status Popular Press Articles on the industry progress related to Privacy NOW! Privacy NOW! Web Page / e-mail On going FYI

Privacy NOW! Extended Team

Audience: Leadership Team, Steering Committee, Various Lead Agency business areas

Topic Information Venue / Media Frequency Purpose
Status High-level project status / progress (Weekly Highlights) Electronic Mail Weekly FYI / FYA
Project Execution Review project focus and gain guidance from team Leadership Team Meeting Weekly – Specify day/time FYI / FYA
Status A reporting session covering key points in the project.  Confirm direction; cultivate sponsorship and report status, findings and issues. Steering Committee Meeting – Monthly Specify time/day of the month Update / FYI
Status Senior Executives high-level update of the project progress Existing executive meeting Monthly FYI
Status Overview of project progress Monthly Extended Team Status Meeting / e-mail Monthly – Specify day/time FYA
Status A high-level update of project status All Hands Meeting Quarterly FYI
Generic Information / Status Popular Press Articles on the industry progress related to Privacy NOW! Web Page / Bulletin Boards On going FYI

Internal Normandin Street, LLC

Audience: Department Heads and Managers of Key Departments, All other Normandin Street, LLC Employees

Topic Information Venue / Media Frequency Purpose
Awareness Status and upcoming events Monthly Extended Team Status Meeting Monthly FYI
Awareness Questions related to the Privacy NOW! Project Privacy NOW!  Hotline / e-mail Ongoing FYI
Awareness General Privacy NOW! information Lead Agency Publications (Courier) Monthly FYI
Status Senior Executives high-level update of the project progress Existing executive meeting Monthly FYI
Generic Information / Status Popular Press Articles on the industry progress related to Privacy NOW! Web Page / e-mail Ongoing FYI

External [ Company such as a vendor ]

Audience: Suppliers, IT Vendors, Out-tasking Vendors, Normandin Street, LLC Customers, Non-Product Suppliers and Vendors, Competitors, Investors and Regulatory Agencies

Topic Information Venue / Media Frequency Purpose
Awareness / Status High-level project status One page update (flyer format) – mailed or electronically sent  Quarterly FYI
Awareness High level project accomplishments / progress / issues Meeting / Conference call with IT vendors project managers As needed FYI
Awareness Privacy NOW! progress information as required by regulatory agencies As requested Quarterly FYI
Generic Information Popular Press Articles on the industry progress related to Privacy NOW! Mail / FAX copy of the article As needed FYI

Communications Media / Venue Description


As a result of the magnitude of meetings necessary to manage the Privacy NOW! project, the following section has been designed to outline the meetings necessary for effective project coordination.  

The following formal meetings will be used:      

  1. Steering Committee Meeting (monthly)
  2. Executive Update (monthly)

Meeting Plan

This section describes each meeting type, its objective, format and expected duration.

Daily / Weekly Meetings

Meeting Monday Tuesday Wednesday Thursday Friday
Team Leads Specify time Time Time Time Time
Individual Team Meetings are Scheduled by the Team Leads (daily)          
Project Office          

Additional Meetings

Extended Team Status Specify day/time
Steering Committee Specify day/time
Executive Update Specify day/time.  Content is due the week prior
All Hands Meeting Quarterly
Orientation As needed
Team Training As needed

1.  Team Leads Meeting

Description:       A daily meeting in which the team leads review their progress and any outstanding issues

Objective:            To resolve issues and update team on the project status

Format:               A brief meeting.

Participants:         Leads from:        

Frequency:          Daily

Duration:             15 – 30 minutes

Owner:                Project Manager

2.  Individual Team Meeting (daily)

Description:      An opportunity for each sub team to discuss the outcome of the team lead meeting.

Objective:          To resolve issues and update team on the project status.

Format:              A brief meeting

Participants:       Team members from:

Frequency:         Daily

Duration:            15 to 30 minutes

Owner:               Team Leads

3.  Project Office Meeting (weekly)

Description:       A discussion regarding project management, administration and personnel related issues.

Objective:          Resolve any staffing, work order, personnel related issues

Format:              Meeting

Participants:       Project Office Leadership Team

Frequency:         Weekly

Duration:            1.5 to 2 hours

Owner:               Project Manager

4.   Leadership Committee Meeting

Description:    Receive weekly focus and guidance from the leadership committee.

Objective:          Make decisions regarding issues and priorities and refine strategy, direction and focus.

Format:              Roundtable with a predefined but free form agenda focused on issues.

Participants:       Project Managers, Project Executive and Leadership Committee

Frequency:         Weekly

Duration:            1.5 hours

Owner:               Project Office Manager and Project Managers

5.   Steering Committee Meeting

Description:       A reporting session for the steering committee at key points in the project.

Objective:          To confirm direction, cultivate sponsorship, report on status, findings and issues.

Format:              Formal presentation to the committee.

Participants:       Project Managers and Project Executive.

Frequency:         Monthly.

Duration:            2 hours.

Owner:               Project Office Manager.

6.   Monthly Extended Team Status Meeting

Description:       An opportunity for all members of the Core Team to discuss progress and project related issues.

Objective:          To rapidly communicate both direction and feedback and to ensure that all team members are focused and working toward a common objective.

Format:              Brief presentation from team leads followed by announcements, questions and comments.

Participants:         The entire Core Team

Frequency:          Monthly

Duration:             2 hours

Owner:                Project Office Manager / Project Manager

7. Executive Update Meeting

Description:       A high level report on key points in the project based on latest Steering Committee Meeting.

Objective:            To confirm direction, cultivate sponsorship, report on status, findings and issues.

Format:               Discussion of Privacy NOW! issues.

Participants:         Project Managers, Project Executive, and Senior Leadership of Normandin Street, LLC.

Frequency:          Monthly.

Duration:             30 minutes.

Owner:                Project Manager / Project Executive


8. All Hands Meeting / e-mail

Description:       An update on the Privacy NOW! project and any related projects

Objective:            To give all Normandin Street, LLC employees an opportunity to ask questions regarding the key IT projects.

Format:               A large meeting

Participants:         Anyone who is interested in Privacy NOW! and the related projects.

Frequency:          Quarterly.

Duration:             2 hours.

Owner:                Project Office Manager.

9. Orientation Meeting

Description:       Formal launch of the project for team members.

Objective:          To convey the project mission and schedule, educate on administrative matters and build a sense of “team”.                     

Format:              Small group(s)

Participants:       Project Office representative and team leader from specific work group.

Frequency:         As new members join the team

Duration:            8 hours.

Owner:               Project Manager

10.  Team Training Meeting

Description:       Formal classroom style team training.

Objective:          Educate the team on the project methodology.

Format:              Classroom formats multiple instructors.

Participants:       New team members.

Frequency:         As needed when new members join the team.

Duration:            4 hours.

Owner:               Project Manager

Aside from meetings, the Privacy NOW! team is leveraging numerous media / venue forms to communicate with individuals both inside and outside of Normandin Street, LLC.

Web Page

Description:       The Privacy NOW! project will have a web page on the Normandin Street, LLC intranet, which contains high level information regarding project status, progress, accomplishments and issues.  The Privacy NOW!home page will be linked to sub-pages maintained by leads from each area.           

Objective:          An easy venue to access data repository for project status, upcoming dates and specific applications data.

Format:              The Privacy NOW! home page is linked to the Normandin Street, LLC intranet home page.

Participants:       All content must be approved by the communications manager (the project office) and then sent to corporate communications for final approval prior to posting to the web page. 

Frequency:         Team leads will make updates weekly from each of the major areas

Duration:            On going.

Owner:               Communications Manager / Project Manager / Corporate Communications and the individual team leads.

Lead Agency Publications (Courier Articles)

Description:  A high-level, non-technical overview of the Privacy NOW! project and its impact on Normandin Street, LLC.

The article will discuss issues such as:

Objective:  An easy way for all “front line” employees to understanding the Privacy NOW! project from a non-technical perspective.

Format:              A brief article in the Normandin Street, LLC agency newspaper.  

Participants:         All Normandin Street, LLC employees who choose to read the Courier.

Frequency:          As needed

Duration:             N/A.

Owner:                Communications Manager / Project Manager / Corporate Communications for approval.

Team Building Events

Description:       An opportunity for team members to “hang out” in an informal atmosphere.

Objective:          Have fun and build the team cohesiveness.

Format:              Activity typically off-site  (e.g. happy hour, bowling, lunch out, skiing, etc).

Participants:       All core and extended team members.

Frequency:         Monthly or BI-monthly

Duration:            4 to 6 hours

Owner:               Project Manager

Privacy NOW! Hot Line 

Description:       A phone mail extension or email address where Normandin Street, LLC employees can inquire about Privacy NOW! related questions.  All inquires will be assigned to a Privacy NOW! Core Team member and responses will be generated within one week.

Objective:          Give all Normandin Street, LLC employees a quick and easy way to get Privacy NOW! related questions answered.

Format:              A phone number or email address where individuals can inquire about their Privacy NOW! related questions.

Participants:       Extended team and internal Normandin Street, LLC.

Frequency:         Continuously updated

Duration:            On going

Owner:               Communications Manager.

Employee Feedback

Description:       An opportunity for employees to comment on the effectiveness of the Privacy NOW! communications efforts. 

Objective:          Get feedback from Core team members, Extended team members, Internal Normandin Street, LLC and those individuals external to Normandin Street, LLC on the effectiveness of the communications regarding the Privacy NOW! project.  The feedback will be leveraged to improve the communications process and content.

Format:              An e-mail address where individuals can send communications feedback and suggestions.

Participants:       All Normandin Street, LLC employees are eligible to contribute.

Frequency:         On going.

Duration:            Continuous feedback.

Owner:               Communications Manager / Project Manager.

Storage of Information

The Privacy NOW! project will store electronic information that is not “sensitive” in nature on the corporate local area network at the following location: xxxx\xxxx.  All employees have read access to this directory.  The project manager is responsible for maintaining the storage of all project hard copy information throughout the duration of the project.   Confidential information will be secured accordingly.  Upon project completion, the project electronic and hard copy files will be archived to xxxxxxxxxx

Project Communication Tools

Acronyms and Abbreviations

OCIO             Office of the Chief Information Officer

IPS                  Integrated Project Schedule

PMIâ                     Project Management Institute

PMBOK         Project Management Body of Knowledge

PMC               Program Management Consultant

PMO               Program Management Office (State)

PMO               Project Management Office (Agency)

PMP               Project Management Plan

QMP               Quality Management Plan

WBS               Work Breakdown Structure


Acceptance Criteria

The criteria that a system or component must satisfy in order to be accepted by a user, customer, or other authorized entity. [IEEE-STD-610]

Acceptance Testing

Formal testing conducted to determine whether or not a system satisfies its acceptance criteria and to enable the customer to determine whether or not to accept the system. [IEE‑STD-610]

Action Log

The action log is a direct extension of the project schedule. The action log reflects specific actions to be completed.  Generally, these actions are small enough in both impact and duration to be handled on the Action Log rather than requiring a special revision to the project plan. Any item that requires more than one day to complete should be on the action log.

The action log is a living document that will be updated frequently and serves as an ongoing “To Do List” to insure that action items are not left uncompleted.  Actions will be captured during meetings and at other times by means of an action-input form.  This form will be submitted to the project manager for entry into the log.  The log will be maintained as a table in MS word. Closed actions will be moved to an archive.


Planning factors that, for planning purposes, will be considered true, real, or certain. Assumptions generally involve a degree of risk. They may be documented here, or converted to formal risks.


A specification or product that has been formally reviewed and agreed upon that thereafter serves as the basis for further development, and that can be changed only through formal change control procedures. [IEEE-STD-610]

Change Management Log

The change management log lists the current status and project impact of each planned or enacted project change request.  The log shows at a glance the current impact of change on the project.

The Project Manager in a MS Word table format will maintain the change management log.  The log will be updated when a proposed or approved PCR is received.  The log will be reviewed at the weekly Leadership meeting and reported on in the Weekly Status report.


A pact that is freely assumed, visible, and expected to be kept by all parties.

Configuration Management (CM)

A discipline applying technical and administrative direction and surveillance to identify and document the functional and physical characteristics of a configuration item, control changes to those characteristics, record and report change processing and implementation status, and verify compliance with specified requirements. [IEEE-STD-610]

Configuration Management Library System

The tools and procedures to access the contents of the software baseline library.


Factors that will (or do) limit the project management team’s options. Contract provisions will generally be considered constraints.

Contingency Planning

The development of a management plan that identifies alternative strategies to be used to ensure project success if specified risk events occur.


Taking action to decrease the total duration after analyzing a number of alternatives to determine how to get the maximum duration compression for the least cost.

Critical Path

The series of activities that determines the duration of the project. The critical path usually defined as those activities with float less than or equal to specified value often zero. It is the longest path through the project.

Dependencies, Discretionary

Dependencies defined by the project management team. They should be used with care and usually revolve around current Best Practices in a particular application area. They are sometimes referred to as soft logic, preferred logic, or preferential logic. This may also encompass particular approaches because a specific sequence of activities is preferred, but not mandatory in the project life cycle.

Dependencies, Mandatory

Dependencies that are inherent to the work being done. In some cases, they are referred to as hard logic.

Dependency Item

A product, action, piece of information, etc., that must be provided by one individual or group to a second individual or group so they can perform a planned task.


Any measurable, tangible, verifiable outcome, result, or item that must be produced to complete a project or part of a project that is subject to approval by the project sponsor or customer.


The number of work periods (not including holidays or other nonworking periods) required to complete an activity or other project element.

Duration Compression

Shortening the project schedule without reducing the project scope. Often increases the project cost.

End User

The individual or group who will use the system for its intended operational use when it is deployed in its environment.


The number of labor units required to complete an activity or other project element. Usually expressed as staff hours, staff days, or staff weeks.

Fast Tracking

Compressing the project schedule by overlapping activities that would normally be done in sequence, such as design and construction.


The amount of time that an activity may be delayed from its early start without delaying the project finished date.

Formal Review

A formal meeting at which a product is presented to the end user, customer, or other interested parties for comment and approval. It can also be a review of the management and technical activities and of the progress of the project.

Integrated Project Schedule

A master schedule created by the project manager reflecting all approved project activities of the main project and sub-projects.

Issues Log

Similar to the action log, the issues log is an extension of the project plan. The issue log will be updated as needed throughout the week. An issue differs from an action in severity and the amount of effort required to resolve. An issue, if left unresolved would have a significant adverse impact on the project. Typically the resolution to an issue is not known at the time it is created and the issue owner must develop a solution.

The project issue log will be updated as needed by submitting an update form to the project manager.  The issue log will be maintained in a MS word table.

Lessons Learned

The learning gained from the process of performing the project. Lessons learned may be identified at any point during the execution of the project.


A reasonably complete set of rules and criteria that establish a precise and repeatable way of performing a task and arriving at a desired result.


A collection of methods, procedures, and standards that defines an integrated synthesis of engineering approaches to the development of a product.


A scheduled event for which some individual is accountable and that is used to measure progress.

Non-technical Requirements

Agreements, conditions, and/or contractual terms that affect and determine the management activities of an architectural and software project.

The Statement of Work (SOW) is the contractual agreement that defines the project objectives, expectations and scope. Each project member should be familiar with the SOW particularly as it relates to project scope and the definition of completion for each major deliverable. 


A smaller portion of the overall project.


A sequence of instructions treated as a basic unit of work. [IEEE-STD-610]

A well-defined unit of work in the software process that provides management with a visible checkpoint into the status of the project. Tasks have readiness criteria (preconditions) and completion criteria (post conditions). (See activity for contrast.)

Task Assignment Sheets

Where applicable, the project manager will provide a detailed outline of the specific steps required to complete an assigned task.  The Task Assignment Sheet provides much greater detail and specificity than the project schedule.  In some cases a single project schedule task may be broken down into fifteen or more steps to complete.

Where practical this Task Assignment Sheet will be developed in MS Word and distributed in hard copy prior to opening the new task.  In addition, the project manager will hold a coaching session at the start of each task to review the task assignment.


A collection of people, often drawn from diverse but related groups, assigned to perform a well-defined function for an organization or a project. Team members may be part-time participants of the team and have other primary responsibilities.

Technical Requirements

Those requirements that describe what the software must do and its operational constraints. Examples of technical requirements include functional, performance, interface, and quality requirements.

Time Sheets

The project team in capturing will utilize weekly time sheets and reporting the actual time worked on a task and the estimate to complete that task. The project manager will maintain this information in an Excel spreadsheet.

At the beginning of each week a blank time sheet will be distributed.  Each member of the project team shall submit a complete time sheet to the project manager no later than 12:00 noon on Friday.  Part-time project staff may not be required to complete this form.  The Project Managers will make this determination on a case-by-case basis.

The time sheet will be loaded into an Excel spreadsheet. This spreadsheet will be used to track project actuals and estimates to complete.  This total actual work as compared to the total estimated work requirement shall yield the percentage complete for each task on the project.


The degree to which a relationship can be established between two or more products of the development process, especially products having a predecessor-successor or master-subordinate relationship to one another.  [IEEE-STD-610]

Work Breakdown Structure

A deliverable-oriented grouping of project elements that organizes and defines the total work scope of the project.  Each descending level represents an increasingly detailed definition of the project work.

Network Security

High and Low Context Communication


Normandin Street
To: Communications Group
From: Steven Normandin
CC: Leadership Team
Date: 8/31/2019
Re: High and Low Context Communication
Comments: This internal memo will discuss the difference between high context communication low context communication. It has come to our attention that employees in the communications department do not recognize the difference between high context communication and low context communication. Therefore, I am issuing this memo to help clarify the differences between each type and appropriate use.          

First, to understand context communication, It is important to understand what it is. The meaning of “high context” and “low context” communication coined by Edward Hall describes major cultural differences between societies (Intercultural Communication, 2016). In a low context culture, “no means no”.  There is no question about the meaning of the word “no”. It is a very straight forward answer that requires no interpretation. People communicate information explicitly as people “mean what they say, and they state what they mean” (Flaxington, 2016). People from low context cultures are found to be more “socially oriented, to be more confrontation‐avoiding, and to have more trouble dealing with new situations” (Flaxington, 2016). Low context cultures do not have the same depth of tradition and have many more short-term relationships.          

Two countries that are examples of low context culture are the United States and Ireland. The first reason that these two cultures use low context communication is the fact that many relationships are short term. Next, both cultures are very goal-oriented and self-motivated. Next, people speak very highly of themselves. People also speak of their accomplishments and worth. People in these cultures will speak of ideas that they have that on their own they may not be part of a group they will take credit for the idea. In the US and Ireland, people think for themselves and don’t depend time on what others think. One example of a low context communication would be something that is written and well-thought out such as an instruction manual. An instructional or technical manual contains clear steps for accomplishing a task or series of tasks.          

An example of high context communication methods would be something that is visual such as a keynote presentation or new product demonstration. High context communication realizes heavily on hand gestures and body movement and tone of the voice.  An example of a high context country is Japan. Forbes contributor Carol Kinsey Goman (2011) states that “people in Japan (a high-context culture) prefer face-to-face communication over electronic technology favored by other industrialized countries like the United States, Canada, the United Kingdom and Germany (low-context cultures)”. Culturally, Japanese businesspeople prefer a conversation over written communication.          

In closing, it is important to understand the difference between high context cultures and low context cultures because it will help our company communicate in the best way that cultures will understand messages whether written or physically presented.    


Flaxington, B. (2016, June). Say what you mean; mean what you say. Retrieved August 31, 2019, from Psychology Today website:

Goman, C. K. (2011, February). How culture controls communication. Retrieved August 31, 2019, from Forbes website:

Intercultural communication: High and low context cultures. (2016, August 18). Retrieved from Southeastern University Online website:

Network Security

Cybersecurity and Risk Management

The EMC Corporation interviewed 3,300 IT decision makers from 24 nations in order to determine how well organizations are ready to cope with cybersecurity events that cause downtime and data loss (Kovacs, 2014). Cybersecurity-related threat is a significant matter. Software risk management can fall between the cracks in an organizational sense. It is necessary to involve every person using a computer or technology, but your cybersecurity partner is ultimately responsible for it.

At Normandin Street, we take cybersecurity seriously. When creating enterprise level software eliminating cybersecurity issues for businesses across the globe, we take risk management very seriously. Most cybersecurity projects are risky because of the range of serious potential problems that can arise. The primary benefit of risk management is to contain and mitigate threats to project success. You have to identify and plan, and then be ready to act when a risk arises—drawing upon the experience and knowledge of the entire team to minimize the impact to the project.

Cybersecurity risk management includes the identification and classification of technical, programmatic and process risks, which become part of a plan that links each to a mitigation strategy. The project manager monitors risk during the project. If any materialize, a specific owner implements a mitigating action. In this article, we explain the elements of an effective software risk management plan and provide examples of plan elements.

After cataloging risks according to type (technical, project, process, organizational), the software development project manager crafts a plan to record and monitor these risks. As part of a larger, comprehensive project plan, the risk management plan outlines the response that will be taken for each risk—if it materializes. The core of the risk management plan is the risk register, which describes and highlights the most likely threats to a software project.

Software Development Risk Register

To ensure that risks remain in the forefront of project management activities, it’s best to keep the risk management plan as simple as possible. For both conventional and agile software project management methodologies, a risk register is a proven tool for organizing and referring to known projects risks. A comprehensive risk register would contain consist of the following attributes:

Description of risk — Summary description of the risk—easy to understand.

Recognition Date — Date on which stakeholders identify and acknowledge the risk.

Probability of occurrence — Estimate of probability that this risk will materialize (%).

Severity — The intensity of undesirable impact to the project—if the risk materializes.

Owner — This person monitors the risk and takes action if necessary.

Action — The contingent response if the risk materializes.

Status — current team view of the risk: potential, monitoring, occurring, or eliminated.

Loss Size — Given in hours or days, this is a measure of the negative impact to the project.

Risk Exposure — Given in hours or days, this is is a product of probability and loss size.

Priority (optional) — This is either an independent ranking, or the product of probability and severity. Typically, a higher-severity risk with high probability has higher relative priority.

Software Risk Register Example

For the purpose of illustration, we provide an example of a risk register that includes four of the attributes given above. It is sorted according to the probability of occurrence, and the total risk exposure is a sum of all the individual risk exposures.

Risk Description         Probability of Occurrence      Loss Size (Days)         Risk Exposure (Days)

Insufficient QA time to validate on all browsers and OS types.        45%     6          2.7

Lack of verifiable sample data may affect the ability of the primary external stakeholder to validate end product.            35%     18        6.3

Inadequate staff available from external stakeholders until very late in cycle.         25%     7          1.8

Following end-user testing, more effort on the user guide may be necessary.          25%     18        4.5

Backup and restore requires 3rd-party solutions (not evaluated yet).            20%     12        2.4

Insufficient time for external stakeholders to submit feedback on layout and composition of reports.        10%     5          0.5

Total Risk Exposure   18.2

Software risk management is a balance of risk and reward, therefore it is essential that—as the team reviews the requirements (user stories in the product backlog)—it must also evaluate the risk for each one. In software, a high risk often does not correspond with a high reward. Instead, the driving question for managing risk should be: Does the potential reward for each story or requirement warrant the level of risk that the team is assuming as it proceeds with development? By considering alternatives, a development team can often achieve (nearly) the same level of reward without nearly as much risk. Adoption of this posture will help improve requirements prioritization.

We hope this article has given you solid guidance on how to plan for risk on software development projects. There are many details and subtleties that we don’t have space to cover here, but you can find more exploration of this topic and others on our website.