Computer Security Resource Center

Computer Security Resource Center

Computer Security
Resource Center

A  |  B  |  C  |  D  |  E  |  F  |  G  |  H  |  I  |  J  |  K  |  L  |  M  |  N  |  O  |  P  |  Q  |  R  |  S  |  T  |  U  |  V  |  W  |  X  |  Y  |  Z

Select

Note: Select-Control-Evaluate IT investment management process

Abbreviation(s) and Synonym(s):

None

Definition(s):

  the goal of the Select phase is to assess and prioritize current and proposed IT projects and then create a portfolio of IT projects. In doing so, this phase helps to ensure that the organization (1) selects those IT projects that will best support mission needs and (2) identifies and analyzes a project’s risks and returns before spending a significant amount of project funds. A critical element of this phase is that a group of senior executives makes project selection and prioritization decisions based on a consistent set of decision criteria that compares costs, benefits, risks, and potential returns of the various IT projects.
Source(s):
NIST SP 800-65

  o Select – the goal of the Select phase is to assess and prioritize current and proposed IT projects and then create a portfolio of IT projects. In doing so, this phase helps to ensure that the organization (1) selects those IT projects that will best support mission needs and (2) identifies and analyzes a project’s risks and returns before spending a significant amount of project funds. A critical element of this phase is that a group of senior executives makes project selection and prioritization decisions based on a consistent set of decision criteria that compares costs, benefits, risks, and potential returns of the various IT projects. o Control – the Control phase consists of managing investments while monitoring for results. Once the IT projects have been selected, senior executives periodically assess the progress of the projects against their projected cost, scheduled milestones, and expected mission benefits. o Evaluate – the Evaluate phase provides a mechanism for constantly improving the organization’s IT investment process. The goal of this phase is to measure, analyze, and record results based on the data collected throughout each phase. Senior executives assess the degree to which each project has met its planned cost and schedule goals and has fulfilled its projected contribution to the organization’s mission. The primary tool in this phase is the post-implementation review (PIR), which should be conducted once a project has been completed. PIRs help senior managers assess whether a project’s proposed benefits were achieved and also help to refine the IT selection criteria to be used in the future.
Source(s):
NIST SP 800-65 under Select-Control-Evaluate IT investment management process