1. Biometric Access Control
Chris Daily - Daniel Marek - David Nitsch - Douglas Nunes de Oliveira - Kevin Swenson
PROJECT PLAN
2. Table of Contents
I. Overview.....................................................................................................4
Purpose of Project Management Plan....................................................................................4
Project Description...................................................................................................................4
Relevant Links ..........................................................................................................................4
II. High Level Requirements............................................................................4
III. Approach ....................................................................................................4
Assumptions.............................................................................................................................5
Constraints ...............................................................................................................................5
Strategic Partnerships .............................................................................................................5
Regulatory Agencies....................................................................................................5
Vendors ........................................................................................................................5
Contractor ....................................................................................................................5
IV. Stakeholders...............................................................................................6
Internal ......................................................................................................................................6
Company Executives ...................................................................................................6
Company Departments ...............................................................................................6
Project Team................................................................................................................7
External .....................................................................................................................................8
Stakeholder Register................................................................ Error! Bookmark not defined.
Relevent Links...........................................................................................................................9
V. Project Organization .................................................................................10
Project Owners .......................................................................................................................10
Project Manager.....................................................................................................................10
Project Team ..........................................................................................................................10
Project Organizational Chart .................................................................................................10
VI. Roles & Responsibilities ...........................................................................10
VII. Work Breakdown Structure (WBS) ............................................................11
High Level ...............................................................................................................................11
Key Drilldowns........................................................................................................................12
Planning Phase ..........................................................................................................12
3. Execution Phase ........................................................................................................13
VIII. Financial Management..............................................................................14
Direct Costs ............................................................................................................................14
Indirect Costs .........................................................................................................................14
IX. Quality Management.................................................................................14
Primary System Performance Metrics .................................................................................14
Testing Protocols...................................................................................................................15
Testing Teams........................................................................................................................15
Software .....................................................................................................................15
Penetration.................................................................................................................15
Testing Phases.......................................................................................................................16
Unit Test .....................................................................................................................16
Initial Penetration Test ..............................................................................................16
Integration Test..........................................................................................................16
System Test ...............................................................................................................16
User Acceptance Test ...............................................................................................16
Final Penetration Test ...............................................................................................16
Testing Scope.........................................................................................................................17
Unit Testing.............................................................................................................................17
Initial Penetration Test...........................................................................................................17
Integration Test ......................................................................................................................17
System test.............................................................................................................................17
User Acceptance Test............................................................................................................18
Final Penetration Test............................................................................................................18
X. Human Resource Managements ...............................................................18
Staffing & Resources .............................................................................................................18
XI. Communication Management...................................................................18
Communication Objectives ...................................................................................................18
Communication Plan..............................................................................................................19
Relevant Links ........................................................................................................................19
XII. Risk Management .....................................................................................19
Procedural...............................................................................................................................19
Delay of Equipment....................................................................................................19
Installation Problems ................................................................................................19
4. Changed Regulations ................................................................................................20
Human.....................................................................................................................................20
Resistance to Change................................................................................................20
Loss of Staff...............................................................................................................20
Financial..................................................................................................................................20
Unforeseen Costs ......................................................................................................20
XIII. Schedule Management .............................................................................20
Milestones ..............................................................................................................................20
Project Schedule ....................................................................................................................20
XIV. Appendix...................................................................................................21
1. Project Charter...........................................................................................................21
2. Assigned Scenario.....................................................................................................23
3. Stakeholder Register .................................................................................................24
XV. Works Cited ..............................................................................................25
5. BIOMETRIC ACCESS - MARCH 2016 4
Overview
Purpose of Project Management Plan
xx
Project Description
Relevant Links
Project Charter
Assignment Scenario
High Level Requirements
Meets Federal Security Requirements
Meets a Minimum Level of Employee Satisfaction During Testing
Implemented by Anticipated Completing Date
At or Below Original Projected Budget Cost
Your solution should include a sophisticated video surveillance infrastructure
Access points should be controlled using multiple authentication methods at
least one of which must include biometrics
Comprehensive reports must be provided monitoring all traffic 24x7x365
Your process and data must be auditable
Unauthorized access must result in immediate escalation and notification of
security, and a facility lockdown must be executed.
All employees, new and existing will have extensive training on the new system
Approach
The key to this project will be meeting the regulations established by the federal government in
regard to biometric security. The approach for our project plan will be to understand the
requirements and outline a plan to meet those requirements. This plan will need to take into
Your firm has been missing out on a number of federal contract opportunities with the Defense
Department, the Department of Homeland Security, and the Department of Justice because of your
inability to meet stringent federal security requirements around access control at your facilities.
Your security systems and procedures are manual (a combination of guards at primary access
points, antiquated combination locks, etc.) and prone to human error as well as abuse. Your
organization.
WORD COUNT: 2,806
6. BIOMETRIC ACCESS - MARCH 2016 5
consideration the partnerships, technology, staff, risks, finances and communication necessary
for this project.
CEO/Upper-Level Management - Need the new security system to meet federal requirements so
that the company can bring in new contracts. Executives have their personal reputations on the
line.
Government Departments - Need to see that new security system meets federal requirements
and regulations so that they’re willing to give federal contracts to the company.
Employees - Will be affected daily by new security measures. Many employees are skeptical of
change and may be frustrated with complications of new security system.
Assumptions
The following assumptions were made;
1. Financial Resources will continue to be available during the course of the project.
2. Federal Regulations and Requirements will not change during the course of the project.
3. They’ll be no disruptive technological advancements during the course of the project.
Constraints
The following are factors that limit the project team’s options.
Strategic Partnerships
Regulatory Agencies
The federal agencies set the regulations that our security measures have to meet. In order to
meet these regulations, we will have to closely study the regulations and work closely with
federal staff to make sure we meet them.
Vendors
We will be partnering with several suppliers in order to procure all the equipment needed for the
new system. These partnerships will be critical for procurement and for timely delivery of
equipment.
Contractor
We will be hiring a contracting firm to install and implement the biometric equipment. This
partnership will be important to ensure proper and timely installation.
7. BIOMETRIC ACCESS - MARCH 2016 6
Stakeholders
Internal
Company Executives
Name Type Role Title Phone Email
Walter Riley Internal Executive Sponsor CEO 7-(987)116-2355 WRiley@BCSystems.com
Paul King Internal Key Stakeholder CIO 1-(770)166-6383 2530@BCSystems.com
Tamara Weaver Internal Key Stakeholder CFO 421-(701)124-9140 3264@BCSystems.com
Company Departments
Facilities Management
Todd Wilson Internal Key Stakeholder Director of
Facilities
Management
62-(168)530-4477 9427@BCSystems.com
Human Resources
Jessica Howel Internal Key Stakeholder Director of
Human
Resources
254-(265)971-8773 5267@BCSystems.com
Accounting & Finance
Lynn Bush Internal Key Stakeholder Director of
Accounting &
Finance
55-(867)547-0384 @BCSystems.com
Procurement
Susan Arnold Internal Key Stakeholder Director Purchasing 994-(858)760-5932 5135@BCSystems.com
8. BIOMETRIC ACCESS - MARCH 2016 7
Legal
Jeff Warner Internal Key Stakeholder Director Legal
Affairs
86-(988)520-3597 @BCSystems.com
Project Team
Project Manager & Team Leads
Name Type Role Title Phone Email
Carl Schmidt Internal Project Manager Project Manager 358-(658)741-2967 2646@BCSystems.com
Lorene Ortega Internal Technical Lead Design Engineer 48-(679)915-1568 2319@BCSystems.com
Ana Oliver Internal QA Lead QA Analyst 54-(127)663-8479 5210@BCSystems.com
Richard Alvarado Internal Subject Matter
Expert
IT Security Admin 86-(847)329-4520 8179@BCSystems.com
Project Team Members
Todd Wilson Internal Key Stakeholder Director of
Facilities
Management
62-(168)530-4477 9427@BCSystems.com
Maggie Patton Internal Team Member IT Analyst 55-(857)845-7834 2590@BCSystems.com
Jose Wells Internal Team Member IT Analyst 86-(276)527-2466 8081@BCSystems.com
Darrel Carson Internal Team Member IT Analyst 52-(187)274-4809 5771@BCSystems.com
Lamar Gray Internal Team Member Software Engineer
II
54-(615)386-2944 5439@BCSystems.com
Anne Little Internal Team Member Programmer I 505-(201)704-4071 5429@BCSystems.com
Ruth Payne Internal Team Member Programmer IV 63-(433)215-8943 3584@BCSystems.com
Phyllis Howard Internal Team Member Database Admin 48-(929)876-0366 2377@BCSystems.com
Helen Wheeler Internal Team Member Database Admin 48-(609)610-4349 1968@BCSystems.com
Marilyn Matthews Internal Team Member Safety Technician I 63-(712)322-8260 5725@BCSystems.com
9. BIOMETRIC ACCESS - MARCH 2016 8
Christopher Stanley Internal Team Member Budget/Accounting
Analyst IV
46-(501)174-7292 6168@BCSystems.com
Jeanne Perry Internal Team Member Disaster Recovery
Analyst
55-(195)239-3395 2934@BCSystems.com
Marlene Harrison Internal Team Member Communication
Analyst
7-(885)151-5118 3832@BCSystems.com
Joey Graham Internal Team Member Help Desk
Technician
351-(357)635-9907 5299@BCSystems.com
Veronica Rodriguez Internal Team Member Training Analyst 351-(642)290-5696 2291@BCSystems.com
Other Internal Stakeholders
Employees of BCS Internal Stakeholder
External
Client Organizations
Name Type Role Title Phone Email
Department of Defense External Customer 62-(405)234-7700
Department of Homeland Security External Customer 61-(104)466-6955
Department of Justice External Customer 7-(399)290-0802
Vendors
ZK Teko External Vendor 62-(511)111-5571
Blue Coat Systems External Vendor 86-(636)274-9630
BioSec Group Kft External Vendor 380-(144)630-3609
10. BIOMETRIC ACCESS - MARCH 2016 9
AFIS & Biometrics Consulting Inc External Vendor 1-(943)294-7587
M2SYS External Vendor 81-(843)994-1526
Other External Stakeholders
BCS Shareholders External Other
External
External
External
External
Relevent Links
Communication Strategy
Stakeholder Register (Full Format)
11. BIOMETRIC ACCESS - MARCH 2016 10
Project Organization
Project Owners
xx
Project Manager
xx
Project Team
xx
Project Organizational Chart
Roles & Responsibilities
xx
Team Members
Team Leads
Project Manager
Executive Sponser Walter Riley - CEO
Carl Schmidt -
Project Manager
Richardo Alvardo -
Subject Matter
Expert
Ana Oliver - QA
Lead
Lorene Ortega -
Technical Lead
Maggie Patton - IT
Analyst
Lamar Gray -
Software Engineer II
Anna Little -
Programmer I
Marilyn Matthews -
Saftey Technician I
...
12. BIOMETRIC ACCESS - MARCH 2016 11
Work Breakdown Structure (WBS)
High Level
Biometric Access Control Project
Initiating
ID Key Stake
Holders
Project Charter
Business Case
Kickoff Meeting
Planning
Scope
Time Management
Risk
Financial
Human Resources
Executing
Concept
Design
Development
Testing
Deployment
Monitoring &
Controlling
Status Reports
Change Requests
Change Log
Issue Log
Closing
Lessons Learned
Post
Implementation
Report
Closeout
13. BIOMETRIC ACCESS - MARCH 2016 12
Key Drilldowns
Planning Phase
Planning
Scope
Scope Staement
Assumptions
High Level WBS
Time Management
Project Schedule
Task Resource Estimate
Task Duration Estimate
Task Dependencies
High Level Gantt Chart
Project Management Plan
Risk Risk Register
Financal
ROM Estimate
Budget
Human Resources
Roles & Responsibilities
RACI Matrix
Communication Plan
14. BIOMETRIC ACCESS - MARCH 2016 13
Execution Phase
Executing
Concept
Evaluate Current
System
Stakeholder Surveys &
Interviews
Documentation Review
Define Requirements
Risk Management
Approach
Project Plan
Design
Define System Goals
Functional Areas
Key Non-Functional
Areas
Development
Procurement
Installation
Training
Testing
Unit Testing
Integration Testing
Sytem Testing
User Acceptance
Testing
Deployment
Alpha
Beta
Full Deployment
Post Deployment
Testing
15. BIOMETRIC ACCESS - MARCH 2016 14
Financial Management
Direct Costs
• Biometric capture hardware and software
• Back-end processing power to maintain the database
• System design costs
• Infrastructure modification and upgrades
• Installation costs, including current system integration costs
• Costs associated with collecting user identification data (enrollment)
• System maintenance costs, including ongoing enrollment and training
• Licensing (site or per-seat) costs. (National Biometric Security Project, 2008)
Indirect Costs
Research, planning, system evaluation, and selection costs
Implementation planning costs
IT staff training costs
User education and training costs
Cost of lost productivity during implementation learning curve.
Security administration, including exception processing (“work-arounds” for persons
unable to use the chosen biometric.)
Implementation of new exception handling procedures for false rejects
Revocation costs incurred should the system have to be shut down due to inadequate
planning. (National Biometric Security Project, 2008)
Quality Management
Primary System Performance Metrics
The following four performance metrics are accepted industry standards and are collectively
referred to as Biometric Common Performance Standards (CPS). (National Biometric Security
Project, 2008)
16. BIOMETRIC ACCESS - MARCH 2016 15
Testing Protocols
When testing CPS metrics, each unit (sensor) must be activated a minimum of 10,000
times. (National Biometric Security Project, 2008)
Testing will be focused on meeting the federal government requirements, its security
and quality.
There will be common, consistent procedures for all teams supporting testing activities.
The testing process will be strictly defined, and the changes will be limited to only
essential.
If a module has been modified, it needs to be tested all over again from the beginning.
Testing Teams
Software
Software Testing team will be responsible for testing the entire software, from the unit testing
to the user acceptance testing.
Penetration
Penetration Testing team will look for exploits that can be used by malicious people after the
last system test.
False Accept Rate
(FAR)
•The probability that a biometric system will wrongly accept a false
claim regarding enrollment or non-enrollment in database. (AKA
"Type II error rate")
False Reject Rate
(FRR) + Failure to
Acquire Rate
•FRR: The probability that a biometric system will fail to accept a
true claim of enrollment or non-enrollment in a database. (AKA
"Type I error rate")
•FAR: The frequency of failure to acuire.
Failure to Enroll
Rate (FER)
•The percentage of the population which fails to complete
enrollment for a biometric solution or application. Failure can be
due to physical differences, to lack of training, environmental
conditions or ergonomics.
Throughput Rate
•The number of end users that a biometric system can process
within a stated time interval.
17. BIOMETRIC ACCESS - MARCH 2016 16
Testing Phases
Unit Test
This is the first test to be executed for each software component. Will be done by
the software testing team to make sure that each module works properly.
Initial Penetration Test
Executed by the penetration testing team to find vulnerabilities in the software
modules and hardware components after its unit test.
Integration Test
Executed by the software team to make sure that all software components work
properly together.
System Test
Executed to make sure that all hardware components and software modules works
properly together by testing team, after the software integration test.
User Acceptance Test
Executed by the hardware and software testing teams with the end users after the
system test to make sure that the system attends the user's requirements.
Final Penetration Test
Executed in parallel with the user acceptance testing by the penetration testing
team to find vulnerabilities in the whole system.
18. BIOMETRIC ACCESS - MARCH 2016 17
Testing Scope
The test cases must be written down before the test start and includes the input values and
expected values. A test report should be written after the test, and it contains the test
specification the test case and the output values.
Unit Testing
At minimum, each individual system module must complete one unit-test. The duration required
for individual unit-tests is anticipated to range from 1 to 4 days.
Sample Test Case False biometric template presented for authentication.
Purpose Determine system error rate
Input Data Sample set of false templates.
Test Acceptance Criteria False authorization rate falls within acceptable range.
Test Deliverables Test report.
Initial Penetration Test
At minimum, each individual system module must complete one initial penetration test. The
duration required for individual initial penetration tests is anticipated to range from 1 to 4 days.
Test Case Penetration test of login module.
Purpose Look for exploits that can be used by unauthorized users to login.
Test Acceptance Criteria Only authorized users can login into the system.
Test Deliverables Test report, exploits report.
Integration Test
Purpose Look for exploits that can be used by unauthorized users to login.
Duration 15 days
Test Deliverables Test report.
System test
Purpose Look for exploits that can be used by unauthorized users to login.
Duration 15 days
Test Deliverables Test report.
19. BIOMETRIC ACCESS - MARCH 2016 18
User Acceptance Test
Test case: user acceptance test.
Purpose: Test it the system meet the business requirements and if it satisfy the users.
Duration: 10 days.
Testers: <List of end users that will test the system.>
Test acceptance criteria: The system should satisfy at least 90% of the users.
Test deliverables: Test report.
Final Penetration Test
Test case: Final Penetration test
Purpose: Look for exploits in the whole system.
Duration: 10 days.
Test acceptance criteria: 0%, all exploits must be fixed.
Test deliverables: Test report, exploits report.
Human Resource Managements
Xx
Staffing & Resources
Xx
Communication Management
Communication Objectives
Effective and secure communications is critical to the success of this project.
The key communication objectives for the project are:
Encourage use of project management best practices
Give accurate and timely information about the project
Ensure a consistent message
20. BIOMETRIC ACCESS - MARCH 2016 19
Communication Plan
Audience Message Method Frequency Communicator
Sponsor Project Plans Meeting Weekly Project Manager
Sponsor Status Reports Published on Google Drive Biweekly Project Manager
Sponsor Emergency Call him Any time Project manager
Core team Project Plans Meeting Weekly Project Manager
Core team Status Reports Published on Google Drive Biweekly Project Manager
Financier Project Plan and
Status Reports
Meeting Biweekly Project Manager
Stakeholders Project Plan and
Status Reports
Meeting Weekly Project Manager
Champion ? Meeting Weekly Project Manager
Relevant Links
Stakeholder List
Risk Management
The implementation of biometric security measures project will come with a few risks attached.
The risks involved with this project can be broken down into procedural, financial, regulatory and
human. Each of these risks present potential challenges that the project team will have to have
plans in place to deal with. Risk management will be handled at the top level and the leadership
core will be expected to react to and handle any risks that pop up during the project.
Procedural
Delay of Equipment
This project will rely on a significant purchase of biometric security equipment. Any delay in the
procurement of this equipment will lead to a delay in the installation of the project. To mitigate
this risk, the project team will need to be sure to order the equipment early enough that it is for
sure to arrive on time.
Installation Problems
With any project involving new equipment there is the risk that the equipment will not work as
expected or may not be compatible with the current setup. This may create problems with the
installation requiring the workers to alter their plan.
21. BIOMETRIC ACCESS - MARCH 2016 20
Regulatory
Changed Regulations
This project is based on adjusting the current security procedures to get up to federal
regulations. This presents a risk as regulations could change or get more stringent during the
project. If this were to happen, the leadership would have to decide whether to invest in meeting
the new standards or abandoning the project.
Human
Resistance to Change
The culture at the firm is resistant to new security and hesitant about change. This may lead to
delayed adoption or even refusal by employees. Furthermore, even if employees accept the new
security they may harbor resentment or have lingering negative attitudes towards management.
Loss of Staff
The new security will require the firm to get rid of some security staff. This may negatively
affect employee chemistry and may create divisions between management and employees.
Financial
Unforeseen Costs
With any project there is a risk of costs popping up that were not in the budget. These costs can
stem from any number of issues. For this project, the financial risks are reduced due to the
team having almost a blank check to accomplish the task.
Schedule Management
Milestones
Xx
Project Schedule
xx
26. BIOMETRIC ACCESS - MARCH 2016 25
Works Cited
Branch, Defense Forensics and Biometrics Agency (DFBA) Architecture. (Apr 2013). The DoD
Biometrics Enterprise Architecture (Integrated) v2.0 (BioEA). Washington DC: Department
of Defense.
Das, R. (2015). Biometric Technology: Authentication, Biocryptography, and Cloud-Based
Systems. CRC Press.
Division, D. P. (2013). The DoD Biometrics Enterprise Architecture (Integrated) v2.0 (BioEA).
Washington DC: Defense Forensics and Biometrics Agency (DFBA) Architecture Branch.
John D. Woodward, K. W. (2001). Army Biometric Applications: Identifying and Addressing
Sociocultural Concerns. Rand Corporation.
National Biometric Security Project. (2008). Biometric Technology Application Manual Volume
One: Biometric Basics. Bowie, MD: NBSP.
Perkins, R. W. (Dec 2015). Predicts 2016: Identity and Access Management. Stamford, CT:
Gartner.
PMI. (2008). A Guide to the Project Management Body of Knowledge (PMBOK Guide). Newtown
Square, PA: Project Management Institute.
Unknown. (2016). THE DEFENSE FORENSICS & BIOMETRICS AGENCY. Retrieved from
References/Standards: http://www.biometrics.dod.mil/References/Standards.aspx