Improvement plan

san394

ImprovementPlanOutline.docx

Home >Information Systems homework help >Improvement plan

Running head: Improvement Plan Outline 1

Improvement Plan Outline 2

Improvement Plan Outline

Santhosh Reddy Lotakal

Wilmington university

Improvement Plan Outline

A. Introduction

1. Definition of cybersecurity: Protecting your cyber assets and critical data.

2. Objectives of cybersecurity implementation plan

i. Maintain data integrity

ii. Protect confidentiality

iii. Ensure availability

B. Current state description

1. Identifying risks and vulnerabilities

i. Hardware and software configuration

a. Unsecured user accounts

b. Misconfigured internet services

c. Unsecured setting within the network equipment

ii. Network design

iii. Technological weaknesses

a. TCP/IP protocol weaknesses

b. OS weaknesses

c. Network equipment weaknesses

2. Internet security policy

i. Develop a written policy

ii. Application of logical access controls

iii. Software and hardware installation policy

iv. Developing disaster recovery plan

C. Overview of network weaknesses

1. Wireless access points

2. Internal unauthorized access

3. USB flash drives

D. Threats and vulnerabilities facing ICS

1. Unstructured threat from inexperienced employees

2. Structured threat from experienced hackers

3. External threat

E. Understanding of applicable regulations

1. CFATS compliance inspection

i. Preparation for inspection

a) Site map and current chemical inventory list

b) Documents showing changes to the existing security measures

c) Documents to explain the procedures involved in storage and transportation of chemicals.

d) Documented progress of planned security measures

e) The key human resource involved

ii. The inspection processes

a. Observations

b. Interviews

c. Review of documents referenced in the security plan

d. Testing of the systems

F. Desired future state

1. To have all stakeholders responsible for the ICS security

2. A divided corporate and control network

3. Use of the recommended risk analysis and risk reduction methodologies

4. Safe and secure working internal and external environment

G. Five areas of cyber-security to improve

1. Develop a formal plan security

2. Protect all computer networks and applications

3. Protect the firm against internal and external threats

4. Recruiting the required human resource to implement the cybersecurity system

5. Investing cybersecurity training and education

H. Conclusion

1. Emerging issues in network security

2. Challenges facing cybersecurity