Alex Kelso
Security plans are developed for the protection of the assets of an organization. Organizational assets can be physical or proprietary assets, such as data. There are many facets of a security policy, of which will be broken down for ease of understanding, but also to provide a template for the completion of a security plan. The following outline highlights the important points necessary as it applies to a Business Continuity Plan for International Plastics, Inc. The inclusion of all key points will allow for development of a comprehensive security plan, inclusive for all four locations of International Plastics, Inc.
Security Plan
I. Asset Management
A. Identify assets
B. Asset management
II. Access Control
A. Data access procedures
B. Network diagrams for remote access locations
III. Data Protection and Privacy
A. Security planning and policies
B. Media sanitization
C. Cryptographic keys
IV. HR and Security Awareness
A. New hire checklist
B. Transfers
C. Training records
D. Awareness media
V. IT Compliance
A. Audit reports
B. Corresponding regulations
VI. Security Incident Plan
Predetermined plan for response to an incident containing the why, who, what, where and when in response to an incident. This plan should contain specifics of who to contact and all steps to control the incident in accordance with a BCP.
VII. Information Systems Acquisitions, Development and Management
Predetermined methods for upgrades to systems. It answers at what level new acquisitions, development and maintenance of equipment will be merged with current systems.
VIII. Mobile Security
IX. Physical and Environmental Security
A. Guards
B. UPS
C. CCTV
X. Threat and Vulnerability Management
References
HEISC (unk), (2014), Information Security Guide, retrieved from spaces.internet2.edu/
Display/2014infosecurityguide