Final Project

1

3

IS311 Security Operations (11-AUG-21 - 05-OCT-21 [80050])

Introduction

Mahatmarg Manufacturing is an organization that offers fiber cable to local organizations, government organizations, and individual customers. This information security plan is documentation of the organization's plan and security measures that will be put in place to help in securing the personal and sensitive data of the organization.

Purpose

The Information Security Plan (ISP) is aimed to create an operational, tangible, and procedural plan which will help in securing the data of the customers of the Mahatmarg Manufacturing organization. The objectives of the plan are to ensure the information assets and customer data of the organization are secure and protected from loss, destruction, and also from being accessed by unauthorized personnel who might have malicious intentions towards the organization. The purpose of this plan is to give an overview of what is required of the employees and also the controls which are in place in the organization (Jayanthi, 2017). The plan will also describe the roles and responsibilities, and the expected behavior from all the individuals who will have access to the information. The ISP will also incorporate the input of all the departments and the managers of the organization.

Scope

The scope of the ISP represents the definition of information including what is excluded or included. The scope will cover the storage of the information on the computers and databases and the format in which the information is presented to the employees; either printed or in soft copy (Nieles et al., 2017). The scope of the ISP entails the process of assessing the information risks and vulnerabilities and also includes the controls used to ensure that the information in the organization is secure.

Roles and responsibilities

In regard to this policy, the following are the roles and responsibilities of the different employees in the organization.

Chief Information Officer- top executive in the manufacturing organization who will be charged with the responsibility of the implementation of computer technologies and helps in the support of the organizational objectives and goals regarding the information technology systems ( Dhillon et al., 2018)

• Information Security Officer- is responsible for maintaining a secure environment for the customers and other stakeholders through monitoring the organization's premises and the systems of the organization.

• Information Security Architect- will be responsible for helping enforce and implement the policy by helping recommend the ways and methods in which the manufacturing entity can update and upgrade the security of the organization.

• Information Security Coordinator- help in the evaluation and the coordination of the security programs of the organization and they do so by ensuring that the programs put in place are effective and also identifies the needs for any additional resources in the organization.

• Data Proprietor (Administrative official)- Has oversight authority over data and also will help in establishing the purpose and the functions of the different data resources.

• Data Custodian (Technical staff)- The data custodians will work directly with the data owners and will also be charged with the responsibility of maintenance, protection, and storage of information.

References

Dhillon, G., Torkzadeh, G., & Chang, J. (2018, June). Strategic planning for IS security:

designing objectives. In International Conference on Design Science Research in Information Systems and Technology (pp. 285-299). Springer, Cham.

Jayanthi, M. K. (2017, March). Strategic planning for information security-DID mechanism to

befriend the cyber criminals to assure cyber freedom. In 2017 2nd International Conference on Anti-Cyber Crimes (ICACC) (pp. 142-147). IEEE

Nieles, M., Dempsey, K., & Pillitteri, V. Y. (2017). An introduction to information security.

NIST special publication, 800(12), 101.