In this course, you will be creating an Enterprise Security Strategy Plan that will consist of 5 sections. The report can be based upon a real company that you know of or work with. If that is not possible, you can create a fictional company. You may use a pseudonym for the company if you wish.
|Deliverable Length||Due in Week|
|Section 1: Company Overview
1. Business Goals
a. Description of the subject company
b. 4 to 5 business goals as they relate to doing secure business
2. Overall Security Strategy
a. Description of current approach to security
i. What key methods are used?
ii. How does this company align the methods to their business goals?
3. Hardware Strategy
a. A high-level description of the hardware footprint
b. Executive brief on how the hardware will be secured (use a diagram if necessary)
4. Software Strategy
a. A high-level description of the key software and operations.
b. Executive brief on how the software will be secured (use a diagram if necessary)
Section 2: Risks, Standards and Procedures
Section 2 of the Enterprise Security Strategy Plan: Risks, Standards, and Procedures.
Risk Assessment Plan: Provide a plan on how you would undergo a risk assessment of your company. You are not executing the risk assessment. This is a review of how the risk assessment will be done.
Standards: Indicate at least 2 standards that will be enforced within your company. These can be either external or internal standards (HIPAA, DES, other encryption standards, etc.) Include a paragraph for each explaining what they are and why they will be necessary to be part of the security implementation.
Section 3: Security Policy
For this section of the plan, create 4 security policies (you may include the policy you created in the previous unit) using the template you created in the Unit 3 Discussion Board. Use one of the following areas to monitor, or you may come up with your own:
Section 4: Implementation, Operations and Monitoring
Implementation: Describe your plan for implementing the program. You have identified 3 distinct activities. For each section of the plan, discuss what should happen to roll that area out, what the subtasks are, what deliverables should be created, and what success will look like.
Operations and Monitoring: Select 10 possible areas to monitor. You may select from the following suggestions, or use your own:
Number of projects that have information technology (IT) security involvement
Explain why you would want to monitor the areas you have chosen. Indicate both the values you would hope to see and the actions you would take if what you saw was not in alignment with that optimal range. Create a table with the following columns:
|Section 5: Audits and Compliance
Based on what is in your risk assessment, policies, and monitoring plans, create your audit checklist. An audit tells you if you did what you said you were going to do. This checklist should include at least 20 items that will be checked during a standard audit. Create a table with four columns. The title for each column should be as follows:
For the Item Described column, include a sentence or two about the item being audited. The Source should describe where this control came from (such as a policy, monitored control). For the Audit Criteria, include what the auditor should look for, including acceptable ranges.
The following is an example:
|15 to 17 Pages||10|
Click here to download a detailed description of the final Enterprise Security Strategy Plan.