Organization Information Assurance Plan

Organization Information Assurance Plan

Organization Information Assurance Plan

In this course, you will be creating an Enterprise Security Strategy Plan that will consist of 5 sections. The report can be based upon a real company that you know of or work with. If that is not possible, you can create a fictional company. You may use a pseudonym for the company if you wish.

Deliverable Length Due in Week
Section 1: Company Overview

1. Business Goals

a. Description of the subject company

b. 4 to 5 business goals as they relate to doing secure business

2. Overall Security Strategy

a. Description of current approach to security

i. What key methods are used?

ii. How does this company align the methods to their business goals?

3. Hardware Strategy

a. A high-level description of the hardware footprint

b. Executive brief on how the hardware will be secured (use a diagram if necessary)

4. Software Strategy

a. A high-level description of the key software and operations.

b. Executive brief on how the software will be secured (use a diagram if necessary)


2–3 pages 10
Section 2: Risks, Standards and Procedures

Section 2 of the Enterprise Security Strategy Plan: Risks, Standards, and Procedures.

Risk Assessment Plan: Provide a plan on how you would undergo a risk assessment of your company. You are not executing the risk assessment. This is a review of how the risk assessment will be done.

Standards: Indicate at least 2 standards that will be enforced within your company. These can be either external or internal standards (HIPAA, DES, other encryption standards, etc.) Include a paragraph for each explaining what they are and why they will be necessary to be part of the security implementation.


2–3 pages 10
Section 3: Security Policy

For this section of the plan, create 4 security policies (you may include the policy you created in the previous unit) using the template you created in the Unit 3 Discussion Board. Use one of the following areas to monitor, or you may come up with your own:

  • E-mail
  • Acceptable use
  • Applications
  • Internet use
  • Mobile devices
  • Access control


4–5 pages 10
Section 4: Implementation, Operations and Monitoring

Implementation: Describe your plan for implementing the program. You have identified 3 distinct activities. For each section of the plan, discuss what should happen to roll that area out, what the subtasks are, what deliverables should be created, and what success will look like.

Operations and Monitoring: Select 10 possible areas to monitor. You may select from the following suggestions, or use your own:

  • Security incidents (per week/month/year)
  • Viruses detected
  • Administrator violations
  • Spam not detected
  • Intrusion attempts
  • Intrusion successes
  • Invalid log-in attempts

Number of projects that have information technology (IT) security involvement

  1. Policy exceptions granted and rejected
  2. Current deployment of antivirus software
  3. Alarms and network intrusion attempts
  4. Number and impact of security incidents
  5. Volumes of IDs created, deleted, or modified
  6. Any access keys created or deleted
Explain why you would want to monitor the areas you have chosen. Indicate both the values you would hope to see and the actions you would take if what you saw was not in alignment with that optimal range. Create a table with the following columns:
  • Monitoring item
  • Why it must be monitored
  • Optimal range
  • Actions to take if it is not in range


2–3 pages 10
Section 5: Audits and Compliance

Audit Checklist

Based on what is in your risk assessment, policies, and monitoring plans, create your audit checklist. An audit tells you if you did what you said you were going to do. This checklist should include at least 20 items that will be checked during a standard audit. Create a table with four columns. The title for each column should be as follows:

  • Audit Item (under this header, list the 20 items that will be checked)
  • Item Described
  • Source
  • Audit Criteria

For the Item Described column, include a sentence or two about the item being audited. The Source should describe where this control came from (such as a policy, monitored control). For the Audit Criteria, include what the auditor should look for, including acceptable ranges.

Assessment Plan
  1. Determine if there is any improvement possible on the existing controls and processes. As you create the assessment plan, keep in mind that an assessment looks for ways to continuously improve.
  2. Determine if there is any improvement possible on the existing controls and processes. Provide a 10-step high-level assessment approach. An assessment looks for ways to continuously improve.
  3. Provide 10 bullet points describing the approach the company would go through to conduct a self-assessment.

The following is an example:

  • First, Review what tools may be available that may offer security controls in a better fashion.
  • Also, Review what tools may combine one or more existing tools.
  • Lastly, Review trends in incidents or user requests to suggest different processes.
  • Submit all sections of your Enterprise Security Strategy Plan.


2–3 pages 10
Total Report
15 to 17 Pages 10

Click  here  to download a detailed description of the final Enterprise Security Strategy Plan.

Organization Information

Organization Information

Osty Writers