Information Security Planning
To make sound decisions about information security, a proper plan must be in place. Planning is defined as the process of developing, creating, and implementing strategies for the accomplishment of goals and objectives. Levels of planning include Strategic, Tactical, and Operational.
Prior to beginning this assignment, view “Governance, Strategic Planning, and Policy” within the “Video Playlist: Policy Management for Security Solutions,” located in the Class Resources.
Scenario: You have been tasked with your security team to create a 5-7-minute presentation for the board in which you will demonstrate your team’s plan to secure the organization’s assets during the next three to five years.
Using the company from Topic 1, create a high-level (general) strategy for management to make informed decisions about their investments in security. In a 5- to 7-minute video/screencast, you must address the criteria below. For presentations, suggested tools include Loom, Camstudio, Screencast-O-Matic, voiceover PowerPoint, or screencast. On Windows, there are free applications that do this, for example, Camstudio or Screencast-o-Matic. Macs have this capability built in.
Identify the business goals for the organization Make sure they align with the organization’s mission and vision statements. Note: These goals are usually created by the CEO of the company and then translated into more specific goals for the levels below.
Then define and map the individual responsibilities for your division and respond to the CEO’s general strategy with an IT-focused statement of strategy and supporting goals.
These goals must be specific, measurable, achievable, and time-bound. Make sure to address for each:
Specific security functions, processes, and people/roles.
Compliance standards, governing rules, regulations, etc. (at the international, federal, state, local, and industry-specific legislation).
Applicable security policies.
Potential impacts to the organization should the security fail.
Next, translate the plans and goals you created into a division-specific tactical plan. Outlining the following:
How to achieve the high-level strategic plan.
What actions are required to achieve short-term goals.
Who has the responsibility for implementation?
Lastly, translate the plans and goals you created into a division-specific operational plan. Outlining the following:
How will resources be allocated to achieve short-term goals.
What will be the desired outcome?
How will progress be monitored.
Within the screencast, make sure to reference a variety of visuals that contribute to the audience’s understanding of the technical aspects, recommendations, and overall objective of the plan.
In addition, you will be graded on your ability to provide:
A comprehensive and consistent focus throughout the presentation
Detailed and justified decision-making
Effective communication with an awareness of the audience
While APA style is not required for the body of this assignment, solid academic writing is expected, and documentation of sources should be presented using APA formatting guidelines, which can be found in the APA Style Guide, located in the Student Success Center
This assignment uses a rubric. Please review the rubric prior to beginning the assignment to become familiar with the expectations for successful completion.
You are not required to submit this assignment to LopesWrite.