Implementing An Effective Security Plan - 1210 Words

Recommended Security Plan In order to create an effective security plan, it is necessary to create a system that can be modified and adapt to changing threats. The ISO27005 standard details this process by breaking it down into four steps – Plan, Do, Check, Act (Stallings Brown, 2012). The planning step involves performing a detailed risk assessment of the environment and creating a security plan. By examining the infrastructure and potential vulnerabilities, we have determined that controls are needed to address environmental, physical, and human vulnerabilities. We will start by determining the management controls needed. In order to properly design, implement, and manage an effective security policy, we need to define who is†¦show more content†¦Some of these areas involve environmental threats such as earthquakes or fires. Suggested controls for this threat can be to replicate our server environment to an offsite data center, secure an outside vendor that provide s disaster recovery services, or simply making sure an offsite backup is available. To combat technical threats involving power issues there is a need for surge protectors, UPS batteries for important systems, or possibly a generator at the corporate office to maintain core service availability in case of a prolonged power outage. To deal with the human threats a combination of properly managed access rights, physical locks restricting access to server rooms or other sensitive areas, and a response team to respond to potential user threats are needed. Based on the analysis, my recommendation is to create technical policies for the use of company resources such as all hardware and software including email and internet, security policies that govern password complexity and account access, in addition to policies that define network access, personal phones, and assigned company equipment such as tablets. In addition to this, policies regarding updating software patches, antivirus definitions, and other software need to be defined. In order to ensure the network is protecting the entrance to the network effectively, access and configuration should be defined