Question:
The first step will be to select a real or hypothetical organization as the target for your Comprehensive Security Management Plan document.
This organization will be used as the basis for each of the assignments throughout the course and should conform to the following guidelines:
Nontrivial: The selected organization should be large enough to allow reasonable exercise of the security management analysis and planning processes.
Domain knowledge: You should be familiar enough with the organization to allow focus on the project tasks without requiring significant time for domain education.
Accessibility: You should have good access to the people and other information that is related to the organization because this will be an important part of the process.
The selected organization may already have security management in place, but it may still be used as the basis for the projects in this course.
The selected organization must have a need for some kind of security management as part of its operations.
Feel free to identify a hypothetical organization that meets the requirements.
You may make any necessary assumptions to fulfill the requirements of organization selection.
Select an existing organization or identify a hypothetical organization that fits these requirements, and submit your proposal to your instructor before proceeding further with the assignments in the course. Approval should be sought within the first several days of the course through an e-mail proposal to your instructor.
Assignment
The first task in this process will be to select an organization or identify a hypothetical organization to use as the basis of the projects. Next, you will create the shell document for the final project deliverable that will be worked on during each unit. While you proceed through each project phase, content will be added for each section of the document to gradually complete the final project. Appropriate research should be conducted to support the development of the document, and assumptions may be made.
For the first phase of the Comprehensive Security Management Plan document, you will create an enterprise organizational chart in the first document section. A proposed security working group (WG) organization and its ties to the enterprise will be added. Finally, include a 1-page discussion of the flow of information, decision-making communication, and responsibilities of the chief security officer (CSO). Create the skeleton for the Comprehensive Security Management Plan as follows:
Table of Contents (TOC)
Use an auto-generated TOC.
This must be on a separate page.
This must be a maximum of 3 levels deep.
Be sure to update the fields of the TOC before submitting your project.
Section Headings (Create each heading on a new page with "TBD" as content, except for the sections that are listed under "New Content.")
Project Outline (Week 1)
Security Requirements (Week 1)
Security Business Requirements (Week 2)
Security Policy (Week 3)
System Design Principles (Week 4)
The Training Module (Week 5)
References