Security management

General Instruction

Assignment

Comprehensive Security Management Plan

The first task in this process will be to select an organization or identify a hypothetical organization to use as the basis of the projects. Next, you will create the shell document for the final project deliverable that will be worked on during each unit. While you proceed through each project phase, content will be added for each section of the document to gradually complete the final project. Appropriate research should be conducted to support the development of the document, and assumptions may be made.

• Use Word
• Title Page 
  • Course number and name
  • Project name
  • Your name
  • Date 
• Table of Contents (TOC) 
  • Use an auto-generated TOC.
  • This must be on a separate page.
  • This must be a maximum of 3 levels deep.
  • Be sure to update the fields of the TOC before submitting your project. 
• Section Headings (Create each heading on a new page with "TBD" as content, except for the sections that are listed under "New Content.") 
  • Project Outline (Week 1)
  • Security Requirements (Week 1)
  • Security Business Requirements (Week 2)
  • Security Policy (Week 3)
  • System Design Principles (Week 4)
  • The Training Module (Week 5) 
• References 

Week 1: Instructions

For the first phase of the Comprehensive Security Management Plan document, you will create an enterprise organizational chart in the first document section. A proposed security working group (WG) organization and its ties to the enterprise will be added. Finally, include a 1-page discussion of the flow of information, decision-making communication, and responsibilities of the chief security officer (CSO). Create the skeleton for the Comprehensive Security Management Plan as follows:

Content

The project deliverables are the following:

Week 1: Project Outline and Security Requirements 

-Include a brief description of the real or hypothetical organization in which the Comprehensive Security Management Plan will be implemented. 

-Include the company's size, location(s), and other pertinent information

-Discussion of the enterprise security management responsibilities implemented as a service with contributions from roles throughout the enterprise using the WG model applied to the project

-A definition of roles and responsibilities for management of security using the WG model applied to the project

-An understanding of communication flows with the WG model with application to the project 

-Corporate organizational chart

-WG structure and ties added to corporate organizational chart

-Memo discussing communication flows with WG

Week 2: Instructions

This second section will be 2–3 pages to assess security business requirements. After a summary of the capability maturity model integration (CMMI), the process area (PA) of the CMMI model that is considered to have the highest importance to the project security requirements will be identified and defended. The PA, its goals, the specific practices, and the generic practices will be part of the justification.

Content

The project deliverables are the following:

Week 2: Security Business Requirements

-Description of existing organization and what it already has in place for a security architecture 

-Summarize the CMMI.

-Identify and defend the PA of the CMMI model for your chosen organization. 

-The PA, its goals, the specific practices, and the generic practices will be part of the justification. 

Week 3: Instructions

Continue development of the Comprehensive Security Management Plan by adding a section reviewing the security policy. Create a list of each section in the security policy. Some sections in the list are business security requirements that can be decomposed first to more refined requirements and later to detailed security policies in the Security Policy document. This decomposition should be included in the list. These detailed policies do not need to be written, but referenced or indicated as a policy that needs to be written. 

Content

The project deliverables are the following:

Week 3: Security Policy Content and Risk

-An overview of the content that should exist in security policy, security standards, security procedures, other related security documentation, access control, risk assessment

-List each section of the security policy. 

Include decompositions of business security requirements into policies in this list. 

For example, a business security requirement for authenticated access might map to policies for log-in access and policies for file access. 

Week 4: Instructions

You will complete theKey Assignment First Draft. A section to the Comprehensive Security Management Plan will be added to review at least 5 security design principles and their references. The relevance of these principles will be related to the security project. 

Content

The project deliverables are the following:

Week 4: System Design Principles

-Relate security design principles to their proposed system changes 

-List at least 5 security design principles and their references. 

-Specific principles should be related to the overall project

-Make sure that the principles are summarized, referenced, and applied to a security issue for the project.

Week 5: Instructions

A summary of 3–5 pages for the Security Training module section of the Comprehensive Security Management Plan will be included as the final section.

The final step in developing the Comprehensive Security Management Plan is to define a training module. Begin by defining all roles (management, developers, administrators, clerical, etc.) that have security training and awareness needs. Then, suggest a list of courses and workshops. With the list of roles and list of courses and workshops, create a cross-reference in the form of a matrix that includes all the training needs. In 3–5 pages for the training module, include the list of roles, courses with detailed information, and the training matrix. 

Content

The project deliverables are the following:

Week 5: The Training Module

-Analyze previous submissions, and make changes as necessary to the final paper to be prepared this week.

-Continue development of the Comprehensive Security Management Plan with a training module for explaining the roles and security training and behavioral needs for each. 

-Define a training module.

-Include a list of roles (developers, administrators, clerical, etc.).

-Include a list of courses and workshops.

-Include a cross-reference matrix of training.