Security Plan Implementation

To implement a security plan for an organization, one key step is to set up a security organizational structure with clearly defined roles and responsibilities for all members (ProserveIT, 2017). Clear roles and responsibilities will make sure that owners are accountable. Some of the key elements of a robust security organization structure require proper reporting lines, explicit security roles and responsibilities, setting up a security steering committee, executive level involvement to outline commitment to enterprise information security, coordination of information security activities across different departments of an enterprise, and contacts with appropriate authorities (2017).

Another important step of implementing enterprise security plan is to define and monitor right set of security metrics (ProServeIT, 2017). Security metrics will help in gauging the effectiveness of security processes and improve further. Ill-conceived security metrics can be deceiving and lead to false sense of security. Some of the attributes of good security metrics are:

1. Accurately captures the security status of organization

2. Measures if existing security levels are sufficient or not

3. Provide evidence of supporting business goals

4. Helps in making well-informed security decisions (2017)

Awareness and training of all employees across the enterprise will help in reducing the information security risk (CBRN, 2015). In the initial step, knowledge gaps need to be identified followed by training plan to improve the overall information security landscape. Trainings can be offered online to help employees in completing at their own pace (2015).

Lastly, periodic annual third-party security audits can help in determining the effectiveness of security plan and also pivotal in performing vulnerability assessment (Evans, 2016). Assessment can include automated scanning tools and penetration tests to identify weakness of network, systems and applications. External audits can use ISO27001 criteria to gauge the effectiveness of security plan (2016)

References:

Evans, M. (2016). Roadmap to implementing a successful information security program. Retrieved from https://www.barradvisory.com/roadmap-to-implementing-a-successful-information-security-program/

CBRN (2015). How to implement security controls for an information security program at CBRN facilities. Retrieved from https://www.pnnl.gov/main/publications/external/technical_reports/PNNL-25112.pdf

ProserveIT (2017). 5 Tips to build comprehensive information security plan. Retrieved from http://www.proserveit.com/5-tips-information-security-plan/