Name_CS654_IP4

.docx

School

Colorado Technical University *

*We aren’t endorsed by this school

Course

654

Subject

Information Systems

Date

May 9, 2024

Type

docx

Pages

22

Uploaded by ConstableMetal16747 on coursehero.com

Security Management Plan 1 CS654 – Security Management Security Management Plan – IP4 First & Last Name 11/06/2023
Security Management Plan 2 Table of Contents 1 PROJECT OUTLINE (WEEK 1) ............................................................................................................ 4 2 SECURITY REQUIREMENTS (WEEK 1) ............................................................................................... 6 2.1 R ISK A SSESSMENT .............................................................................................................................. 6 2.2 P OLICIES AND P ROCEDURES .................................................................................................................. 7 2.3 A CCESS C ONTROL ............................................................................................................................... 7 2.4 S ECURITY A WARENESS T RAINING ........................................................................................................... 7 2.5 I NCIDENT R ESPONSE P LAN ................................................................................................................... 7 2.6 D ATA B ACKUP AND R ECOVERY .............................................................................................................. 7 2.7 V ENDOR M ANAGEMENT ...................................................................................................................... 8 2.8 R EGULAR A SSESSMENTS AND U PDATES ................................................................................................... 8 2.9 I NCIDENT R EPORTING AND C OMMUNICATION .......................................................................................... 8 2.10 C ONTINUOUS M ONITORING AND I MPROVEMENT ...................................................................................... 8 3 SECURITY BUSINESS REQUIREMENTS (WEEK 2) ............................................................................. 10 3.1 CMMI O VERVIEW ........................................................................................................................... 10 3.2 T HE P ROCESS - I MPLEMENTATION ....................................................................................................... 11 4 SECURITY POLICY (WEEK 3) ........................................................................................................... 14 4.1 A CCESS C ONTROLS ........................................................................................................................... 15 4.2 A UTHENTICATION AND A UTHORIZATION ................................................................................................ 15 4.3 N ETWORK S ECURITY ......................................................................................................................... 15 4.4 P HYSICAL S ECURITY ........................................................................................................................... 15 4.5 D ATA P ROTECTION ........................................................................................................................... 15 4.6 I NCIDENT R ESPONSE ......................................................................................................................... 16
Security Management Plan 3 4.7 S ECURITY M ONITORING ..................................................................................................................... 16 4.8 E DUCATION AND T RAINING ................................................................................................................ 16 5 SYSTEM DESIGN PRINCIPLES (WEEK 4) ........................................................................................... 18 5.1 P RINCIPLES OF D EFENSE IN D EPTH ....................................................................................................... 18 5.2 P RINCIPLE OF L EAST P RIVILEGE ............................................................................................................ 18 5.3 P RINCIPLE OF S EPARATION OF D UTIES .................................................................................................. 19 5.4 P RINCIPLE OF R ISK A SSESSMENT .......................................................................................................... 19 5.5 P RINCIPLE OF C ONTINUOUS M ONITORING ............................................................................................. 19 6 THE TRAINING MODULE (WEEK 5) ................................................................................................. 21 REFERENCES ........................................................................................................................................ 22
Security Management Plan 4 1 Project Outline (Week 1) For this comprehensive security management plan, the selected organization is a hypothetical home health care provider, Collins Home Health Care. Collins Home Health Care is a large organization providing home health care services to homebound patients across the state of Louisiana, Mississippi, and Alabama. The organization provides a range of services including physical therapy, nursing care, and home health aides. Collins Home Health Care currently have 500 employees, including nurses, physical therapists, home health aides, administrative staff, and an information technology group. Collins Home Health Care has a large network of healthcare providers, including hospitals, clinics, and social services organizations, as well as a network of home health care providers throughout the southern area. Collins Home Health Care is a complex organization that requires a comprehensive security management plan to ensure the security of its employees, patients, and data. Collins Home Health Care is committed to protecting the safety and security of its patients, employees, and data. The organization has identified the need to develop and implement a comprehensive security management plan to ensure the security of its operations and data. Collins Home Health Care is committed to developing a comprehensive security management plan that will address all aspects of security, including physical security, information security, and personnel security. The organization's security management plan will be designed to protect the safety and security of its employees, patients, and data. The organization has identified the need to develop and implement a comprehensive security
Security Management Plan 5 management plan that will address the Collins Home Health Care security concerns and the propose needs and changes to ensure the security of its operations and data. Collins Home Health Care will use this Comprehensive Security Management Plan to assess its security concerns, develop and implement an effective security management plan, and ensure the safety and security of its employees, patients, and data.
Security Management Plan 6 2 Security Requirements (Week 1) Within this security management plan, a comprehensive strategy that outlines Collins Home Health Care approach to identifying, assessing, and mitigating cybersecurity risks will be developed. This plan will assist with establishing guidelines, policies, and procedures to protect the organization information and assets from potential threats. The Security Management Plan will include a corporate organizational chart to illustrate the structure of the organization and the roles and responsibilities of each team or department. This will help to identify any potential security risks and ensure that security responsibilities are clearly defined. In addition to that, the security management plan will include the creation of a Working Group (WG) structure, which will be added to the existing corporate organizational chart. The WG structure will be responsible for developing and implementing the security plan. The WG will be composed of representatives from each department, including IT, human resources, and operations. The security management plan will include a memo discussing communication flows. This memo will outline the communication pathways and protocols for information sharing between departments and teams. The memo will identify who is responsible for information sharing, how information is shared, and the security protocols that must be followed. In addition to that, during the development of this plan the following key components will be considered: 2.1 Risk Assessment A thorough assessment of Collins Home Health Care’s information systems will be conducted to identify potential vulnerabilities, threats, and risks. This includes identifying sensitive data, assessing the impact of potential security breaches, and evaluating existing security controls.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help