Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/eddulnbw/gradesgroom.com/wp-content/plugins/revslider/includes/operations.class.php on line 2851

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/eddulnbw/gradesgroom.com/wp-content/plugins/revslider/includes/operations.class.php on line 2855

Warning: "continue" targeting switch is equivalent to "break". Did you mean to use "continue 2"? in /home/eddulnbw/gradesgroom.com/wp-content/plugins/revslider/includes/output.class.php on line 3708
Security Plans » GradesGroom
This essay has been submitted by a student. This is not an example of the work written by professional essay writers.
Uncategorized

Security Plans

dennis koome 23 Apr 2024

Pssst… we can write an original essay just for you.

Any subject. Any type of essay. We’ll even meet a 3-hour deadline.

GET YOUR PRICE

writers online

 

 

 

 

 

 

 

Security Plans

 

 

Course Name

Student’s Name

Date

Table of Contents

  1. Purpose of a Security Plan…. 1
  2. Example of a Security Plan….. 1
  3. Importance of a Security Plan…. 2
  4. Security Plan Best Practices…. 3
  5. WKU Plan Critique…. 4
  6. MTU Plan Critique…. 4

 

Security Plans

Purpose of a Security Plan

A security plan stipulates the methodology, accountabilities, and resources applicable to managing protective security threats. An information security plan refers to the safeguarding measures done to protect the organization’s data and resources. The purpose of a security plan is to provide measures that can make substantial efforts to uphold the confidentiality and security of an organization’s accessible data and resources. Security plans also ensure that the organization is protected against anticipated risks that threaten the integrity of acquired data and information and is also protected against unauthorized access to classified information that could harm or expose the organization’s clients. Information security plans provide mechanisms that identify, assess, manage and control risks that may threaten acquired data, information, and resources maintained by the organization. A good security plan also allows for mechanisms that can implement and review the plan, adjusting it accordingly to reflect technological changes and mitigate any threats that may affect the sensitivity of covered data, resources, and information. Information security plans are designed to protect critical data and resources from risks that may inhibit the continuity of business and, in turn, maximize investment returns, thus creating more business opportunities. A security plan ensures that all controls are established and improved with arising necessity to ensure that the organization’s business objectives are met as per the security guidelines policies.

Example of a Security Plan

The objective of creating an information security plan for a secretarial college would be to develop and implement the policies in safeguarding clients’ personal data information on various administration, physical and technical levels. This plan will evaluate the methods of organizational collection, accessing, storing, transmitting, using, protecting, and disposing of our clients’ data and information. The purpose of the security plan is to ensure that the clients’ information is safeguarded by upholding client confidentiality. This security plan will also ensure that the students’ information will be protected from any underlying threats or risks and any unauthorized access that could result in customer harm or inconvenience. This security plan’s action plan is to identify any unforeseeable internal or external risks that could harm the retention of clients’ information in the organization’s system. The security plan is also set to assess the potential damage that the threats could make, bearing in mind the students’ personal information’s sensitive nature. Following the plan, there should be sufficient evidence showing whether the existing policies are still viable or need readjusting to maximize control over risks. The action steps will include appointing specific people for each department to hold responsibilities for implementing the plan, training new employees, and testing of controls and safeguards of the plan. Other departments will also be responsible for evaluating the current service providers’ ability to comply with the security plan and adjust the plan as deemed suitable to the organization’s needs.

Importance of security plans

The ultimate objective of creating a security plan is to ensure a contingency policy that will implement and enforce all the guidelines. A strategic security plan ensures that an organization’s position is maintained in mitigating, assessing, transferring, accepting, or avoiding risk. Threats or risks that may affect an organization may include compromised security systems caused by unauthorized personnel breaches. Data interception and the compromise of data integrity during transmission are also imminent threats to customer information. Data also lost physically in a disaster, or the corruption of files by introducing errors in a system also poses risks to organizational trade secrets and information.

Furthermore, unauthorized access to sensitive data and information through requests, hardcopy reports by foreign personnel may lead to integrity loss of information, and relevant resources. The unsanctioned distribution and transfer of data, information, and resources through unknown parties also pose potential threats and risks. Established security planning strategies help the organizations sufficiently protect the integrity, confidentiality, and accessibility of data and information. The importance of safeguarding client confidentiality ensures that the organization’s business is maintained.

Security Plan Best Practices

An organization’s information security plan should include establishing a secure system that integrates all staff members into security protocols to avoid incidences of misdemeanors about information security. Controls should be developed that ensure systems safeguard all assets and information, and their implementation should account for a reduction in loss and higher accountability measures.  Detective controls ensure that errors are identified when they occur. Proper training and recruitment of personnel should be done, ensuring that their verification is thoroughly vetted. Also, periodic account and transaction details are monitored to ensure that all errors are identified. Confidentiality of all clients’ information and personal data should be of utmost importance. Besides, preventative measures like credit checks, data authorization signatures should be integrated into an organization to ensure that it has all the right information.  Disposal of materials that could expose covered data should be done properly, and newbies also trained on the same. Organizations should ensure that various tasks in handling confidential matters are specified in their departments to make easier contingency measures or narrow down accountability for potential risks. A controlled environment helps coordinators of the departments ensure that they assess the risks involved, develop countermeasures to deal with arising cases, and duly train new staff. Should there be an understandable occurrence of an error, corrective controls like spotlighting the error and resolving it to ensure that such problems do not occur ever again. A specific team should be made responsible for preventing such occurrences.

WKU Plan Critique

WKU plan entails a series of strategies set to protect the integrity of their clients’ information adequately. However, their plan has several shortcomings that do not account for several aspects that may incur huge losses or sensitive data breaches. For instance, the plan does not account for power outages that may cause an insurmountable amount of damage to electronic data. Due to power surges, brownouts and blackouts, sensitive information may be lost, inaccessible or even breached if not sufficiently mitigated. The plan does not include ways in which losses that arise out of disruptions power can be mitigated. The plan also fails to look at ways of disposal of hardware like hard drives containing customers’ critical information. The security plan should integrate measures like investing in power protection devices to protect against any potential power disruptions. Since hard drives are prone to be engineered if found in knowledgeable hands, the organization can develop a system that completely codes the hard drive to ensure that no third party finds footing in the information.

MTU Critique

The MTU information security plan offers a comprehensive overview of the contingency measures that it prepares to protect the sensitive data of both students and other staff members. However, the plan fails to place into consideration several parts that entail information security. Although the plan adequately covers the disposal of sensitive information, the hardware and software measures of disposal seem to be lacking in certain ways. The disposal of hard drives is insufficient as the information contained can still be accessed even when a new system has been installed. Besides, malware mitigation is not adequately discussed in the plan as these would lead to huge losses if cryptic malware gets into the university’s system. The plan only discusses mitigation for backup measures for physical damage but does not provide a protective measure for dealing with unforeseen dealings. For instance, power losses can significantly damage if electronic devices have protective gear and software. For instance, contingency measures that can be employed are engaging service providers that ensure they provide contingency measures that enable the maintenance of security protocols. Besides, experts’ further engagement is needed to come with codes that cannot be overridden by third parties who have malicious intentions. Employees should also be thoroughly vetted to ensure that they do not bring in malware that can corrupt student files. Finally, measures like employing power protecting devices can be employed to ensure that electronic storages and their information are safeguarded from sudden power cuts.

References

Wku.edu. 2020. [online] Available at: <https://www.wku.edu/policies/docs/index.php?policy=79> [Accessed 30 October 2020].

Mtu.edu. 2020. [online] Available at: <https://www.mtu.edu/it/security/policies-procedures-guidelines/information-security-plan.pdf> [Accessed 30 October 2020].

 

  Remember! This is just a sample.

Save time and get your custom paper from our expert writers

 Get started in just 3 minutes
 Sit back relax and leave the writing to us
 Sources and citations are provided
 100% Plagiarism free
GET CUSTOM ESSAY
Copyright © 2016
error: Content is protected !!
×
Hi, my name is Jenn 👋

In case you can’t find a sample example, our professional writers are ready to help you with writing your own paper. All you need to do is fill out a short form and submit an order

Check Out the Form
Need Help?
Dont be shy to ask