In: Accounting
The steps to creating an information security plan would be in which of the following sequences?
Identify threats, identify risks, design controls, incorporate controls into an enterprise-wide plan, Set forth policies |
||
Set forth policy, design controls, identify risks, identify threats, incorporate controls into an enterprise-wide plan |
1. To develop any plan there must be policies and procedures. So the first step to create an information security plan would be to set forth policy.
2. Then next step is to identify risks to assess what level of security is needed to protect information assets.
3. Identify threats which can exploit the vulnerability in information system and cause significant risk.
4. After identifying risks and threats, it is appropriate to design controls because not all risks are major and it will not be cost effective to implement expensive control processes for minor risks.
5. After designing controls, we must implement them in our enterprise. So the next step would be to incorporate controls into an enterprise wide plan.
Hence the sequence of steps to create an information security policy would be :
Set forth Policy, Identify risks, Identify threats, design controls, incorporate controls into an enterprise wide plan.