Question

Implementation, Operations, and Monitoring / Enterprise Security Strategy Plan

Instructions: In NO LESS than 400 words, answer the following question.

Regarding the implementation of a security plan, this can be anything from the organizational change management aspects (users) or the technical implementation (information technology staff),Select 2 key areas to either engage in the normal, everyday operations of a security team, or 2 key areas to monitor, and why.

Describe and evaluate each key area. 200 words requirement for each.

Answer 1

Enterprise Security Strategic Plan sets priorities for management, control, and protection of the states information assets. Strong executive commitment and support are crucial to the implementation of this plan.

2 key areas to either engage in the normal everyday operations of a security team.

1. If the security team is active and is working in sync then it’s a good idea to look how the security team can improve the organizational security . If they make security part of their responsibility and can measure their security performance. They will be able to see how organization move forward due to their effort and security provided by them.

This starts with a mindset that must be reinforced by the security team as it affects the security process.

1. The security team must take their work as a process of daily workflow. It will be good to provide regular and basic security training of the entire team. This can be like a quick security course for the security team members. The security team need to set daily tasks and goals which will keep them active and in sync to work in a better way.

2 Key areas to monitor

The monitoring program of the future is focused on risks to the business. This change is an outgrowth of executive and often board level involvement to set the tone and priorities around enterprise risk.

Alignment : Alignment of the whole security team, horizontally and vertically, around top business risks

Data : Data collected by security team should support business event detection rather than technology event detection as they are working to smoothly conduct of business.

Analytics : Analytics to transform from a indicator driven approach to pattern detection approach. This means analysis should be made to detect error and faults in the security team process and to rectify it.