Security management policy will contain following security policy related steps;
- Security Policy Creation
- Security Policy Implementation
- Security Policy Enforcement
every organization have some strategy, goals, mission and objectives. Security management planning will align security function with these. While creating a security plan there are things we should be aware and have limited resources to use.
We will have mainly following restrictions while planning security.
- Personnel Requirements
- Organization Culture
- Technical Infrastructure
If we want to get the maximum gain from our security planning we should be aware of the previously defined restrictions.
During the plan creation phase there are some tricks to make our security plan successful. One of them is using right implementation flow. Security planning is a work where all security related roles should involve in a proper manner. In this example we will divide the layers 4 but can be changed according to needs
- Chief Security Officer and Senior Management
- This level personnel should define policies for the organization
- Middle Management
- This level should create standards, baselines, guidelines and procedures according to policy of organization
- Operational Managers and Security Professionals
- This level should implement configuration and technical details of the security management
- End Users
- This level should comply with the provides security policies
Security plans binds the work into date. This is very important for the implementation. There is mainly 3 type of plans those have connected each other. Below we provides the time based relation of these plans.
Strategic plan is defined for long-term and it does not change generally. It is more obsolete and provides organization security purpose. For example it can be defined for 5 years. Strategic plan should include risk assessment.
Tatical is defined for midterm. It is bind by strategic plan and provides more details. Tactical plan may be defined for 1year period. Here a list of tactical plans
- Project Plans
- Acquisition Plans
- Hiring Plan
- Budget Plans
- Maintenance Plans
- Support Plans
- System Development Plans
Operational plan is very detailed plan which provides technical details about the word. It must be aligned with both strategic and tactical plan. It generally provides step by step details. Followings are examples about operational plans. Operational plans must be documented for effectiveness.
- Training Plans
- System Deployment Plans
- Product Design Plans