Management and Cyber Security

Apr 1, 2020    | #CSOL  

The purpose of the Information System Security Plan (ISSP) is to help the business determine the ideal path for achieving their business objectives. It outlines the responsibilities and accepted behavior of all individuals who access the system. The system security plan should be regarded as documentation of the structured process of planning adequate, cost- e!ective security protection for a system (Swanson, Hash, & Bowen, 2006). It is vital to have active involvement and commitment of management for consistent integration of ISSP within the overall organization’s business strategy to increase ISSP success. From a professional and ethical perspective, the ISSP needs to balance the business needs along with the security of the organization.

I chose to include my final project as my artifact because, in the project, I developed an ISSP for a fictitious company to demonstrate my understanding of ISSP. The project can be accessed from the below link.

Project PDF place-holder

Reflection

The purpose of the ISSP is to provide a good understanding of risks, threats, and vulnerabilities that exists in the organizations and bring the importance of the system security to all levels of the organization, especially to the executive management so they can define the acceptable risk levels of the company.

The ISSP is a living document that is updated regularly to accommodate the changing environment, and the business needs to align the security controls accordingly. It defines a clear separation of duties through roles and responsibilities. The information owner plays a vital role in ISSP by providing the security requirements about who has access to the system and what privileges or access rights are needed.

The ISSP exposes the business risk levels through risk identification and assessment and defines the risk management process so that executives can make it part of their corporate strategy by implementing comprehensive plans, policies, and procedures outlined in the ISSP.

The knowledge I gained from this course will help me regularly evaulate the latest threats and update the business policies and procedures to help strengthen the company’s security posture.

References

• Swanson, M., Hash, J., & Bowen, P. (2006, February). Guide for developing security plans for federal information systems. Retrieved from https://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication8 00-18r1.pdf

Mangement and Cyber Security Related Links

• Contingency planning guide for federal information systems
• Cybersecurity Supply/Demand Heat Map
• Guide for developing security plans for federal information systems
• Pros and cons of outsourcing your cyber security: In-house, MSSP, or Virtual SOC
• [Protecting controlled unclassified information in nonfederal systems and organizations