EA3 artifact SP-2: Security Plan
The Security Plan provides both high-level and detailed descriptions of the security program that is in effect throughout the enterprise. This includes physical, data, personnel, and operational security elements and procedures.
Chapter 11 in Bernard’s book provides additional detail on Security Plans.
- Introduction
- Purpose of the IT Security Program
- Principles of IT Security
- Critical Success Factors
- Intended Outcomes
- Performance Measures
- Policy
- Executive Guidance
- Technical Guidance
- Applicable Law and Regulations
- Standards
- Reporting Requirements
- IT Security Program Roles and Responsibilities
- IT Security Program Schedule and Milestones
- IT Security Incident Reporting
- Concept of Operations
- IT Security Threat Summary
- IT Security Risk Mitigation
- Integration with Enterprise Architecture
- Component/System Security Plans
- Security Program Elements
- Information Security
- Personnel Security
- Operational Security
- Physical Security
- Standard Operating Procedures
- Test and Evaluation
- Risk Assessment
- Certification and Accreditation
- Disaster Recovery/Continuity of Operations
- Records Protection and Archiving
- Data Privacy