question 1
Briefly discuss the types of plans that can be used when developing a security plan. Provide at least three examples specifically detailing how the plan types discussed have been utilized for security planning.
Your response should be a minimum of 200 words in length.
Expert Answer
For a perfect security plan there are 3 main plans which can be used which are :-
- Proactive plan
- Reactive plan
- Contingency plan
Before doing security planning we need to develop a security strategy in which we need to study about all the assets. The risk assessment step will include all the assets you want to protect, their value and most important risk with each asset. The main process will include:-
- Identify assets (physical or non-physical items)
- Identify risks to the assets
- Identify type of threat and method of attack
Example:- Types of plans that can be used when developing a security plan in an organization
- Proactive Planning:- It involves the development of the security policies and control. Implementation of tools and techniques to aid in the security to protect the assets. Proactive planning is mainly used in the organizations to protect assets by preventing employee mistake and external attacks. Security policies includes e-mail policies, password policies, internet policies and most important backup and restore policies.
Proactive planning has been utilized for security planning in the following manner:
- Secure access, date and secure code for valuable assets for every employee.
- Technologies to secure network connectivity.
- Detection tools.
- Technologies to keep the system running in case of failure.
- Reactive Planning:– Reactive plan is very important for every organization to protect its valued assets and it needs to be implement when proactive plans have failed. The main goal of reactive planning is to get the business back to normal operations as soon as possible.
- Contingency Planning:- It is an attractive plan that can be use in case of disaster. This plan should be developed when there will be some attack on assets that causes some damage to data, stopping normal business operations and hampers the productivity. This plan requires time to restore the data. The mail goal of contingency plan is to maintain the availability, integrity, and confidentiality of valued assets.
- Move productivity to another site.
- Implement disaster recovery plan
- Contact to clients, vendors and other consultants
- Keep staff up to date with current contingency steps