Develop a Security Plan Recommendation Memorandum

APA format

2 source min

3 pages

With your new security plan written, you will need to develop a business case for it to include in the memo to the CTO. Using your knowledge of your organization’s security posture from Step 1 and your understanding of applicable security model features, make the case for changes to your organization. Include the rationale for change and any impacts to the business. Also include an implementation plan. Describe the present situation in your organization and the associated risks assumed given the security weaknesses. The work you do in this step will become the first of three sections of the three-page memo in Step 14

Next, detail the security model attributes that best apply to your organization. Identify the model, if any, from which the attributes are derived and why the attribute applies to your organization. The work you do in this step will become the second section of the memo in Step 14.

Finally, give your best judgment on the potential to improve the security posture of your organization when your recommendations are implemented. You will need to evaluate the pros and cons of implementation in relation to CIA. Discuss the risks and impacts to include a high-level assessment of financials. Consider how business continuity and continued alignment will be maintained. The work you do in this step will become the third section of the memo in Step 14.

Compile the analyses completed in Steps 11, 12, and 13 into a memorandum from you to your supervisor. This memo should be three pages, excluding Appendices A and B, and should clearly articulate the business case for adopting features from the reviewed security models. It should include the following:

• a description of the security model attributes
• an assessment of the weaknesses in your organization that the security features will address
• your rationale for selecting the specific security attributes and your prognosis of success, noting risks and impacts to include a high-level assessment of financials
• the policies and procedures that will need to be in place for the security plan to work
• the infrastructure that will need to be in place for the security program to operate and to align with each entity within the organization
• a plan for evaluating the security plan’s effectiveness

Update the appendices according to the feedback received. Submit the memorandum along with Appendices A and B.

Before you submit your assignment, review the competencies below, which your instructor will use to evaluate your work. A good practice would be to use each competency as a self-check to confirm you have incorporated all of them in your work.

• 5.1: Define and appropriately use basic cybersecurity concepts and terminology.
• 6.2: Create an information security program and strategy, and maintain their alignment.
• 7.3: Evaluate enterprise cybersecurity policy.
• 9.2: Rank the vulnerabilities of a system from a disaster-management perspective.