Course Project: Security Plan Document should contain the following components.

  • Purpose (policy statement)
  • Risk assessment
  • Control activities (are you using firewalls with access rules, and do you have an intrusion prevention system [IPS] or intrusion detection system [IDS]?)
  • Organization of information security (roles and responsibilities)
  • Accountability of assets (who is responsible for what?)
  • Communications
  • Incident response team
  • Incident response process