Module 04 Content
- Based on your work developing a Risk Mitigation Plan, you will be ready to draft a Risk Management Security Plan for management, proposing specific tools and policies for implementation. Your plan should include specific proposals for monitoring, control and reporting and six security policies that would safeguard your organization.
Objectives
- Develop a Risk Management Security Plan
- Research industry policies as a basis for developing risk management policies
- Requirements
Your Risk Management Security Plan should include the following:1. Introduction (brief background and overview)
2. Purpose of the Risk Management Security Plan (rationale for this document)
3. Risk Monitoring, Controlling, and Reporting
- Monitoring: What security tools do you need to implement to monitor your organization? Provide at least three examples and an explanation of why you chose them.
- Controlling: What levels of password management, user access, and elevated privileges (i.e., domain) need to be implemented at XYZ Corporation. Provide details and explanations for your decisions?
- Reporting: What reporting capacity do you have implemented based on adoption of your monitoring tools?
- 4. Policies
Research various ISO, SANS, COBIT or NIST policies and use these as a basis for drafting and customizing six
policies that address the concerns of XYZ after the malware incident. Be sure to provide the details of each
policy and to cite your research with links in APA format. - SANS Security Resources
- ISO
- NIST
- COBIT
