Network Security Plan Template
Introduction (one page)
Provide a clear and concise description of your network security plan in terms of the organisation’s needs. Make sure to include a brief description of the organisation, the business domain, security issues, your action plan to address the issues, and respective recommendations.
Scope (one page)
Focusing on the mission of the project, describe as clear as possible the deliverables of the plan and milestones.
Provide clear and concise statements about what the security plan is designed to achieve. Include the business and technical goals to ensure the network is protected against intruders.
Assumptions (one page)
The information provided in the case study is not comprehensive, therefore a number of factors need to be assumed. Document any assumptions you make, in preparing the plan.
Risk Analysis (14 pages)
Asset Identification and Assessment
Physical Assets
Non-Physical Assets
Risks
Individual Asset Risk Analysis
Risk Summary
Threats, Challenges and Vulnerabilities
Threats
Challenges
Vulnerabilities
Security Policies (10 pages)
Acceptable Use Policies
Email and Communications Policy
Internet and Network Access Policy
Workstation Policy
Network Security Policies
Antivirus Policy
DMZ Policy
Extranet Policy
VPN and Remote Access (Work-at-home) Security Policy
Wireless and BYOD Policy
Firewall Policy
Intrusion Detection Policy
Vulnerability Scanning Policy
Internet Policy
IP Address and Documentation Management Policy
Physical Security Policies
External Protection
Internal Protection
Personnel Policies
Visitors Policy
Employee Hiring and Termination Policy
User training Policy
Data Policies
Information Classification and Sensitivity Policy
Encryption Policy
Backup Policy
Password Management and Complexity Policy
System and Hardware Policies
Hardware Lifecycle and Disposal Policy
Workstation Policy
Switch and Router Policy
Server Security Policy
Logging Policy
Disaster Recovery and Business Continuity (five pages)
Business Impact Analysis
Insurance Consideration
Incident Response Team
Physical Safeguards
Prepared Items
Incident Response Procedures
Restoration Procedures
Forensics Considerations
Maintaining the Plan
Security Strategies and Recommended Controls (two pages)
Security Strategies
Specific recomended Controls to mitigate the risks uncovered.
Residual Risks (three pages)
List of Residual Risks - that remain after all possible (cost-effective) mitigation or treatment of risks.
Residual Risk Management Plan - estimate, describe and rate these residual risks to guide the priorities for ongoing management and monitoring of risks.
Resources (one page)
They include any type of resources like humans, communities of practice, and quality audit groups required to implement the recommendations.
Conclusion (one page)
References (one page)
No comments:
Post a Comment