Security Planning

• Involves the development of detailed plans which describe the tasks that must be completed in order to ensure that an engineering solution is designed and built in a secure manner.
• Includes a broad view of the security risks facing a proposed engineering solution
• Provides a method for engineering teams to take prompt action to reduce exposure to the identified risks.

There are many types of security plans. One type of security plan is an Information Security Plan. A typical InfoSec Security Plan might include provisions for:

1. Intruder deterrence, to include (but not limited to):

• Firewalls
• Virus protection tools and mechanisms
• Strengthening of wireless network security controls
• Ensuring that all computer systems are configured to be updated automatically
• Ongoing user education and policies

2. Theft prevention, to include (but not limited to):

• Laptop computer and mobile device security
• Security marking and asset inventory
• Storing servers in secure, lockable rooms
• Security locks for desktop and laptop computers

3. Disaster prevention, to include (but not limited to):

• More frequent backups with offsite storage
• Ensuring backup of users’ local data
• Offsite backup of critical, paper-based, documents
• Regularly testing backup mechanisms

4. Internal security and confidentiality, to include (but not limited to):

• Implementation of a strong password policy and user education
• Deployment of secure printing solutions
• Security policies for filing cabinets and handling of confidential documents