Comprehensive Security Management Plan

8534 Words35 Pages
Colorado Technical University Comprehensive Security Management Plan for Colorado History Individual Project 5 By
Roy A. Kelly II
Colorado Springs, Colorado
December 22, 2012

Table of Contents Project Outline 4 Security Requirements 5 Organizational Chart (Colorado Historical Society, 2012) 5 Proposed Security Working Group 6 Security Business Requirements 9 Capability Maturity Model Integration (CMMI) 9 Capability Levels 11 Base Practices 11 Procedures to review 12 Security Policy 19 Why We Need Security Policies 19 Security Policy Table 19 System Design Principles 22 Open Design 22 Securing the Weakest Link 23 Defense in Depth 23 Failing Securely 24 Least Privilege 25
…show more content…
Communication between the SWG and the organization shall include the following as a minimum: * Quarterly “State of Risk” report and address, * Quarterly Risk Assessments, * Monthly informal briefings on security support of our business processes, * Coordination of sales campaigns and key events, * Post campaign assessments that identify and define successes and failures, * Assess new technologies and practices to enhance security, and then make recommendations. * Track security incidents and reported suspicious activities and look for patterns, then share with the organization on a regular basis.
The Chief Security Officer (CSO) has the following responsibilities: * Chair the SWG and lead weekly meetings * Give the Quarterly “State of Risk” address * Develop and update necessary security policies * Ensure that all incidents are reported and the root cause is investigated * Ensure that risk assessments are performed as required. * Ensure that all cost-effective risk is mitigated. * Limit our exposure to legal liability. * Work with the CEO and Board of Directors to ensure that our activities have security built-in rather than added on.

Security Business Requirements
Capability Maturity Model Integration (CMMI)
The process for generating security
Get Access