Scribd Logo
Upload

Welcome to Scribd!

  • The Information Security Blueprint

    Uploaded by

    Anusha K
    614 views1 page
    The document discusses developing an information security blueprint for an organization. It begins by explaining that an information security team conducts risk assessments and analyzes threats to identify vulnerabilities. This informs the development of a security blueprint which specifies tasks and their order to comprehensively implement security programs, controls, policies and meet current and future needs through a scalable and upgradable plan. It also notes that published security frameworks can provide a methodology to develop the blueprint by outlining design and implementation steps.

    Original Description:

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    The document discusses developing an information security blueprint for an organization. It begins by explaining that an information security team conducts risk assessments and analyzes threats to identify vulnerabilities. This informs the development of a security blueprint which specifies tasks and their order to comprehensively implement security programs, controls, policies and meet current and future needs through a scalable and upgradable plan. It also notes that published security frameworks can provide a methodology to develop the blueprint by outlining design and implementation steps.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    614 views1 page

    The Information Security Blueprint

    Uploaded by

    Anusha K
    The document discusses developing an information security blueprint for an organization. It begins by explaining that an information security team conducts risk assessments and analyzes threats to identify vulnerabilities. This informs the development of a security blueprint which specifies tasks and their order to comprehensively implement security programs, controls, policies and meet current and future needs through a scalable and upgradable plan. It also notes that published security frameworks can provide a methodology to develop the blueprint by outlining design and implementation steps.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    Download as docx, pdf, or txt
    of 1

    The Information Security Blueprint

    Introduction
    Once an organization has developed its information security policies and standards, the
    information security community can begin developing the blueprint for the information security program.
    If one or more components of polices, standards or practices have not been completed, management must
    determine whether or not to nonetheless proceed with the development of the blueprint.
    After the information security team has inventoried the organization’s information assets and
    assessed and prioritized the threats to those assets, it must conduct a series of risk assessments using
    quantitative or qualitative analysis as well as feasibility studies and cost benefit analyses. These
    assessments which include determining each assets current protection level are used to decide whether or
    not to proceed with any given control. Armed with a general idea of the vulnerabilities in the information
    technology systems of the organization, the security team develops a design blueprint for security, which
    is used to implement the security program.
    Security Blueprint
    The security blueprint is the basis for the design, selection and implementation of all security
    program elements including policy implementation, ongoing policy management, risk management
    programs, education and training programs, technical controls and maintenance of the security program.
    The security blueprint built on top of the organizations information security policies is scalable,
    upgradable, comprehensive plan to meet the organizations current and future information security needs.
    It is a detailed version of the security framework, which is an outline of the overall information security
    strategy for the organization. The blueprint specifies the tasks and the order in which they are to be
    accomplished.
    Framework
    To select a methodology in which to develop an information security blueprint, you can adapt or
    adopt a published information security model or framework. This framework can outline steps to take to
    design and implement information security in the organization. There are a number of published
    information security frameworks, including ones for the government sources.

    You might also like