PLANNING

FOR
SECURITY
GROUP 6
Planning for security refers to understanding your
regulatory requirements, your geographical
limitations, and the sensitivity of the data you are
managing.
When you are planning your implementation, an
important part of your plan is security. By planning
for a secure implementation, you avoid known
vulnerabilities.
 The two major
categories to plan for
are data in transit and
data at rest.
•Secure communications(data in transit)
Plan how your business requirements and
environment affect your approach to
securing communications between the
components of the system. Balance security
with ease of use and performance.
•Secure communications(data in transit)
Plan how your business requirements and
environment affect your approach to
securing communications between the
components of the system. Balance security
with ease of use and performance.

•Secure data storage(data at rest)

Plan how your business requirements and
environment affect your approach to
securing data at rest. Consider the
performance implications of encryption and
balance them with the enhanced security.
 Why is planning
important in security?
Security planning is a critical function for almost all
modern businesses. Through the planning process,
security teams identify what types of risk could
impact their company's assets, dictating which assets
need protection and what countermeasures would be
most effective.
POINTERS YOU NEED TO ASK
IN PLANNING FOR SECURITY!
Pointers you need to ask in planning for security!

What needs to be secure?

Pointers you need to ask in planning for security!

What needs to be secure?

Who is responsible for it?

Pointers you need to ask in planning for security!

What needs to be secure?

Who is responsible for it?

What technical/non-technical controls should be deployed?

Pointers you need to ask in planning for security!

What needs to be secure?

Who is responsible for it?

What technical/non-technical controls should be deployed?

How are people supported to do what they need to do?

Pointers you need to ask in planning for security!

What needs to be secure?

Who is responsible for it?

What technical/non-technical controls should be deployed?

How are people supported to do what they need to do?

What is something goes wrong?
Pointers you need to ask in planning for security!

What needs to be secure?

Who is responsible for it?

What technical/non-technical controls should be deployed?

How are people supported to do what they need to do?

What is something goes wrong?

Response and recovery

Accountability and consequences
For most security professionals, data privacy and
governance make up the primary area of
responsibility. In addition, most
information security plans address these three
components:
For most security professionals, data privacy and governance make up the
primary area of responsibility. In addition, most information security plans
address these three components:
 For most security professionals, data privacy and governance make up the
primary area of responsibility. In addition, most information security plans
address these three components:

 Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.
 For most security professionals, data privacy and governance make up the
primary area of responsibility. In addition, most information security plans
address these three components:

 Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.

 Assets: To accurately determine the security risk associated with corporate

data and develop appropriate handling policies, information needs to be
organized and categorized.
 For most security professionals, data privacy and governance make up the
primary area of responsibility. In addition, most information security plans
address these three components:

 Screening: Screening people who have access to your firm’s data reduces
the risk that they will use it maliciously or unknowingly create issues. Look
for prior security problems and previous records during the hiring process.

 Assets: To accurately determine the security risk associated with corporate

data and develop appropriate handling policies, information needs to be
organized and categorized.
 Policy: Developing a companywide policy helps create an overarching
strategy and a core for the IT security strategy.
Steps to Create an Information Security Plan

01 02
Form a Security Team Assess System Security
Risks, Threats and
Vulnerabilities

03 04 05
Identify Current Perform Cyber Risk Perform Third-Party
Safeguards Assessment Risk Assessment
 Steps to Create an Information Security Plan

06 07
Classify and Manage Identify Applicable
Data Assets Regulatory Standards

08 09 10
Create a Compliance Develop Incident Train and Test
Strategy Management and Disaster Employees
Recovery Programs
Thank you!