- Security Concept of Operations
-
System Security Plan
- System Maintenance Plan
- Contingency/Incident Response
- Software Development Plan (for in-house development shops)
Plan Development: Step-by-Step
- Discovery: Companies with audited processes (e.g. ISO, CMMI, etc. can leverage this investment.)
- Planning: Grow cyber security capabilities along with the company’s organic growth.
- Tooling: Establish baseline tools, then grow as needed along with the adoption of the plan’s fiscal year goals.
The System Security Plan adopts a framework suitable to your company, determines trade-offs, and lays out a budget-sensible timeline for strengthening your security posture.
Where the Security Concept of Operations lays out the “As-Is” posture in the context of your operations, in the System Security Plan we help you select a suitable framework to implement over a budget-sensible timeline.
A cyber framework is a suite of “best practices.” But many organizations find some of these practices do not fit with operational requirements. A well-developed plan reaches “behind” the best practice to understand the risk being controlled. And then a “tailored” control is derived from the framework control which can be implemented successfully, and controls the same risks.
We will then map out – over a budget-sensible timeline – the path from the “As-Is” to the “To-Be” – a mature, yet executable Security Plan which fits the operational needs of the organization.
(Click on the upper right menu to learn about the Operational and Technical Perspectives.)