Cyber Security Plan – Basics

  • Security Concept of Operations
  • System Security Plan

  • System Maintenance Plan
  • Contingency/Incident Response
  • Software Development Plan (for in-house development shops)

Plan Development: Step-by-Step

  • Discovery: Companies with audited processes (e.g. ISO, CMMI, etc. can leverage this investment.)
  • Planning: Grow cyber security capabilities along with the company’s organic growth.
  • Tooling: Establish baseline tools, then grow as needed along with the adoption of the plan’s fiscal year goals.

The System Security Plan adopts a framework suitable to your company, determines trade-offs, and lays out a budget-sensible timeline for strengthening your security posture.

Where the Security Concept of Operations lays out the “As-Is” posture in the context of your operations, in the System Security Plan we help you select a suitable framework to implement over a budget-sensible timeline.

A cyber framework is a suite of “best practices.”  But many organizations find some of these practices do not fit with operational requirements.  A well-developed plan reaches “behind” the best practice to understand the risk being controlled.  And then a “tailored” control is derived from the framework control which can be implemented successfully, and controls the same risks.

We will then map out – over a budget-sensible timeline – the path from the “As-Is” to the “To-Be” – a mature, yet executable Security Plan which fits the operational needs of the organization.

(Click on the upper right menu to learn about the Operational and Technical Perspectives.)

Request Consultation