IWC s Infosec Annual Plan


IWC's Infosec Annual Plan

The ISSO must also develop an InfoSec Annual Plan (IAP) to support the IWC ISSSP and ITP. The plan must include goals, objectives, and projects that will support the goals and objectives of IWC's Annual Business Plan.

IWC's InfoSec Annual Plan (IAP) is to be used to identify and implement projects to accomplish the goals and objectives as stated in the ISSSP and ITP.

Remember, the InfoSec Program requires the following:

  • Project management techniques;

  • Gantt charts (Schedule);

  • Identified beginning date for each project;

  • Identified ending date for each project;

  • An objective for each project;

  • Costs tracking and budget; and

  • Identification of the responsible project lead.

InfoSec Annual Plan Projects

The initial and major project of the IWC ISSO's first IAP is to begin to identify the current IWC InfoSec environment. In order to gain an understanding of the current IWC environment, culture, and philosophy, the following projects are to be established:

  1. Project Title: IWC InfoSec Organization

    • Project Lead: ISSO

    • Objective: Establish a CIAPP support organization.

    • Start Date: January 1, 2003

    • End Date: July 1, 2003

  2. Project Title: CIAPP Policies and Procedures Review

    • Project Lead: ISSO

    • Objective: Identify and review all CIAPP-related IWC documentation, and establish a process to ensure applicability and currency.

    • Start Date: February 1, 2003

    • End Date: April 1, 2003

  3. Project Title: InfoSec Team

    • Project Lead: ISSO

    • Objective: Establish an IWC CIAPP Working Group to assist in establishing and supporting an InfoSec program.

    • Start Date: January 1, 2003

    • End Date: February 1, 2003

  4. Project Title: IWC Proprietary Process Protection

    • Project Lead: InfoSec Organization Systems Security Engineer

    • Objective: Identification, assessment, and protection of IWC proprietary processes.

    • Start Date: April 15, 2003

    • End Date: September 1, 2003

  5. Project Title: InfoSec Organizational Functions

    • Project Lead: ISSO

    • Objective: Identify and establish InfoSec organizational functions and their associated processes and work instructions.

    • Start Date: January 15, 2003

    • End Date: July 1, 2003

  6. Project Title: InfoSec Support to IT Changes

    • Project Lead: InfoSec Organization Systems Security Engineer

    • Objective: Establish a process to provide service and support to integrate InfoSec as changes are made in the IT environment.

      click to expand
      Figure 6.4: Mapping of IAP projects to the IWC Annual Business Plan.

    • Start Date: March 15, 2003

    • End Date: October 1, 2003

Mapping the IWC IAP to the IWC Annual Business Plan

As was previously shown, mapping the IWC CIAPP and the InfoSec Annual Plan to the IWC Annual Business Plan can be easily accomplished. However, in this case, the IWC Annual Plan objectives were not indicated or used to map the IAP. [3]

Writing the InfoSec Annual Plan

As noted earlier, writing of the plans must follow the IWC format. The IWC IAP is no exception, and the following format is required:

  1. Executive Summary

  2. Table of Contents

  3. Introduction

  4. InfoSec Annual Goals

  5. InfoSec Projects

  6. How the InfoSec Projects Support IWC's Annual Plan Goals

  7. Mapping Charts

  8. Conclusion

[3]The reader probably understands this process by now and can easily use this mapping method.




The Information Systems Security Officer's Guide. Establishing and Managing an Information Protection Program
The Information Systems Security Officers Guide: Establishing and Managing an Information Protection Program
ISBN: 0750698969
EAN: 2147483647
Year: 2002
Pages: 204

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net