Network Security Plan

For this assignment, you will create 2 additional sections for the Network Security Plan document.

First, you will create a 2–3 page section in the plan to list all of the policies that you would have for your organization and a brief description of what each policy will contain. After the risks have been identified within an organization, you must devise a plan that will provide the best possible protection without significantly impacting daily operations. Then, you must write and implement written policies that will inform everyone within the organization what can and cannot be done while they are connected to the Internet. Written polices need to adhere to the following guidelines:

• No more than 2 pages

• Clearly identified rules

• Clearly identified punishments if rules are not followed.

• A way to monitor the network for violations of the policy.

The following are the first task’s deliverables:

• Update previous sections based upon your peers’ and instructor’s feedback

• Update the table of contents.

• Update date on the cover page.

Security Policies Section

• Identify what written polices need to be created for your organization.

• For each policy, you will address how you plan to monitor the policy.

• For each policy, you will provide what you feel the appropriate punishment should be for violators. These punishments must be able to be enforceable, not just a threat.

• For each policy, you will identify a timetable for when each policy should be reviewed and updated and who will do the review.

The second task this week is to prepare for how you would handle an incident. It is best to have a thorough, rehearsed plan to be prepared for a potential incident. This will help to limit the damage and it will help recovery afterward. You will create an Incident Response section of 2–3 pages that includes the actions that need to occur when an incident is in progress.

The following are the second task’s deliverables:

Incident Response Section

• Identify the process of how your organization will identify an incident.

• Identify the process for classifying the incident.

◦ What are the criteria for each classification within the organization?

• Identify what the response will be for each classification identified.

• Identify a general plan to recover from the incident.

• Identify a process for evaluating the incident response plan after each incident has been mitigated.

Discuss how the incident response plan will be tested and updated.

The final step in developing the network security plan is to define how the plan that you have developed will be implemented within the organization. Implementing security controls and adding security devices can be a complex process that will affect every aspect of the organization. A detailed plan that phases in controls and new devices—and has a backup plan for any problems—will greatly increase the success rate of implementing a network security plan.

• For this assignment, you will add a detailed implementation plan of 4–5 pages, which will describe your proposed solution for the implementation of a network security plan in your organization.

• Finally, you will refine the Network Security Plan document to produce the final draft version. Updates may be based upon peer and instructor feedback.

The project deliverables are the following:

• Update the Network Security Plan with a new date.

• Update the previously completed sections based upon your peers’ and instructor’s feedback.

• Implementation Plan

◦ Develop a plan to implement the security controls and policies that you identified in previous sections.

◦ Develop a plan to implement new security devices and modify existing security devices that are required to monitor the network and the polices that were created or updated.

◦ Describe how these controls, policies, and security devices have addressed the key security areas of confidentiality, integrity, authentication, authorization, and nonrepudiation cryptographic services.

• Network Security Plan

◦ Revise the entire document, and make any necessary changes and improvements.

Ensure that the final version is sufficiently detailed to allow the organization to confidently move forward with the implementation of the security controls and devices based upon your recommendations.