Developing a Security Plan

Developinga Security Plan


Developinga Security Plan

Securityplan is a very essential part of an organization. It is impossible todevelop a security plan until the planner performs a full riskassessment. Security planning includes implementing controls anddeveloping security policies to avoid risks from happening.Organizations differ from another. Hence, each needs to plan policiesand create them centered upon the organization’s specific securityneeds and goals. The types of plans that can be used when developinga security plan include:

BasicRisk Assessment

Riskassessment is an important when developing a security plan. Thereshould be no plan of action that ought to be effected beforeperforming a risk assessment. The risk assessment offers a startingpoint for engaging security plans to protect the organization againstvarious threats (Ortmeier, 2013).

Firstly,the planning team should identify the assets of the organization(both physical and nonphysical assets such as personnel passwords anddata integrity). Secondly, the planning team should identify thepotential risks to the assets. Afterwards, the team of plannersshould identify the types of possible threats and their methods ofattack (Giles, 2010).

ProactiveSecurity Planning

Afterassessing an organization’s risk, the next phase is proactiveplanning. This stage entails developing security controls andpolicies, techniques to help in security and the implementing tools.An organization can achieve proactive security planning throughdeveloping security controls and policies such as password policies.

ReactiveSecurity Planning

Thepurpose of reactive planning is to get the organization back to itsnormal state of operations in the shortest time possible in case adisaster occurs. An organization can achieve its goal of remainingsecure from threats and prepared for potential risks by having a wellthought and efficient security plans (Ortmeier, 2013).


Giles,T. (2010). Howto develop and implement a security master plan.Boca Raton: CRC Press/Taylor &amp Francis.

Ortmeier,P.J. (2013). Introductionto security: Operations and management (4th ed.).Upper Saddle River, NJ: Pearson Education.