Chapter4_SecurityPlanning

To develop a marketing strategy

To establish policies, standards, and practices

To hire more employees

To create a budget for security

Business continuity plans

Disaster recovery planning

Incident response planning

Employee training programs

Be properly disseminated and understood

Be ignored by employees

Be expensive to implement

Be written in legal jargon

De jure standards

Informal standards

De facto standards

Operational standards

To enforce laws

To conduct security audits

To draft all security policies

To manage policy effectiveness

Intrusion Detection System (IDS)

Proxy Server

Cache Server

Firewall

No personal items on desks

All documents to be shredded

Classified information to be stored securely

Employees to work from home

Training employees

Identifying and responding to incidents

Preventing all incidents

Creating marketing strategies

A site with limited services

A temporary office space

A fully configured facility ready for use

A site with no equipment

To reduce costs

To improve employee awareness and skills

To create more policies

To hire new staff