EnterpriseSecurity
SecurityProNews
ITmanagement







Ensuring Your Enterprise Has Security On The Internet

By Craig Borysowich
Expert Author
Article Date: 2009-05-27

A plan to ensure the security of the organization's internet computing assets.

Contents

Organization and Administration

· Responsibilities

An indication of how security is to be administered. It identifies the organizations and individuals responsible for maintaining, monitoring and approving the Internet Security Plan. Describes how these responsibilities fit in with other security organizations in the enterprise, and what is expected of each organization.

· Security Procedures

Include such things as references to the enterprise security policy, the procedures for each organizational area, the access procedures, emergency procedures and contacts.

Technical

· Security Goals

An overview of the level of security to be achieved and the priorities for protection.

· Security Architecture

The architecture specifies the products, tools, and techniques used within the technical architecture to provide security. This may be a reference to the Internet Architecture Blueprint.

· Security Operations

Describes the details of any procedures (e.g., systems administration for user sign-ons and passwords, provision and maintenance of encryption keys, virus protection and security alerts) required to effect the security. This part of the deliverable must be secure since it contains sensitive material.

Audit Program

· Security Audit

Describes an audit program to monitor compliance with the plan and for ongoing threat assessment. Defines the frequency of the audits, how they are to be conducted and who is to be informed of the results.

Size and Format

Indicate the individuals and organizations responsible for internet security in one to two pages and include a table to summarize. Describe the procedures in one or two pages each. Use diagrams to document the architecture and highlight any critical features in one or two paragraphs. Describe the operations as concisely as possible, five to 10 pages. Use one to two pages to describe the audit program.

Comments
About the Author:
Craig Borysowich has over 18 years of Technology Consulting experience with both public and private sector clients, including ten years in Project Leadership roles. His extensive background in working with large scale, high-profile systems integration and development projects that span throughout a customer’s organization allows him to help consulting organizations world-wide to deliver better quality projects more consistently.

Newsletter Archive | Submit Article | Advertising Information | About Us | Contact

EnterpriseSecurityNews is an iEntry, Inc.® publication © All Rights Reserved Privacy Policy and Legal