Security Operations Plan: Confidential Data Protection for Institute
VerifiedAdded on 2023/04/06
|14
|2436
|65
Report
AI Summary
This assignment provides a comprehensive Security Operations Plan tailored for an educational institute in Sydney, focusing on protecting confidential student and organizational data. The plan outlines security objectives, client requirements, and organizational/legislative considerations. It details the security operations team composition, roles, and responsibilities, along with an assessment of existing security measures and proposed actions/strategies. The plan also covers resource allocation, the use of security support agencies, implementation of tactical response measures, and key performance indicators (KPIs) for measuring success. Furthermore, it includes procedures supporting the plan, such as Acceptable Use Policy (AUP), Access Control Policy (ACP), Incident Response (IR) Policy, and Business Continuity Plan (BCP). The assignment also discusses the implementation of the security operations plan, work health and safety requirements, deviations from the plan, and communication equipment used.
Running head: ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
Assignment 1 – Security Operations Plan
Name of the Student
Name of the University
Assignment 1 – Security Operations Plan
Name of the Student
Name of the University
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
2ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
Table of Contents
1. Security Operations Plan........................................................................................................3
Introduction............................................................................................................................3
A. Security Operations Objective Statement.........................................................................3
B. Client Requirements..........................................................................................................3
C. Organizational and Legislative Requirements, Operational Constraints..........................4
D. Security Operations Team Composition – Roles, Responsibilities, Functional Authority
................................................................................................................................................5
E. Assessment of the existing security measures...................................................................6
F. Actions / strategies.............................................................................................................7
G. Resources and responsibilities..........................................................................................9
H. Use of available security support agencies/ services......................................................10
I. Implementation of tactical response measures.................................................................10
J. Outcomes / performance indicators..................................................................................11
K. Procedures to support the plan........................................................................................12
2. Implement Security Operations............................................................................................13
A. Implementation of the Security Operations Plan............................................................13
B. Work, health and safety requirements.............................................................................13
C. Deviations from the plan, remedial action, impact on the security budget.....................13
D. They types of communication equipment and issues......................................................13
Conclusion............................................................................................................................14
Table of Contents
1. Security Operations Plan........................................................................................................3
Introduction............................................................................................................................3
A. Security Operations Objective Statement.........................................................................3
B. Client Requirements..........................................................................................................3
C. Organizational and Legislative Requirements, Operational Constraints..........................4
D. Security Operations Team Composition – Roles, Responsibilities, Functional Authority
................................................................................................................................................5
E. Assessment of the existing security measures...................................................................6
F. Actions / strategies.............................................................................................................7
G. Resources and responsibilities..........................................................................................9
H. Use of available security support agencies/ services......................................................10
I. Implementation of tactical response measures.................................................................10
J. Outcomes / performance indicators..................................................................................11
K. Procedures to support the plan........................................................................................12
2. Implement Security Operations............................................................................................13
A. Implementation of the Security Operations Plan............................................................13
B. Work, health and safety requirements.............................................................................13
C. Deviations from the plan, remedial action, impact on the security budget.....................13
D. They types of communication equipment and issues......................................................13
Conclusion............................................................................................................................14
3ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
References................................................................................................................................15
1. Security Operations Plan
Introduction
The paper aims to develop an effective Security Operations Plan, which offers
educational qualifications and degrees in Sydney. For this purpose, the paper will suggest the
required information security considerations for protecting the confidential information of the
concerned educational institute by means of applying a strategic plan for security.
A. Security Operations Objective Statement
The main objective of the Security Operations Plan is to establish the policies and
rules for governing the security practices and standards of the shopping Centre. It is found
that the public that generally access the shopping Centre generally faces threats which are
generally determined with the help of SWOT analysis that have higher security risk. The
risks are listed below:
Physical assault
Attacking with the help of the knife
Trespass
Theft
Verbal assault
The security plan is aimed to monitor, manage and control the operational activities in
the organization to protect the privacy and security of the company (Bauer and Bernroider,
2017). The core policies and protocols are dedicated to protect the information system by
complying with the security requirements as imposed by the academy.
References................................................................................................................................15
1. Security Operations Plan
Introduction
The paper aims to develop an effective Security Operations Plan, which offers
educational qualifications and degrees in Sydney. For this purpose, the paper will suggest the
required information security considerations for protecting the confidential information of the
concerned educational institute by means of applying a strategic plan for security.
A. Security Operations Objective Statement
The main objective of the Security Operations Plan is to establish the policies and
rules for governing the security practices and standards of the shopping Centre. It is found
that the public that generally access the shopping Centre generally faces threats which are
generally determined with the help of SWOT analysis that have higher security risk. The
risks are listed below:
Physical assault
Attacking with the help of the knife
Trespass
Theft
Verbal assault
The security plan is aimed to monitor, manage and control the operational activities in
the organization to protect the privacy and security of the company (Bauer and Bernroider,
2017). The core policies and protocols are dedicated to protect the information system by
complying with the security requirements as imposed by the academy.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
4ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
B. Client Requirements
It is identified that in order to properly carry out the security operation, the main
important factor that needs to be taken into proper consideration such that the entire shopping
cent generally requires proper implementation of the security strategies for disrupting the
capacity for the staffs of the shopping Centre for providing proper services to the customers.
The basic client requirement is to protect the personal details of the students along with the
confidential information including financial details, personal information, management, and
operational information and so on.
Apart from that, the security plan needs to protect the shopping Centre network from
external and internal security threats and vulnerability exploits (Joshi and Singh, 2017).
Moreover, the client requirements also involve a thorough, regular or occasional security
vulnerability audit and assessment, incident and risk analysis in order to ensure strong
privacy protection across the entire organizational boundary.
It is further required to establish a standardized internal control activities and policies
in order to reduce the risks identified during the vulnerability and risk assessment procedures.
Along with that, the other client requirements for security are demonstrated as follows:
i. Security awareness
ii. End user security
iii. Data protection
iv. Business continuity
v. Integration and interoperability
vi. Confidence and assurance
B. Client Requirements
It is identified that in order to properly carry out the security operation, the main
important factor that needs to be taken into proper consideration such that the entire shopping
cent generally requires proper implementation of the security strategies for disrupting the
capacity for the staffs of the shopping Centre for providing proper services to the customers.
The basic client requirement is to protect the personal details of the students along with the
confidential information including financial details, personal information, management, and
operational information and so on.
Apart from that, the security plan needs to protect the shopping Centre network from
external and internal security threats and vulnerability exploits (Joshi and Singh, 2017).
Moreover, the client requirements also involve a thorough, regular or occasional security
vulnerability audit and assessment, incident and risk analysis in order to ensure strong
privacy protection across the entire organizational boundary.
It is further required to establish a standardized internal control activities and policies
in order to reduce the risks identified during the vulnerability and risk assessment procedures.
Along with that, the other client requirements for security are demonstrated as follows:
i. Security awareness
ii. End user security
iii. Data protection
iv. Business continuity
v. Integration and interoperability
vi. Confidence and assurance
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
5ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
C. Organizational and Legislative Requirements, Operational Constraints
The guards of the shopping Centre need to carry out certain types of tasks that are
generally allocated within the security operations that are generally needed to work as various
legislative criteria within the Western Australia security as well as related activities Act 1996.
The security guards that work at the shopping Centre are generally permitted for using open
hand techniques when proper disruptive customers for leaving the building. Moreover, police
are generally called if physical efforts are generally needed for trespassing from the entire
building.
D. Security Operations Team Composition – Roles, Responsibilities, Functional
Authority
The roles, responsibilities and functional authorities of the security operations team
members are demonstrated through the diagram as follows:
Figure 1: Security Operations Team Composition
(Source: Created by the learner)
The Chief Security Officer is responsible for supervising the entire security
framework compliance in the institution. The internal team includes individual departments
C. Organizational and Legislative Requirements, Operational Constraints
The guards of the shopping Centre need to carry out certain types of tasks that are
generally allocated within the security operations that are generally needed to work as various
legislative criteria within the Western Australia security as well as related activities Act 1996.
The security guards that work at the shopping Centre are generally permitted for using open
hand techniques when proper disruptive customers for leaving the building. Moreover, police
are generally called if physical efforts are generally needed for trespassing from the entire
building.
D. Security Operations Team Composition – Roles, Responsibilities, Functional
Authority
The roles, responsibilities and functional authorities of the security operations team
members are demonstrated through the diagram as follows:
Figure 1: Security Operations Team Composition
(Source: Created by the learner)
The Chief Security Officer is responsible for supervising the entire security
framework compliance in the institution. The internal team includes individual departments
6ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
such as physical security, human resources security, communication security, legal and IT
security. They are separately responsible for monitoring the security requirements and
protection for that particular area of operation (Safa, Von Solms and Furnell, 2016). The
external team is responsible for handling the external security affairs.
E. Assessment of the existing security measures
Level 1 OR checklist:
1 The organization has a single point of contact for reporting
security threats and incidents
YES NO
2 Systems installed for two way communication between
security personnel, administrators, faculty and other staff
members
YES NO
3 Systematic communication is established with emergency
responders and law enforcements
YES NO
4 Security equipment (IP cameras, CCTV, firewalls, intrusion
detection and prevention systems) are installed in the facility
YES NO
5 Security check for unauthorized access is present YES NO
6 Staff and faculties are well trained in secure and safe
computer use
YES NO
7 A comprehensive emergency operation plan exists YES NO
8 A dedicated vulnerability/ threat assessment team (having
proper training) exists
YES NO
9 Security policies are in place for people with or without
appointments
YES NO
such as physical security, human resources security, communication security, legal and IT
security. They are separately responsible for monitoring the security requirements and
protection for that particular area of operation (Safa, Von Solms and Furnell, 2016). The
external team is responsible for handling the external security affairs.
E. Assessment of the existing security measures
Level 1 OR checklist:
1 The organization has a single point of contact for reporting
security threats and incidents
YES NO
2 Systems installed for two way communication between
security personnel, administrators, faculty and other staff
members
YES NO
3 Systematic communication is established with emergency
responders and law enforcements
YES NO
4 Security equipment (IP cameras, CCTV, firewalls, intrusion
detection and prevention systems) are installed in the facility
YES NO
5 Security check for unauthorized access is present YES NO
6 Staff and faculties are well trained in secure and safe
computer use
YES NO
7 A comprehensive emergency operation plan exists YES NO
8 A dedicated vulnerability/ threat assessment team (having
proper training) exists
YES NO
9 Security policies are in place for people with or without
appointments
YES NO
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
7ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
Level 2 OR checklist:
1 Control program for monitoring entry cards, identity cards,
visitor cards, keys and duplicates
YES NO
2 Classroom protection areas/ safe zones are ensured YES NO
3 Systematic communication is established with emergency
responders and law enforcements
YES NO
4 Proper notification procedure is established in cases of
emergency security incidents
YES NO
Table 1: Security checklist
(Source: Created by the learner)
F. Actions / strategies
The following assets are considered to be under threat
The staffs of the shopping centre
Security guards who are mainly contracted with the shopping centre
Building
Equipment as well as office infrastructure
Different belongings of the customers as well as employees
Security guards as well as employees’ vehicles within the carpark
G. Resources and responsibilities
Current resources for security operations: The existing security resources presently
being deployed by the Shopping centre security authorities are pointed out below:
i. Lock system for the server rooms
ii. Surveillance set up
Level 2 OR checklist:
1 Control program for monitoring entry cards, identity cards,
visitor cards, keys and duplicates
YES NO
2 Classroom protection areas/ safe zones are ensured YES NO
3 Systematic communication is established with emergency
responders and law enforcements
YES NO
4 Proper notification procedure is established in cases of
emergency security incidents
YES NO
Table 1: Security checklist
(Source: Created by the learner)
F. Actions / strategies
The following assets are considered to be under threat
The staffs of the shopping centre
Security guards who are mainly contracted with the shopping centre
Building
Equipment as well as office infrastructure
Different belongings of the customers as well as employees
Security guards as well as employees’ vehicles within the carpark
G. Resources and responsibilities
Current resources for security operations: The existing security resources presently
being deployed by the Shopping centre security authorities are pointed out below:
i. Lock system for the server rooms
ii. Surveillance set up
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
8ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
iii. Password protected workstations
iv. Required resources to maintain the desired security level
v. Physical security training programs
vi. Fire control and prevention systems
vii. Anti-virus and anti-malware software systems
Required resources to maintain the desired security level: The resources required in
order to maintain the desired level of protective security are demonstrated below:
i. Intrusion prevention and detection systems (IPS/ IDS)
ii. Security assessments at regular/ periodic intervals
iii. Implementation of a centralized platform to manage the overall organizational
security
iv. Efficient data backup, restoration and recovery mechanisms
v. Effective two-factor/ multi factor authentication techniques for access control
vi. Implementation of VPN or Virtual Private Network
vii. Systematic and thorough security awareness programs for all faculty, staff and
members of the institution
H. Use of available security support agencies/ services
It is possible to outsource the job of a suitable implementation of the security
framework for the organization to a third-party security service provider. Multiple security
service providers exist that offer third party services and charges for the same. Outsourcing
the responsibility of establishing security policies for the institute will essentially involve a
Service Level Agreement (SLA) (a documentation), which will be the basis of the third party
contract (Singh, Joshi and Gaud, 2016). It will include the overall duration of the contract
along with the conditions and assumptions. Apart from that, the SLA should describe in detail
iii. Password protected workstations
iv. Required resources to maintain the desired security level
v. Physical security training programs
vi. Fire control and prevention systems
vii. Anti-virus and anti-malware software systems
Required resources to maintain the desired security level: The resources required in
order to maintain the desired level of protective security are demonstrated below:
i. Intrusion prevention and detection systems (IPS/ IDS)
ii. Security assessments at regular/ periodic intervals
iii. Implementation of a centralized platform to manage the overall organizational
security
iv. Efficient data backup, restoration and recovery mechanisms
v. Effective two-factor/ multi factor authentication techniques for access control
vi. Implementation of VPN or Virtual Private Network
vii. Systematic and thorough security awareness programs for all faculty, staff and
members of the institution
H. Use of available security support agencies/ services
It is possible to outsource the job of a suitable implementation of the security
framework for the organization to a third-party security service provider. Multiple security
service providers exist that offer third party services and charges for the same. Outsourcing
the responsibility of establishing security policies for the institute will essentially involve a
Service Level Agreement (SLA) (a documentation), which will be the basis of the third party
contract (Singh, Joshi and Gaud, 2016). It will include the overall duration of the contract
along with the conditions and assumptions. Apart from that, the SLA should describe in detail
9ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
about the specific security technologies, methods and mechanism that would be provided by
the service provider (SP).
I. Implementation of tactical response measures
Identity and Access Management (IAM): It is related to the management of the user
identities and access authorizations. It defines a set of technologies to automate IAM.
Business continuity program: It addresses the unanticipated disruptions in the
services and applications of the institution. Effective recovery strategies are also
implemented.
Enterprise threat and vulnerability management: It identifies and deals with
(mitigate/ reduce) the risks and security vulnerabilities at a quick, efficient and effective
manner (Sennewald and Baillie, 2015). A central system conducts ongoing assessments.
Network Intrusion Detection and Prevention (IDP): Organization wide monitoring
of security and real time alert systems. It analyzes and filters network traffic to avoid
potentially malicious network events.
J. Outcomes / performance indicators
The following KPIs can be used for measuring the success level of objectives
achievement:
KPIs
1 Increase/ decrease in the number of security related incidents that have been
reported
2 Handling/ mitigation costs per incident
3 The total amount of time spent to resolve a specific incident
4 The total number of small security incidents
about the specific security technologies, methods and mechanism that would be provided by
the service provider (SP).
I. Implementation of tactical response measures
Identity and Access Management (IAM): It is related to the management of the user
identities and access authorizations. It defines a set of technologies to automate IAM.
Business continuity program: It addresses the unanticipated disruptions in the
services and applications of the institution. Effective recovery strategies are also
implemented.
Enterprise threat and vulnerability management: It identifies and deals with
(mitigate/ reduce) the risks and security vulnerabilities at a quick, efficient and effective
manner (Sennewald and Baillie, 2015). A central system conducts ongoing assessments.
Network Intrusion Detection and Prevention (IDP): Organization wide monitoring
of security and real time alert systems. It analyzes and filters network traffic to avoid
potentially malicious network events.
J. Outcomes / performance indicators
The following KPIs can be used for measuring the success level of objectives
achievement:
KPIs
1 Increase/ decrease in the number of security related incidents that have been
reported
2 Handling/ mitigation costs per incident
3 The total amount of time spent to resolve a specific incident
4 The total number of small security incidents
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
10ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
5 The total number of major security incidents/ events
6 Level of meeting complying with the regulatory requirements
7 Rate of recurrence of a particular security incident
8 Number of workstations/ servers being monitored
9 Number of incidents per host or device
10 Number of events/ incidents per user/ account
Table 2: KPIs to measure the success of security plan objectives
(Source: Created by the learner)
K. Procedures to support the plan
Acceptable Use Policy (AUP): It enables the users (faculty/ students/ staffs etc.) to
follow a specific set of rules, constraints and practices in terms of using and accessing the
organization’s assets (both physical (workstations, printers etc.) and non-physical assets
(corporate network/ internet) (Peltier, 2016).
Access Control Policy (ACP): Authorization in access provisioning to the users in the
institution of data and information systems. Specific access control standards and policies are
established.
Incident Response (IR) Policy: A systematic way to manage the security incidents/
events and remediate the impact to operations (Kwon, 2017). An organized approach is
followed for handling the incidents with optimal recovery cost and time.
Business Continuity Plan (BCP): Establishing coordinated efforts across the
institution with respect to backup restoration and disaster recovery plans.
5 The total number of major security incidents/ events
6 Level of meeting complying with the regulatory requirements
7 Rate of recurrence of a particular security incident
8 Number of workstations/ servers being monitored
9 Number of incidents per host or device
10 Number of events/ incidents per user/ account
Table 2: KPIs to measure the success of security plan objectives
(Source: Created by the learner)
K. Procedures to support the plan
Acceptable Use Policy (AUP): It enables the users (faculty/ students/ staffs etc.) to
follow a specific set of rules, constraints and practices in terms of using and accessing the
organization’s assets (both physical (workstations, printers etc.) and non-physical assets
(corporate network/ internet) (Peltier, 2016).
Access Control Policy (ACP): Authorization in access provisioning to the users in the
institution of data and information systems. Specific access control standards and policies are
established.
Incident Response (IR) Policy: A systematic way to manage the security incidents/
events and remediate the impact to operations (Kwon, 2017). An organized approach is
followed for handling the incidents with optimal recovery cost and time.
Business Continuity Plan (BCP): Establishing coordinated efforts across the
institution with respect to backup restoration and disaster recovery plans.
Paraphrase This Document
Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser
11ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
2. Implement Security Operations
A. Implementation of the Security Operations Plan
A thorough estimation and calculation of the required time and budget were
performed using specialized tools and software (Gantt chart. MS Project etc) to predict the
total time required to implement the plan. Next, an appropriate budget estimation has been
performed. Dedicated team members executed allocation of resources in accordance with the
individual tasks / activities (Ortmeier, 2017). In other words, a security team was built to
undertake the entire agenda of security operations plan implementation.
B. Work, health and safety requirements
Health and safety inspection checklists have been developed that were monitored by
safety inspectors. In addition to that, a dedicated health and safety policy documentation have
been prepared for the institution’s faculty, staff, students and other members associated with
the institute (Kuypers, Maillart and Pate-Cornell, 2016). Safety committees are built and
basic contingency plan is developed.
C. Deviations from the plan, remedial action, impact on the security budget
There were no major deviations from the security plan which cloud potentially affect
the security budget. However, the deployment of DLP (data loss/ prevention) tools required
some extended amount of time due to some initial errors and mistakes. Nevertheless, it did
not have any major impact of the budget. However, the time for DLP was stretched for a few
days and as a result, the estimated timeline extended for few days.
D. They types of communication equipment and issues
The various types of communication equipment being used at the work site essentially
include weekly meetings, email and instant messaging software, audio and video
2. Implement Security Operations
A. Implementation of the Security Operations Plan
A thorough estimation and calculation of the required time and budget were
performed using specialized tools and software (Gantt chart. MS Project etc) to predict the
total time required to implement the plan. Next, an appropriate budget estimation has been
performed. Dedicated team members executed allocation of resources in accordance with the
individual tasks / activities (Ortmeier, 2017). In other words, a security team was built to
undertake the entire agenda of security operations plan implementation.
B. Work, health and safety requirements
Health and safety inspection checklists have been developed that were monitored by
safety inspectors. In addition to that, a dedicated health and safety policy documentation have
been prepared for the institution’s faculty, staff, students and other members associated with
the institute (Kuypers, Maillart and Pate-Cornell, 2016). Safety committees are built and
basic contingency plan is developed.
C. Deviations from the plan, remedial action, impact on the security budget
There were no major deviations from the security plan which cloud potentially affect
the security budget. However, the deployment of DLP (data loss/ prevention) tools required
some extended amount of time due to some initial errors and mistakes. Nevertheless, it did
not have any major impact of the budget. However, the time for DLP was stretched for a few
days and as a result, the estimated timeline extended for few days.
D. They types of communication equipment and issues
The various types of communication equipment being used at the work site essentially
include weekly meetings, email and instant messaging software, audio and video
12ASSIGNMENT 1 – SECURITY OPERATIONS PLAN
conferencing components, phone calls, texts, face to face interviews, power point
presentations, voice mails, daily stand up meetings, surveys, questionnaires and so on.
There were some initial difficulties in terms of ensuring high level, effective and
smooth two way communication across the hierarchy of the security operations team
(Fennelly, 2016). However, with some time taken to become settled with the method of two
way communication, it is fairly easy to establish a smooth flow of communication channel
across the team chart.
Conclusion
It can be concluded that the security operations requirements of Shopping centre have
been thoroughly considered in this report in order to present a comprehensive and effective
operations plan to establish proper security policies to adopt by the institute. It is highly
essential to follow a dedicated security plan to ensure adequate privacy and security
protection from anticipated threats and vulnerabilities exploits from both external and internal
sources/ entities.
conferencing components, phone calls, texts, face to face interviews, power point
presentations, voice mails, daily stand up meetings, surveys, questionnaires and so on.
There were some initial difficulties in terms of ensuring high level, effective and
smooth two way communication across the hierarchy of the security operations team
(Fennelly, 2016). However, with some time taken to become settled with the method of two
way communication, it is fairly easy to establish a smooth flow of communication channel
across the team chart.
Conclusion
It can be concluded that the security operations requirements of Shopping centre have
been thoroughly considered in this report in order to present a comprehensive and effective
operations plan to establish proper security policies to adopt by the institute. It is highly
essential to follow a dedicated security plan to ensure adequate privacy and security
protection from anticipated threats and vulnerabilities exploits from both external and internal
sources/ entities.
⊘ This is a preview!⊘
Do you want full access?
Subscribe today to unlock all pages.
Trusted by 1+ million students worldwide
1 out of 14
Related Documents
Your All-in-One AI-Powered Toolkit for Academic Success.
+13062052269
info@desklib.com
Available 24*7 on WhatsApp / Email
![[object Object]](/_next/static/media/star-bottom.7253800d.svg)
Unlock your academic potential
Copyright © 2020–2025 A2Z Services. All Rights Reserved. Developed and managed by ZUCOL.