Guideline on Developing a Departmental Security Plan
Long description for image: 20010-01-eng.jpg
Figure 1 - Process of Developing a Departmental Security Plan (DSP)
The image illustrates a process for developing a DSP that is described in the guideline. The image portrays three activities that are part of the process for developing a departmental security plan. The first activity is entitled "communication and consultation". The second activity is entitled "security risk management". The third activity is entitled "preparing a DSP". The three activities are connected by two-way arrows to demonstrate that they are interrelated. The third activity entitled "preparing a DSP" is connected by a one-way arrow to the first activity entitled "communication" demonstrating that continuous feedback is part of the process.
The second activity entitled "security risk management" is divided into sub-components which are portrayed in four boxes.
The first box, entitled "setting the context" contains five bullets:
- Business Context
- Organizational Context
- Security Context
- Approach to developing the DSP
- Approach to security risk management
The second box, entitled "security risk assessment" contains three bullets:
- Risk identification
- Risk analysis
- Risk evaluation
The third box, entitled "security risk assessment" contains six bullets:
- Security risk treatment decisions
- Security control objectives
- Security controls
- Performance indicators
- Gap analysis
- Priorities
The fourth box, entitled "security risk treatment" contains four bullets:
- Implementation strategy
- Monitoring
- Reporting
- Update