Send me a Quote
Information Type: Sample Format - Just answer the questions honestly and fill in the Blanks.
NSP - Strawman Network Security Plan
This document is very detailed and when completed will provide a complete Network Security Plan your company information security. For obvious reasons "Complete with Purchase" has been inserted in most of the document.
1. General Information:
2. Scope and Applicability:
3. Objective:
4. Personnel Assignments:
5. Protection Requirements:
6. Risk Analysis Guidance:
7. Security Test & Evaluation Guidance:
|
a. Facility Name/Address. |
|||||
|
b. Complete with purchase |
|||||
|
c. Complete with purchase |
|||||
|
d. Complete with purchase |
|||||
|
e. Complete with purchase |
|||||
|
(1) Applicable laws... |
|||||
|
(2) Complete with purchase |
|||||
|
(3) Complete with purchase |
|||||
|
f. Network Identification: |
|||||
|
(1) Complete with purchase |
|||||
|
(2) Complete with purchase |
|||||
|
(3) Complete with purchase |
|||||
|
(a) Complete with purchase |
|||||
|
(b) Complete with purchase |
|||||
|
(4) System operational status. |
|||||
|
(a) Complete with purchase |
|||||
|
(b) Complete with purchase |
|||||
|
(c) Complete with purchase |
|||||
|
(5) Network inventory. |
|||||
|
(a) Description of the network. |
|||||
|
(b) Complete with purchase |
|||||
|
(c) Complete with purchase |
|||||
|
(d) Identification of designated points of demarcation between networks. |
|||||
|
(e) Hardware components. |
|||||
|
1. Complete with purchase |
|||||
|
2. Network nodes. |
|||||
|
3. User nodes. |
|||||
|
4. Complete with purchase |
|||||
|
5. Complete with purchase |
|||||
|
6. Complete with purchase |
|||||
|
a. Complete with purchase |
|||||
|
b. Complete with purchase |
|||||
|
c. Complete with purchase |
|||||
|
7. Complete with purchase |
|||||
|
(f) Software components. |
|||||
|
1. Protocols used. |
|||||
|
2. Complete with purchase |
|||||
|
3. Complete with purchase |
|||||
|
4. Complete with purchase |
|||||
|
5. Complete with purchase |
|||||
|
(6) Network configuration. This paragraph provides a network configuration description. |
|||||
|
(7) Complete with purchase |
|||||
|
(8) Physical location. |
|||||
|
(a) Complete with purchase |
|||||
|
(b) Complete with purchase |
|||||
|
a. Who will use the network? |
|
|
b. State if the plan will be used for life-cycle security procedures. |
3. Objective: Explain the planned... Complete with purchase
|
a. Designated Approving Authority. |
|
|
b. Complete with purchase |
|
|
c. Complete with purchase |
|
|
d. Complete with purchase |
|
|
e. Complete with purchase |
|
|
f. Complete with purchase |
|
|
g. Complete with purchase |
|
|
h. Complete with purchase |
|
a. Applicable Guidance. |
|||
|
b. Personnel Security. |
|||
|
(1) Describe... Complete with purchase |
|||
|
(2) Outline... Complete with purchase |
|||
|
c. Physical Security. |
|||
|
(1) Complete with purchase |
|||
|
(a) Describe... Complete with purchase |
|||
|
(b) Describe... Complete with purchase |
|||
|
(2) Complete with purchase |
|||
|
d. Telecommunication Security: |
|||
|
(1) Complete with purchase |
|||
|
(2) WEMSEC Security. Complete with purchase |
|||
|
(3) Complete with purchase |
|||
|
e. Administrative Security. |
|||
|
(1) Complete with purchase |
|||
|
(2) Complete with purchase |
|||
|
(3) Configuration Management Procedures. Describe the procedures for maintaining configuration control. |
|||
|
(4) Complete with purchase |
|||
|
(5) User Authorization Procedures. Complete with purchase |
|||
|
(6) Complete with purchase |
|||
|
(7) Complete with purchase |
|||
|
(8) User responsibilities. Describe training available to the users of the network to increase their network security awareness. |
|||
|
(9) Information Security. Describe procedures for handling classified information and for the destruction of classified data. |
|||
|
(10) Node responsibilities. Describe the minimum security a node must meet before it will be allowed connection to the network. |
|||
|
f. Hardware and Software Security. |
|||
|
(1) User access Control Describe... Complete with purchase Describe... Complete with purchase Describe... Complete with purchase Describe the methods used to... Complete with purchase |
|||
|
(2) Need-to-know... Complete with purchase |
|||
|
(3) Discretionary/mandatory access controls. Describe... Complete with purchase Describe... Complete with purchase Describe... Complete with purchase. Identify the security level of all interconnected subnetworks. Describe the features provided by... Complete with purchase |
|||
|
(4) Audit and monitoring function. Describe the... Complete with purchase Describe... Complete with purchase |
|||
|
g. Operational Controls. Describe the operational controls used to provide the following: |
|||
|
(1) Complete with purchase |
|||
|
(2) Complete with purchase |
|||
|
(3) Emergency, backup, and contingency planning |
|||
|
(4) Complete with purchase |
|||
|
(5) Application software maintenance controls. |
|||
|
(6) Documentation. |
|||
|
h. Security Control Measures for... Complete with purchase |
|||
|
(1) Development/implementation controls. |
|||
|
(a) Complete with purchase |
|||
|
(b) Complete with purchase |
|||
|
(c) Certification. |
|||
|
(2) Technical Controls. |
|||
|
(a) User identification and authentication. |
|||
|
(b) Authorization/access controls. |
|||
|
(c) Complete with purchase |
|||
|
(d) Complete with purchase |
|||
|
(e) Complete with purchase |
|||
|
(3) Complete with purchase |
|||
|
i. Security Awareness and Training. |
|||
6. Risk Analysis Guidance: Include guidelines for performing the risk analysis; for example, scope of the risk analysis, list any assumption or constraints and include criteria each system or user must meet to connect to the network.
7. Security Test & Evaluation Guidance: Include guidelines for performing the ST&E; for example, the scope for the ST&E requirements to test against.
8. Additional Comments:
File Owner: Jim Tracy
Organization: INTEK
Phone: (314) 596-8750
E-mail: jimt@intek.net
Date Last Reviewed: May 2010
For
the "Do it yourself folks" get the "Complete
Security Planning Package". Get all three templates ready for your
Information Technology experts to fill-in the blanks and answer the
questions. Network Security Plan, Risk Analysis Assessment and Security
Test and Evaluation,- $1,250.00 - Purchase any one template for $500.00
each.