Develop Security Management Plan and Risk Management Plan

Develop a 15-20 page Security Management and Risk Management Plan about an organization of your choosing. Your report should be double-spaced and the page length requirement is exclusive of the title page, table of contents, and references. For your research and analysis, you should identify seven (7) to ten (10) significant articles/sources relevant to your subject organization and identify and assess security management elements and risks for that type of organization. Be sure to carefully cite (using correct APA 6th edition) all sources of information in your report. The analysis will be conducted using only publicly available information (e.g., information obtainable on the Internet (using a browser), company reports, news reports, journal articles, etc.). Your security management elements and risk analysis should consider legitimate, known security issues and threats that pertain to the subject organization.

NIST provides relevant information on security management and risk management. For example, refer to NIST Special Publication 800-30, Risk Management Guide for Information Technology Systems.



Write a 15-20 page Security Management and Risk Management Plan in which you:

  1. Select a Subject Organization: Follow these guidelines:
    1. You may have no connection to the company or its employees (no insider information). All the information you collect must be readily available for anyone to access.
    2. You should pick a company or organization that has sufficient publicly available information to support a reasonable security management plan and risk management plan, particularly including security issue, threat, and vulnerability identification.
  1. Develop Subject Organization Information: Examples of relevant information includes:
    1. Company/Organization name and location
    2. Company/Organization industry and purpose (i.e., the nature of its business)
    3. Company/Organization profile (financial information, standing in its industry, reputation)
    4. Identification of relevant aspects of the company/organization’s computing and network infrastructure, as determined by publicly available information.
  1. Security Management Elements and Risk Analysis
    1. In conducting your analysis, focus on identifying the security management elements and the threats and vulnerabilities faced by your subject organization.
    2. Based on the security elements, threats, and vulnerabilities you identify, next determine both the appropriate security management elements for your organization and the risk analysis and risk mitigation methods for the organization.
  1. Prepare a Security Management and Risk Management Plan
    1. Develop a 15-20 page Security Management and Risk Management Plan about an organization of your choosing.
    2. Incorporate into your plan the information gathered during your research and in the previous steps.
    3. The report should be prepared using APA Style. All sources of information should be indicated via in-line citations and include a list of references.