Elements and Performance Criteria
- Identify counter-measures
- Review documented risks and threats and validate management decisions on acceptable and unacceptable risks.
- Determine treatment options and countermeasures to reduce the likelihood of occurrence or consequences of the risk.
- Propose treatments which include continuity plans where appropriate.
- Propose treatments which match the level and type of risk and importance of the function or resource.
- Conduct a cost-benefit analysis to determine countermeasures.
- Consult stakeholders on the cost-benefit analysis and determine and submit countermeasures for prioritising.
- Develop security plan
- Prepare a security plan containing explanatory information on the importance of security and the organisation’s security objectives in achieving corporate and business objectives.
- Summarise the threat assessments undertaken, current exposure and current protective security arrangements in the plan.
- Outline security strategies for implementing, monitoring and evaluating countermeasures.
- Include timeframes and security budget for implementing countermeasures including assigned responsibilities and methodologies to be used.
- Submit security plan for approval and communicate to stakeholders.
- Identify counter-measures
- Review documented risks and threats and validate management decisions on acceptable and unacceptable risks.
- Determine treatment options and countermeasures to reduce the likelihood of occurrence or consequences of the risk.
- Propose treatments which include continuity plans where appropriate.
- Propose treatments which match the level and type of risk and importance of the function or resource.
- Conduct a cost-benefit analysis to determine countermeasures.
- Consult stakeholders on the cost-benefit analysis and determine and submit countermeasures for prioritising.
- Develop security plan
- Prepare a security plan containing explanatory information on the importance of security and the organisation’s security objectives in achieving corporate and business objectives.
- Summarise the threat assessments undertaken, current exposure and current protective security arrangements in the plan.
- Outline security strategies for implementing, monitoring and evaluating countermeasures.
- Include timeframes and security budget for implementing countermeasures including assigned responsibilities and methodologies to be used.
- Submit security plan for approval and communicate to stakeholders.