- What security policies/procedures will be followed?
- Who is responsible for security oversight?
- What any physical access controls will be used and how facilities will be secured?
- What electronic access controls at the hardware, networking, operating system, and application levels?
- What levels of access are to be provided to project staff, users, and others?
- What Internet usage policies that you will have, and how will you enforce your usage policies?
- What types of vulnerabilities and attacks you anticipate?
- How breaches or suspicious incidents will be handled?
- What will you do to minimize the damage caused by a security breach?
- What security-related training to be provided?
- What security-related tools that you will use?
- How you will ensure compliance with security plans, policies, and procedures?
- How you will integrate your security plans with any that the customer may already have?
- How you will coordinate your security plans with any external organizations or third parties?
- How often security will be reviewed and plans updated?
ApproachesWhen security is addressed in the Technical Approach, it is usually in the context of the particular aspect of the solution being discussed. When security is addressed in the Management Plan, the emphasis is generally on contingency plans and security roles and responsibilities.
Physical security and information security are sometimes treated as completely separate disciplines, and sometimes they’re addressed together. Which approach to take, and whether to emphasize one or the other, will depend on the nature of the project and the priorities of the client.
StrategiesWhat’s the cost of not having adequate security? It can be calculated…