As the CISO of a health care facility you are tasked with using the information from the artifacts developed in the previous weeks, as well as the NewTab Project Profile, to complete the following:
- Evaluate the requirements for a strategic plan.
- Create a strategic plan for the information security program supporting the organization’s business objectives.
- Develop a financial model for the investments needed to support the information security program in alignment with the strategic plan.
Part A: Strategic Plan
Create a 3- to 4-page information security strategic plan that includes the following components:
- Purpose of the strategic plan
- Major components in the information security organization, including the following:
- Security management
- Security governance, compliance, and policies
- Risk management
- Security operations center (SOC), including SIEM capabilities
- Required information security personnel for each component
- Recommended initiatives for improving the health care organization’s information security posture based on the POA&M from the Wk 2 – Security Assessment Plan assignment, including the following:
- Mitigation actions
- Cost for each mitigation
- Estimated time frame for completion of each initiative
Part B: Financial Model
Create a 3- to 4-page financial plan for the operation of the information security department as defined in Part A. Include the following:
- Description of each cost category along with the total annual operating costs
- Estimated annual operating costs for supporting the information security department based on the information in Part A
Note: A table is recommended for portraying the annual operating budget of the information security organization.
Cite any references according to APA guidelines.