Running Head: INFORMATION SECURITY PLANS
Information Security Plans
INFORMATION SECURITY PLANS
Information security plan entails a strategy proposed to protect and control an
information system usually implemented by IT based organizations. This kind of arrangements
typically mitigate, avoid, transfer information risk related to technologies, people and processes
getting into wrong hands by all means. When an organization implements protection plan, it
safeguards the availability, integrity, and confidentiality of information. Failure to take
protection measures leaves the institution vulnerable (O`Brien, 2005 p. 94).
The information security plans include the identification and authentication of users; this
is ensuring access control by making sure that only authorized users have access to the
information system of a company (Ford, 2000). The rights and privileges to be in control of a
system are controlled using an authorization procedure that verifies the profile of a user. It
ensures that only the authorized parties get access to the system. In the implementation of this
plan the company considers; the classification, distribution, and classification of information,
security audit process, maintaining r...