System Security plan

 Company Background & Operating Environment Red Clay Renovations is an internationally recognized, awarding winning firm that specializes in the renovation and rehabilitation of residential buildings and dwellings. The company specializes in updating homes using “smart home” and “Internet of Things” technologies while maintaining period correct architectural characteristics. Please refer to the company profile (file posted in Week 1 > Content > CSIA 413 Red Clay Renovations Company Profile.docx) for background information and information about the company’s operating environment. In addition to the information from the company profile, you should: • Use the Wilmington Headquarters (staff) office as the target for the System Security Plan • Use Verizon FiOS as the Internet Services Provider (see http://www.verizonenterprise.com/terms/us/products/internet/sla/ ) Policy Issue & Plan of Action A recent risk assessment highlighted the need to formalize the security measures required to protect information, information systems, and the information infrastructures for the company’s headquarters and field offices. This requirement has been incorporated into the company’s risk management plan and the company’s CISO has been tasked with developing, documenting, and implementing the required security measures. The IT Governance board also has a role to play since it must review and approve all changes which affect IT systems under its purview. The CISO has proposed a plan of action which includes developing system security plans using guidance from NIST SP-800-18 Guide for Developing Security Plans for Federal Information Systems. The IT Governance board, after reviewing the CISO’s proposed plan of action, voted and accepted this recommendation. In its discussions prior to the vote, the CISO explained why the best practices information for security plans from NIST SP 800-18 was suitable for the company’s use. The board also accepted the CISO’s recommendation for creating a single System Security Plan for a General Support System since, in the CISO’s professional judgement, this type of plan would best meet the “formalization” requirement from the company’s recently adopted risk management strategy. Your Task Assignment As a staff member supporting the CISO, you have been asked to research and then draft the required system security plan for a General Support System. In your research so far, you have learned that: • A general support system is defined as “an interconnected set of information resources under the same direct management control that shares common functionality.” (See NIST SP 800-18) • The Chief of Staff for the company is the designated system owner for the IT support systems in the Wilmington, DC headquarters offices. • The system boundaries for the Wilmington, DE office’s General Support System have already been documented in the company’s enterprise architecture (see the case study). • The security controls required for the Wilmington, DE office’s IT systems have been documented in a security controls baseline (see the controls baseline attached to this assignment).