11 Sep Create a 3- to 4-page information security strategic plan

As the CISO of a health care facility you are tasked with using the information from the artifacts developed in the previous weeks, as well as the NewTab Project Profile, to complete the following:

· Evaluate the requirements for a strategic plan.

· Create a strategic plan for the information security program supporting the organization’s business objectives.

· Develop a financial model for the investments needed to support the information security program in alignment with the strategic plan.

Part A: Strategic Plan

Create a 3- to 4-page information security strategic plan that includes the following components:

· Purpose of the strategic plan

· Major components in the information security organization, including the following:

· Security management

· Security governance, compliance, and policies

· Risk management

· Security operations center (SOC), including SIEM capabilities

· Required information security personnel for each component

· Recommended initiatives for improving the health care organization’s information security posture based on the POA&M from the Wk 2 – Security Assessment Plan assignment, including the following:

· Mitigation actions

· Cost for each mitigation

· Estimated time frame for completion of each initiative

Part B: Financial Model

Create a 3- to 4-page financial plan for the operation of the information security department as defined in Part A. Include the following:

· Description of each cost category along with the total annual operating costs

· Estimated annual operating costs for supporting the information security department based on the information in Part A

Note: A table is recommended for portraying the annual operating budget of the information security organization.

Cite any references according to APA guidelines.