In the week 9 and week 10 assignments, I had a chance to learn and work on the Action Plan. It was a step further after the Threat Analysis that was completed from the week 7 and 8 assignments. Without the Action Plan, I think the Threat Analysis was an incomplete document for the company to mitigate the risks. The Action Plan is an add-on task to the Threat Analysis to make the whole document complete.
When working on the Action Plan, the most difficult part was how the format of the Action Plan looks. What needed to be included in the Action Plan? I had to do some research and through the study, it helped me to have a much better understanding of the Action Plan. The Action Plan is a “sequence of steps that must be taken or activities that must be performed well, for a strategy to succeed. An action plan has three major elements (1) Specific tasks: what will be done and by whom. (2) Time horizon: when will it be done. (3) Resource allocation: what specific funds are available for specific activities” (BusinessDictionary, 2019).
To be more detailed, a good Action Plan consists of many steps, but each step should include the following information:
1. Actions
2. Responsible groups
3. Timeline
4. Resources, such as money and staff for making the changes
5. Communication
The good Action Plan should include three main elements above, which are listing out specific tasks, timelines, and resource allocation. The specific tasks for the case study of the class were to be able to identify all the assets, then recognize the threats, vulnerabilities, and risks associated with each asset. In addition, one of the most important tasks is to provide recommendations to fix the security issues with detail actions. Without recommendations and detail actions, the company would not know how to fix their security problems. Providing the timeline for each task is also an important factor within the Action Plan. The timeline will show when the task should be started and when the task should be done. This will help both management and technical groups to know when to start the tasks and when the tasks should be completed. It especially helps the management group to allocate the time, budgets, and resources. The last important element of the Action Plan is resource allocation. In this step, it helps management groups to be able to plan for the funds and assign the task to the right groups or person to work on each task.
When we have a good Action Plan, it will help the organization improve security greatly. It is because the Action Plan lists out the assets for the company. It evaluates the threat and vulnerability of the assets. It then analyzes the risks and potential impact on the company. After that, it provides recommendations and solutions to fix the security issue. “An action plan is a way to make sure your organization's vision is made concrete. It describes the way your group will use its strategies to meet its objectives” (CommunityToolBox, 2019).
So how we can make a good Action Plan? There are three criteria that help us to make a good Action Plan. They are: complete, clear, and current (CommunityToolBox, 2019). For the completeness, it indicates that all the action steps to be sought in all relevant parts of the community. For clearness, it indicates if the Action Plan is clear, easy to understand, and clearly indicates the who, what, and when to perform the task. For the current point, it indicates if the action plan reflects the current work.
The assignments for the last four weeks were very practical and I valued them a lot. They are all new concepts and ideas to me so I love to learn them and I am sure they will benefit me for my future work. I have learned much from the classes for the Cybersecurity program and I could tell that the Current Trend in CyberSecurity class is one of the most practical classes that I have had. It is good information and very practical.
References:
BsinessDictionnary. (2019). Action Plan. Retrieved from http://www.businessdictionary.com/definition/action-plan.html
CommunityToolBox. (2019). Developing an Action Plan. Retrieved from https://ctb.ku.edu/en/table-of-contents/structure/strategic-planning/develop-action-plans/main
No comments:
Post a Comment