Operational Security Plan

The Operational Security Plan identifies the steps necessary for carrying out the various priorities established in the strategic security plan.  Operational plans generally cover one year and will implement procedures and controls in the affected operational areas. Based on the Australian standards, there are nine steps for creating an effective plan of security management:
  1. Ensure support of senior management.
  2. Develop security management policy.
  3. Communicate the policy.
  4. Establish accountability and authority.
  5. Customize the security management process.
  6. Identify and provide resources.
  7. Develop the plan for appropriate organizational levels.
  8. Manage risks at the area, project and team levels.
  9. Monitor and review.

The security management process is equally straightforward:

  1. Communicate and consult with stakeholders.
  2. Establish the context of the exercise.
  3. Identify the risks.
  4. Analyze the risks (qualitative and quantitative).
  5. Evaluate the risks.
  6. Determine the apparently best risk management techniques.
  7. Implement the best technique(s).
  8. Monitor, fine-tune as needed and review annually.