ABSTRACT
This chapter examines issues regarding security plan, policy, and procedure development. It also covers security policy and procedure writing, and managing security-related documentation. The chapter explains when and how to select a comprehensive ground-up security planning mode, or planning and implementing ad hoc security. It also explains how to establish a security planning development team and who in the organization should be members of the team; and the importance of having good representation from across the organization and how to select team members. The chapter reviews the importance of managing the workflow during the security planning process in order to ensure that security is designed from a multidisciplinary approach and the importance of monitoring security planning team progress. It discusses the importance of ensuring that the team has planned for post-planning activities, including security plan maintenance; monitoring for new threats; and updating the security plan, policies, and procedures to meet new threats.
