The information security plan for a cybersecurity company

This is an assignment that focuses on the information security plan for a cybersecurity company. The paper also provides a framework for answering the paper.

The information security plan for a cybersecurity company

Scenario
Firstly, this information security plan is for a cybersecurity consulting company named ABConsulting. This company also performs security assessments (penetration testing/ethical hacking) for their clients. Secondly, their clients comprise of medium to large corporations and enterprises that need to get their applications/web sites tested for security vulnerabilities. ABConsulting has a medium sized office in Los Angeles with around 300 employees. Lastly, their office houses their secure server systems and desktop computers for their employees; employees can also work from home using company laptops and a VPN.

Additionally, it any given time, ABConsulting deals with and stores sensitive client information that must be protected from unauthorized access. Subsequently, this security plan is intended to outline policies, procedures, and best practices to ensure that ABConsulting is meets certain security standards consistently, is aware of threats and risks against it, and is able to recover in case of a disaster.
The plan should be around 5000 words total.

The information security plan for a cybersecurity company

Firstly, information Security Plan Outline
I.          Secondly, a cover Page
II.          Thirdly, a purpose, Date, Version, Author
III.          Thirdly, table of Contents
IV.          Information Security Management Policy
V.          Infrastructure Security Plan a.      Door authentication mechanisms for different areas (key card, biometrics) b.     Building security systems (cameras, sensors)
VI.          Enterprise Risk Assessment
VII.          Auditing Policy

VIII.          Compliance Policy a.      Sarbanes–Oxley Act compliance policy b.     GDPR compliance policy
IX.          Business Continuity Plan a.      Business Impact Analysis b.     Disaster Recovery Plan c.      Disaster training policy

X.          Then, information Security Policies a.      Acceptable Use Policy b.     Access Control Policy c.      Remote Access Policy d.     Lastly, data and file encryption policy (encrypted during transit and while stored on the server) e.      Personal devices policy (Only allowed on the guest network) f.      Internet browsing policy at work g.     Email & Communication policy (secure, only business related) h.     Firewall & antivirus policies (up to date firewalls and also anti virus on all systems) i.       Application security testing policy (All software developed by ABConsulting needs to be tested before put into production) j.       Logging policy (All traffic and also activity on the company network must be logged)
XI.          Security Training and Awareness Plan
XII.          Computer Security Incident Response Team
a.      Firstly, explain team Responsibilities
b.     Secondly, explain forensics Plan