An Information System Security Plan (ISSP) is a formal plan that establishes and defines the plan of action to secure an organization’s systems. The objective of system security planning is to improve protection of information system resources and assets. The purpose of an information system security plan is to provide an overview of an organization’s cyber landscape by analyzing their risk and security requirements and describing the necessary security controls that need to be implemented. This plan reflects the ethical and professional development of organizations by establishing a layout of the organization’s roles and responsibilities, security controls, assessing risk, and identifying ways of mitigating their risk. It is about analyzing what an organization has, what they need to improve upon, and how they will be able to achieve their end goals.
CSOL 550 (ISSP) - Final Project