The Security Plan describes how the solution will be brought to acceptable security levels in order to operate successfully. This plan describes what security threats will exist and how implementing security standards will mitigate those.
The Security Plan will identify development, test, and deployment activities that will design, build, and implement a secure solution. Those activities will be incorporated into the teams’ plans and increase customer confidence that the solution will meet with security expectations. The process of developing the Security Plan produces a series of security standards intended to reduce the security risks to an acceptable level. Before these security standards can be implemented, the customer should decide whether the implementation costs of the measures is aligned with risk reduction, and whether the risks are reduced to an acceptable level.
Click here to download the template.