Guideline on Developing a Departmental Security Plan

Outlines the development of a departmental security plan in accordance with the Policy on Government Security.
Date modified: 2013-12-04

More information


Print-friendly XML

Long description for image: 20010-01-eng.jpg

Figure 1 - Process of Developing a Departmental Security Plan (DSP)

The image illustrates a process for developing a DSP that is described in the guideline. The image portrays three activities that are part of the process for developing a departmental security plan. The first activity is entitled "communication and consultation". The second activity is entitled "security risk management". The third activity is entitled "preparing a DSP". The three activities are connected by two-way arrows to demonstrate that they are interrelated. The third activity entitled "preparing a DSP" is connected by a one-way arrow to the first activity entitled "communication" demonstrating that continuous feedback is part of the process.

The second activity entitled "security risk management" is divided into sub-components which are portrayed in four boxes.

The first box, entitled "setting the context" contains five bullets:

  • Business Context
  • Organizational Context
  • Security Context
  • Approach to developing the DSP
  • Approach to security risk management

The second box, entitled "security risk assessment" contains three bullets:

  • Risk identification
  • Risk analysis
  • Risk evaluation

The third box, entitled "security risk assessment" contains six bullets:

  • Security risk treatment decisions
  • Security control objectives
  • Security controls
  • Performance indicators
  • Gap analysis
  • Priorities

The fourth box, entitled "security risk treatment" contains four bullets:

  • Implementation strategy
  • Monitoring
  • Reporting
  • Update

Return to the Complete Text

Date modified: