Security project planning

Bull Eye Model Bull Eye Model Affiliation In the past few years, we have seen massive developments and advancements in every area of information technology. Though these advancements of technology have brought a large number of advantages and opportunities for the business organizations as well as individuals however at the same time there have emerged serious security challenges. In this scenario, information security is process of developing and putting into practice security measures in an attempt to secure information and data. In addition, a business organization can also use a bull eye model in order to analyze the information security plan as well as its existing situation of the information security attempts with respect to a number of stages presented in the bull eye model. Basically, the bull eye model allows project teams especially the project planners to find out the status of their progress with respect to their information security efforts. It tells them in which areas they need to pay more attention and expand their information security efforts and potential. Additionally, the bull eye model depends on a process of determining the project plans in a series in the context of four layers, which include policies, networks, systems, and applications. These layers are illustrated in figure1. The figure1 shows how these layers are connected with each other (CQUniversity, 2009. Joshi, 2013).
Figure 1Bull Eye model, Image Source: (Joshi, 2013)
Bull’s eye model is based on four layers which are as follows (CQUniversity, 2009. Joshi, 2013):
Policies: This is the most outer layer in the bull’s-eye diagram. Basically, these policies are defined for all the other layers such as systems and applications installed on systems.
Networks: This layer deal with the threats from public networks that get together the company’s networking infrastructure.
Systems: This layer deals with all kinds of systems that can be used by the people. In this scenario, these systems can comprise computers used as servers, systems employed for process control and manufacturing systems and desktop computers.
Applications: These applications can comprise all the software applications installed on systems
In addition, the bull’s eye model can be utilized to assess the series of actions that need to be performed to put together elements of the information security plan into a project plan. There is a close relationship between all the layers and these layers can be associated with each other in the following ways (CQUniversity, 2009. Joshi, 2013):
Until an organization does not develop, communicate and implement an effective and useable information technology and information security policy, it should not spend further resources on additional controls.
Until an organization does not control and implement an effective network it must spend all resources to attain that goal.
Once an organization implements a policy and network controls, its deployment should concentrate on the process, information, and manufacturing systems of the firm.
Once it is ensured that there is an effective policy is prepared, systems are safe, networks are secure, an organization should pay attention to the evaluation and cure of the security of the firm’s applications installed on systems (CQUniversity, 2009. Joshi, 2013).
References
CQUniversity. (2009). COIT 13211 Information Security – Module 10. Retrieved June 20, 2013, from http://webfuse.cqu.edu.au/Courses/2009/T3/COIT13211/Study_Schedule/module10.htm
Joshi, J. B. (2013). Information Security. Retrieved June 22, 2013, from www.sis.pitt.edu/~jjoshi/IS2820/Spring06/chapter04.doc