Maintaining Information Assurance Plan CFZ understands that maintaining this

Maintaining Information Assurance Plan CFZ understands that maintaining this information assurance plan will involve every member of the organization and also require a day to day monitoring, so it is stays effective and relevant in improving their network security. Therefore management created some critical steps and programs that will enforce daily maintenance and continuous implementation of the plan. Security Awareness Programs : CFZ management decided to implement monthly security meet- ings to talk about security policies, risks and incidents assessments performed for the organiza- tion. The awareness program serves as a monthly refresher to the daily security risks facing the organization as well as creating continous awareness for relevant security incidents that has oc- curred within their organization or industry (Kadam, 2002). Monitor and Review Security Performance: Since the implementation of an information assur- ance policy is not a one-time event, CFZ created controls to monitor and review performance of the plan, to ensure that it is still serving the purpose for which it was created (Kadam, 2002). Quarterly Audits: CFZ IT department also set up quarterly audits with an external auditor to re- view the various performance controls in place, gather performance results, document all non- conformities that will require corrective actions and identify new threats (Kadam, 2002).

Management Review: This review meetings will be conducted to revisit issues, analyze audit re- ports and take decisive actions, whether to keep the information assurance plan as is or to recom- mend improvements in order to accommodate the newly identified threats (Kadam, 2002). Justification of Maintenance Plan The importance of these maintenance steps is that they help to periodically access risks, identify new risks, and measure effectiveness of the program. Periodic audits are important be- cause they serve as compliance controls that help the organization to monitor compliance to the plan. They also help access new risks, which gives the management the most updated informa- tion concerning risk facing their organization, and helps determine proper corrective actions to taken in order to ensure the most adequate security controls are implemented. Awareness training programs are also critical to keep users and employees abreast of the latest security information that will ensure conformance or unanimous compliance to the most updated security controls (Garbars, 2002). When users are unaware of the latest threats, then they cannot protect themselves nor the organization from such threats and damages that will ensue af- terwards. Monitoring the effectiveness of the information assurance plan is also critical to the safety and security of the organization. After plan has been created and implemented, it is impor- tant to monitor and review the security performance of the plan in order to analyze its effective- ness in improving the security posture of the organization (Garbars, 2002).