"In addition to the hard requirement to maintain a security plan, the Committee for National Security Systems (CNSS), formerly known as the National Security Telecommunications and Information Security Committee (NSTISSC), has issued educational standards for Information-Assurance-related positions, many of which require some level of ability with respect to security plans. For example, Issuance No. 4011, National Training Standard for Information Systems Security (INFOSEC) Professionals, expects graduates of compliant courses to be able to build a security plan. The Naval Postgraduate School (NPS) Center for Information Systems Security Studies and Research (CISR) supports the teaching of many courses in the Computer Science department that are dedicated to Information Assurance education. One of these courses, Secure Management of Systems,' is the capstone of a series of courses that meet the educational requirements of three CNSS training standards, including No. 4011. Therefore, one of the projects in this course is the development of a security plan. This paper describes our experience and lessons learned from requiring students to write a security plan as part of Secure Management of Systems."
Defense Technical Information Center (DTIC): http://www.dtic.mil/dtic/