The thrust of the Computer Security Plan part of the Business Plan is to ensure that the information systems to be deployed by the company will be in line with of the strategic mission and vision of the company. In order to insure that the information technology infrastructure and resources will meet the requisite requirements of every strategic, tactical and operational plan, the company decided to start on the right footing by adapting the standards contained in the ISO/IEC 17799:2005 or specifically known as the Information Technology - Security Techniques - Code of Practice for Information Security Management. By purchasing the ISO 17799 Toolkit, the company can follow the roadmap for a more secure information systems environment, implement the policies contained in the toolkit, and eventually obtain ISO 17799 certification to add more value to the consulting business.

             Specifically, the company will initially address the following areas that require immediate attention:.

             1.User authentication methods and policies - This will be based on Section 11.1.1 of ISO 17799 wherein, "An access control policy should be established, documented, and reviewed based on business and security requirements for access. Access control rules and rights for each user or group of users should be clearly stated in an access control policy. Access controls are both logical and physical and these should be considered together. Users and service providers should be given a clear statement of the business requirements to be met by access controls.".

             2.Desktop policies - This will be based on Sections 11.3.2 Unattended user equipment and 11.3.3 Clear desk and clear screen policy wherein, "Users should ensure that unattended equipment has appropriate protection. All users should be made aware of the security requirements and procedures for protecting unattended equipment, as well as their responsibilities for implementing such protection.