elements of an organization security planChoose an organization from the choices provided and prepare a security plan that provides security awareness policy using a security policy framework outline and according the Critical Infrastructure document which concentrates on the following integral keywords to cover the necessary elements of an organization security plan. These are:Identify, Protect, Detect, Respond, and Recover. The plan is a capstone of the work that you have accomplished in this course. You will use your outline to guide the outcome of the plan in addition to the keywords. The plan is an enterprise policy that includes the following considerations, analysis approach, and protections for the enterprise: Identifythreats and vulnerabilities. Assign appropriate security controls toprotectthe infrastructure of the organization. Prepare vulnerability scans and effective risk management protocols to ensure protections remain current and effective anddetectany issues. Initiate an incident response plan forresponding to problems.Develop a business continuity and disaster recovery plan torecoverfrom interruptions in business whether manmade or geographical. This plan must be completed and submitted in MS Word format. Choose from one of the organizations below or request approval from your instructor via email for an alternate organization: Department of Defense Department of Homeland Security General Dynamics Information Technology JC Penneys Corporate Office University of Maryland ITT Technical Institute United States Marine Corp From the Critical Infrastructure document, align your organizational plan to reflect the intent of the document as follows from an excerpt taken from the document and ensure you read the document in its entirety: The Framework complements, and does not replace, an organizations risk management and cybersecurity program. The organization can use its current processes and leverage the Framework to identify opportunities to strengthen and communicate its management of cybersecurity risk while aligning with industry practices. Alternatively, an organization without an existing cybersecurity program can use the Framework as a reference to establish one. Just as the Framework is not industry-specific, the common taxonomy of standards, guidelines, and practices that it provides also is not country-specific. Organizations outside the United States may also use the Framework to strengthen their own cybersecurity efforts, and the Framework can contribute to developing a common language for international cooperation on critical infrastructure cybersecurity. 1.1 Overview of the Framework The Framework is a risk-based approach to managing cybersecurity risk, and is composed of three parts: the Framework Core, the Framework Implementation Tiers, and the Framework Profiles. Each Framework component reinforces the connection between business drivers and cybersecurity activities. These components are explained below. TheFramework Coreis a set of cybersecurity activities, desired outcomes, and applicable references that are common across critical infrastructure sectors. The Core presents industry standards, guidelines, and practices in a manner that allows for communication of cybersecurity activities and outcomes across the organization from the executive level to the implementation/operations level. The Framework Core consists of five concurrent and continuous FunctionsIdentify, Protect, Detect, Respond, Recover. When considered together, these Functions provide a high-level, strategic view of the lifecycle of an organizations management of cybersecurity risk. The Framework Core then identifies underlying key Categories and Subcategories for each Function, and matches them with example Informative References such as existing standards, guidelines, and practices for each Subcategory.