Tag Archives: National Infrastructure Protection Plan

Communication Plan-National Infrastructure Protection Plan Paper


Phase 2: Communication plan –

In this phase, you need to communicate with your troops about the National Infrastructure Protection Plan, through your information in the memo. The communication plan should involve a diagram showing the flow of information, the timing of the communication as well as the media of the communication. You also need to submit drafts of any communication pieces of your communication plan.

Sample paper

Communication Plan

A communication plan refers to a policy-driven approach towards keeping the stakeholders informed about the current project. The communication plan provides clarity about those who hold the authority to give information to the relevant stakeholders, the appropriate timing for delivery of the information, and the most appropriate channels for delivering the information. It is important to designate a specific individual to communicate information to the various stakeholders. The plan should include all relevant information to the stakeholders. There are many channels of communication available for passing the information. Some of the channels include presentations, email, printed reports, websites, public announcements, and among others. The choice of the suitable channel depends of various factors such as context, personality of the audience, complexity of the message, the ability to obtain feedback, and among others. This paper is a presentation of the communication plan to the troops about the National Infrastructure Protection Plan.

Objectives of the Communication Plan

The first and major goal of this communication plan is to inform the troops about what needs to be done to meet the standards based on the National Infrastructure Protection Plan. The second goal of the communication plan is to manage stakeholder expectations by keeping them informed about the project. By keeping the official communications open, it will be easier to management their expectations by eliminating false information (Turner, 2003). The third goal is to establish trust among all parties, including the Chief Information Officer, the troops, and I as the Information Security Director. The fourth goal of this communication plan is to enhance participation and collaboration in the project. By keeping the official communication lines open, the troops will be more willing to participate actively in the project, provide feedback, and be active in developing solutions to potential problems.

Target Audience

The target audience for this communication plan is the troops. It is important to ensure information reaches the troops at the right time to avoid confusion. The troops are one of the major stakeholders in the project. As such, it is important to ensure they receive information at the right time.

Key Message

The key message concerns integrating the standards outlined under the National Infrastructure Protection Plan in order to enhance the protection and resiliency of the critical infrastructure in the country (Wallace Foundation, n.d). The Infrastructure Protection Plan must take into account the provisions of the National Infrastructure Protection Plan in order to build resilient security systems in the organization. It is worth noting that the high dependence and interdependence of the country’s information systems increase the vulnerability to local and international threats. The memo outlines the various standards that troops must observe in developing a resilient information system. Other information to share with the troops include code of conduct, budget information, handling complaints, details about all partners involved, and important contact details.

Communication Method(s)

Three communication methods will be applied in delivering information to the intended audience. The methods involve written, oral, and electronic communication methods. In particular, general messages will be carried through posters and notice boards placed at strategic locations for easy access by the troops. On the other hand, electronic mail will facilitate the passing of personal or confidential information to select individuals. Electronic mail will also facilitate the passing of complex information such as graphs, budget analysis, and other information to the troops (Downs & Adrian, 2004). Models and demonstrations will help in clarification of complex issues arising during the project. This will facilitate direct exchange of information and ideas on the project. In addition, models and demonstrations will allow for instant feedback from the troops about the project (Downs & Adrian,2004). As such, it will be easy to learn about the issues arising from the project. The following diagram shows the flow of information, timing, and the media carrying the information.

Enhancing two-way Communication

Enhancing two-way Communication

Two-way communication will facilitate dialogue and gathering of important feedback, ideas, and suggestions from the troops (Wallace Foundation, n.d). This will help in making critical changes to the project and meeting the needs of various stakeholders including the troops. Gathering feedback will also enhance continuous improvement of processes in the project. As the Information Security Director, there is need to obtain constant feedback in order to make decisions on necessary adjustments to the program. It is worth noting that not all communication channels can facilitate receiving of feedback from the troops. In particular, written communication such as posters and notice boards may not facilitate feedback (Downs & Adrian,2004). On the other hand, electronic mail and oral methods such as demonstrations will facilitate feedback.

Specifying a Timeline

It is important to maintain communication at all stages of the plan (Wallace Foundation, n.d). Various stakeholders including the troops should receive information about the key developments of the project. Communication is most critical during the earlier stages of the project, while making changes, and in case of project delays or disruptions. The timeline should include the time prior to the initiation of the activities. In some cases, the timeline involve activities 3 months prior to the commencing of the project. For instance, the program manager should establish a number of things prior to working on the project. These include identifying all stakeholders, determining the situation analysis, identifying the goals and objectives of the project, reaching out to board members, and among others.

Budget for the Plan

The plan utilizes cheaper methods of communication to the troop members in order to keep costs low. Certain methods such as the mass media may lead to high budget costs for communication (Turner, 2003). There are many cheap methods of communication such as the ones utilized in this communications plan. The following is the budget for the communications plan.

Particulars Cost per unit Total number of units Total cost Description
Printing posters $20 10 $200 One poster per working area
Models and demonstrations $500 1 $500 The total cost of facilitating a single demonstration lesson
Electronic mail N/A N/A N/A



This involves rolling out the communication plan. The roll out will be easy since the communication plan aims at informing the troops only. In case there is involvement of various stakeholders, a need emerges to inform these stakeholders using a certain parameter (Wallace Foundation, n.d). For instance, the information should reach those in senior ranks first before flowing to those in junior ranks.


This involves carefully evaluating the communication plan to ensure it is effective in all aspects. Where weaknesses are identified in the communication plan, efforts should be made to improve on the weaknesses before they negatively affect the communication process. The monitoring process will be part of the overall program review. Various methods can help in reviewing whether the communication process was effective. These include observing, talking to the troops, obtaining written feedback, and other methods.


Downs, C. W., & Adrian, A. D. (2004). Assessing organizational communication: Strategic             communication audits. New York: The Guilford Press.

Turner, P. (2003). Organisational communication: The role of the HR professional. London:        Chartered Institute of Personnel and Development.

Wallace Foundation. (n.d). Workbook A: creating a communications plan. Retrieved from             http://www.wallacefoundation.org/knowledge-center/Documents/Workbook-A-    Communication.pdf


National Infrastructure Protection Plan Memo

National Infrastructure Protection Plan Memo


Phase 1: Memo –

In this phase, you need to create 3-5 page professional memo about your assessment of what needs to be done to meet the standards based on the National Infrastructure Protection Plan. You need to make sure that the language in the memo is clear of free of errors. You also need to be creative in presenting this information to capture the most important points from the National Infrastructure Protection Plan. You need to demonstrate critical thinking to prioritize the action items based on your findings.

Sample paper

Theories of Security Management

To: The Chief Information Officer

From: Information Systems Security Director

Date: October 23, 2017

Subject: Meeting the Standards based on NIPP

The National Infrastructure Protection Plan (NIPP) sets out standards to enhance the protection and resiliency of critical infrastructure in the country. The Infrastructure Protection Plan must take into consideration the provisions set out by the NIPP in enhancing protection and resiliency of information systems. In the current environment, organizations are increasingly facing serious threats due to exposure of their information systems to external threats. The high dependence and interdependence of the information systems increases the vulnerability of attacks, which may result in a single point of weakness and affect the entire system. This memo is an assessment of what the Infrastructure Protection Plan should include based on the NIPP standards.

The Infrastructure Protection Plan should enhance information sharing as set out in the NIPP. One of the key goals of the NIPP is to enhance the sharing of information about security threats facing the information systems (Department of Homeland Security (DHS), 2009). Sharing of information should be accurate and timely to facilitate decision-making. Information sharing should include incidence reporting, warnings, and making alerts about possible and actual incidences. The Infrastructure Protection Plan should enhance collaborations among various partners. The strength of the NIPP largely depends on the nature of collaborations between the public and private sector (DHS, 2009). The collaboration between the public and private sector improves the understanding of security threats and vulnerabilities facing the information systems. For instance, the public and private sector may share the best practices for eliminating or managing active and potential threats. Nonetheless, both the public and private sector entities manage own risks at the organizational level.

The National Infrastructure Program must include an effective risk management program. The risk management program entails dealing with potential risks and hazards to the information systems (DHS, 2009). The organization should engage in continuous risk assessments and frequently update the risk management systems. Under the risk management, the organization should also adopt new technologies to increase its effectiveness in managing risks. The National Infrastructure Program must integrate security and resilience programs. Security and resilience should be factored during the design of systems and networks. During the development of the Infrastructure Protection Plan, the developers should apply infrastructure reliance principles (DHS, 2009). This may lead to improved effectiveness of the system’s ability to identify and deter threats. The security and resilience programs ensure that the network and systems can be able to withstand a significant number of attacks.

The Infrastructure Protection Plan should include ways of regulating access to stored information or data (DHS, 2009). The organization must develop ways of protecting access to data. This includes implementing physical restrictions to the use of passwords to restrict access. Restricting access begins with putting physical safeguards to the organization’s information systems. The next step is to implement controls against unauthorized access through remote means such as cyberattacks. The Infrastructure Protection Plan should include a risk assessment plan. The Chief Information Officer should conduct risk assessments on a regular basis in order to identify and correct system vulnerabilities. Risk assessment is also critical in identifying threats facing the organization (DHS, 2009). The threats may range from natural disasters such as damage to the physical systems in case of flooding to manmade threats such as cyberattacks. Risk assessments should bear four characteristics: they should be reproducible, defensible, complete, and documented.

The plan should include scenario identification. This entails identifying the specific risks that may affect the organization (DHS, 2009). There may be different risks facing the organization’s assets, systems, and networks. The key here is to identify the consequences of risks, system vulnerabilities, and potential threats in the environment. In conducting a risk scenario identification, it is important to map the components for which the possibility of risk would lead to the highest consequences. This can enable the security experts to learn where to implement protective measures. It is worth noting that open systems are likely to face increased risk of attacks, making screenings ineffective no matter how regular the screenings occur. The risk scenario should evaluate all the potential sources of harm (DHS, 2009). In addition, the risk scenario should include an evaluation of the conditions for evaluating consequence and vulnerabilities, for instance, applying the worst-case scenario in the possibility of terrorist attacks.

The Infrastructure Protection Plan should include a consequence assessment plan. Consequence assessment involves the analysis of the challenges the organization may face in case of an attack that cripples its networks and systems. Some attacks may be severe, affecting the organization’s critical processes. Other attacks may be limited to a few operations. The organization should mainly focus on risks that may cause a major disruption in operations if they occur, for instance, risks that may lead to a negative public image of the organization (DHS, 2009). Lastly, the plan should include a vulnerability assessment. Vulnerability assessment involves focusing on certain inherent attributes of the network and systems that may render them susceptible to attacks. System and network vulnerabilities may emerge from various sources. Some of these include lack of a firewall, use of legacy systems, and inadequate physical safeguards in the organization.


Department of Homeland Security (DHS). (2009). National Infrastructure Protection Plan.           Retrieved from http://www.dhs.gov/xlibrary/assets/NIPP_Plan.pdf


Information Systems for Decision-Making