...
To make a yearly plan:
The CISO should make his own plan, implement it in the company, check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation.
1.1 Security Activities
| Activity | Reason | Result | Date | Reference to Security goals in the ISMS | Status* |
|---|---|---|---|---|---|
| Implement IDS | see an increase of attacks | Early warning of an attack | 2 august 2018 | Goal nr. 2 to detect and react and mitigate security attacks | In progress |
1.2 Plan for Risk assessment
| Department | Area | Date | Status* |
|---|---|---|---|
| Accounting | Logical Acces | 11 November 2017 | Planned |
1.3 Awareness and Security training
| Department/role | Training | Date | Status |
|---|---|---|---|
| All | How to detect phishing | 4 October 2017 | Completed |
1.4 Internal Audit
| Department | Type of Audit | Due date | Status |
|---|---|---|---|
| H.R. | Questionaire | 18 april 2018 | Planned |
1.5 Annual management report
| Due date for report | Due date for management review | Status |
|---|---|---|
| 30th november 2017 | 14th december 2017 | In progress |
Establish an ISMS
what's needed to be planned is;
...
To put in: Security by Design - What to look at when you have a new product or service run.
| Legend | |
|---|---|
| Status | |
Legend:
Status:
Planned -
In progress -
...