...
A guide on how to establish and implement an ISMS and the run of your ISMS. Planning consists of annual activities and of monthly or quarterly activities. (the CISO's planning for the year/quarter/month)
To make a yearly plan:
The CISO should make his own plan, implement it in the company, check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation. Part of the yearly plan will be quarterly or monthly plans.
1.1 Security Improvement Activities
| Activity | Reason | Result | Date | Reference to Security goals in the ISMS | Status* |
|---|---|---|---|---|---|
| Implement IDS | see an increase of attacks | Early warning of an attack | 2 august 2018 | Goal nr. 2 to detect and react and mitigate security attacks | In progress |
...
1.2 Plan for Risk assessment
| Department | Area | Recurrence | Next Date | Status* |
|---|---|---|---|---|
| Accounting | Logical AccesAccess | quarterly | 11 November 2017 | Planned |
| HR system | Logical Access | quarterly | ||
| Datacenter | Physical Access | 2/year | ||
| Quality Management | Risk register | quarterly | ||
| Quality managament | Risk acceptance (system owner/senior management) | 2/year | ||
| Quality management | ASecurity management system | annual |
1.3 Awareness and Security training
...
To put in: Security by Design - What to look at when you have a new product or service run.
| Legend | |
|---|---|
| Status | |
| Planned | |
| In progress | |
| Completed | |
| Cancelled |