...
To make a yearly plan:
The CISO should make his own plan, implement it in the company, check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation.
Establish an ISMS
what's needed to be planned is;
- what will be done
- what resources will be required
- who will be responsible
- when it will be completed
- how the results will be evaluated (art. 6.2 of ISO. 27.001)
1.1 Security Activities
| Activity | Reason | Result | Date | Reference to Security goals in the ISMS | Status(In progress/ completed) |
|---|---|---|---|---|---|
| Implement IDS | see an increase of attacks | Early warning of an attack | 2 august 2018 | Goal nr. 2 to detect and react and mitigate security attacks | In progress |
1.2 Plan for Risk assessment
| Department | Area | Date | Status(In progress/ not completed)* |
|---|---|---|---|
| Accounting | Logical Acces | 11 November 2017 | Planned |
1.3 Awareness and Security training
| Department/role | Training | Date | Status(In progress/ not completed) |
|---|---|---|---|
| All | How to detect phishing | 4 October 2017 | Completed |
1.4 Internal Audit
| Department/role | Training | Date | Type of Audit | Due date | Status | |
|---|---|---|---|---|---|---|
| H.R. | Questionaire | 18 april 2018 | Planned | |||
1.5 Annual management report
| Due date for report | Due date for management review | Status |
|---|---|---|
| 30th november 2017 | 14th december 2017 | In progress |
Establish an ISMS
what's needed to be planned is;
- what will be done
- what resources will be required
- who will be responsible
- when it will be completed
- how the results will be evaluated (art. 6.2 of ISO. 27.001)
Implement an ISMS
Run your ISMS
...
To put in: Security by Design - What to look at when you have a new product or service run.
Legend:
Status:
Planned -
In progress -
Completed -
Cancelled -