...
1.1 Security Improvement Activities
| Activity | Reason | Result | Recurrrence | Date | Reference to Security goals in the ISMS | Status* |
|---|---|---|---|---|---|---|
| Implement IDS | see an increase of attacks | Early warning of an attack | 2 august 2018 | Goal nr. 2 to detect and react and mitigate security attacks | In progress | |
| GAP analysis | Prioritisation | Project initiation | Annually | |||
| Review of existing controls | Evaluate risk treatment controls | Project initiation | Annually |
1.2 Plan for Risk assessment
| Department | Area | Recurrence | Next Date | Status* | |
|---|---|---|---|---|---|
| Accounting | Logical Access | quarterly | 11 November 2017 | Planned | |
| HR system | Logical Access | quarterly | Datacenter | Physical Access2/year | |
| Quality Management | Risk register | quarterlyQuarterly | |||
Quality managamentmanagement | Risk acceptance (system owner/senior management) | 2/year | |||
| Quality management | Security and risk management system | Annual | |||
| Risk assessment | All new major changes must be approved | On need | |||
| Risk assessment | All new systems must be approved | On needannual |
1.3 Awareness and Security training
| Department/role | Training/Awareness | Recurrence | Date | Status |
|---|---|---|---|---|
| All | How to detect phishing | 2/year | 4 October 2017 | Completed |
| All | Newsletter/blog on actual events | Monthly | ||
| All or targeted groups | Phishing test | biBi-monthly | ||
| New employees | Initial security training/onboarding | Monthly | ||
| Existing employees | Skill upgrade | Annual | ||
| Quality management | Review training material | Annualmonthly |
1.4 Internal Audit
Department
of AuditDue date
H.R. Questionaire 18 april 2018 Planned
| Area | Type |
|---|
| Recurrence | Next Date | Status |
|---|
...
* | ||||
|---|---|---|---|---|
| Accounting | Logical Access | Quarterly | 11 November 2017 | Planned |
| HR system | Logical Access | Quarterly | ||
| Datacenter | Physical Access | 2/year | ||
| All admin accounts | Logical Access | 2/year | ||
| All user accounts | Logical Access | Anually | ||
| Quality Management | Security Processes, procedures, SOP's etc. | Anually |
1.5 Reporting
| Type | Reccurence | Due date for report | Due date for management review | Status |
|---|---|---|---|---|
| Annual report | Annual | 30th november 2017 | 14th december 2017 | In progress |
| Board report | Quarterly | 14 days before board meeting | Feb 20th 2018 | Planned |
| Board presentation | Quarterly | 14 days before board meeting | Feb 20th 2018 | Planned |
| Top risks | Monthly | March 1st 2018 | March 5th 2018 | In progresss |
Establish an ISMS
what's needed to be planned is;
...
| Legend | |
|---|---|
| Status | |
| Planned | |
| In progress | |
| Completed | |
| Cancelled |
Future work
References to ISO 27K framework