...
1.1 Security Improvement Activities
Activity | Reason | Result | Recurrrence | Date | Reference to Security goals in the ISMS | Status* |
---|---|---|---|---|---|---|
Implement IDS | see an increase of attacks | Early warning of an attack | 2 august 2018 | Goal nr. 2 to detect and react and mitigate security attacks | In progress | |
GAP analysis | Prioritisation | Project initiation | Annually |
1.2 Plan for Risk assessment
Department | Area | Recurrence | Next Date | Status* |
---|---|---|---|---|
Quality Management | Risk register | Quarterly | ||
Quality management | Risk acceptance (system owner/senior management) | 2/year | ||
Quality management | Security and risk management system | Annual | ||
Risk assessment | All new major changes must be approved | On need | ||
Risk assessment | All new designssystems must be approved | On need |
1.3 Awareness and Security training
Department/role | Training/Awareness | Recurrence | Date | Status |
---|---|---|---|---|
All | How to detect phishing | 2/year | 4 October 2017 | Completed |
All | Newsletter/blog on actual events | Monthly | ||
All or targeted groups | Phishing test | Bi-monthly | ||
New employees | Initial security training/onboarding | Monthly | ||
Existing employees | Skill upgrade | Annual | ||
Quality management | Review training material | Annual |
1.4 Internal Audit
DepartmentAreaArea | Type | Recurrence | Next Date | Status* |
---|---|---|---|---|
Accounting | Logical Access | Quarterly | 11 November 2017 | Planned |
HR system | Logical Access | Quarterly | ||
Datacenter | Physical Access | 2/year | ||
All admin accounts | Logical Access | 2/year | ||
All user accounts | Logical Access | Anually | ||
Quality Management | Security Processes, procedures, SOP's etc. | Anually |
1.5 Reporting
Type | Reccurence | Due date for report | Due date for management review | Status |
---|---|---|---|---|
Annual report | Annual | 30th november 2017 | 14th december 2017 | In progress |
Board report | Quarterly | 14 days before board meeting | Feb 20th 2018 | Planned |
Board presentation | Quarterly | 14 days before board meeting | Feb 20th 2018 | Planned |
Top risks | Monthly | March 1st 2018 | March 5th 2018 | In progresss |
...