...
To make a yearly plan:
The CISO should make his own plan, implement it in the company, check internal (f.i. business) external (f.i. law) changes, check compliancy and make a plan for the next year to implement findings out of the evaluation. Part of the yearly plan will be quarterly or monthly plansactivities.
1.1 Security Improvement Activities
...
Department | Area | Recurrence | Next Date | Status* |
---|---|---|---|---|
Accounting | Logical Access | quarterly | 11 November 2017 | Planned |
HR system | Logical Access | quarterly | ||
Datacenter | Physical Access | 2/year | ||
Quality Management | Risk register | quarterly | ||
Quality managament | Risk acceptance (system owner/senior management) | 2/year | ||
Quality management | ASecurity Security management system | annual |
1.3 Awareness and Security training
Department/role | Training/Awareness | Date | Status |
---|---|---|---|
All | How to detect phishing | 4 October 2017 | Completed |
All | Newsletter/blog on actual events | Monthly | |
All or targeted groups | Phishing test | bi-monthly | |
New employees | Initial security training/onboarding | monthly |
1.4 Internal Audit
Department | Type of Audit | Due date | Status |
---|---|---|---|
H.R. | Questionaire | 18 april 2018 | Planned |
...