APPENDIX 2: ISM ACTIVITIES
There are many activities or tasks that an ISM has to contend with and they obviously can’t all be done in one month. You need to try and spread your activity across the year with some level of planning, so that you are not constantly fire-fighting. Below are the key headlines from each of the chapters, represented as task points for an ISM to focus on.
ISM activities – January
Embedding security culture
Desktop refresh and consumerisation
Incident reporting
Data-sharing protocols/information sharing agreements
Records management
Penetration testing
Environmental management issues.
ISM activities – February
User administration (and rights management)
Inventory management
Review back-up arrangements
Review business continuity requirements and engage widely across the business, conducting business impact analyses
Review risk assessment arrangements across the whole organisation.
ISM activities – March
Addressing user requirements
Privacy impact assessments
Managing a virus outbreak
Embedding a useful InfoSec intranet.
ISM activities – April
Reviewing information assurance arrangements
Linking up with information governance requirements
Security metrics and measurements
Equipment life-cycle management.
ISM activities – May
Maintaining situational awareness
Addressing language and management challenges
Laptop management
Outsourcing/third-party management
Addressing port control.
ISM activities – June
Reviewing audit reports – internal and external
Review other project proposals
Review organisational complaints
Security incident response management
Access control
Removable media device management.
ISM activities – July
Reading – journal articles, books, blogs
Maintaining continuous professional development.
ISM activities – August
Identify all assets – hardware, software, information, people
People – network widely
Review access control
Review information security awareness levels and design new material
Review incident management processes and improve if necessary.
ISM activities – September
Software licensing
Remote and mobile worker management
User acceptance testing
Addressing physical security (convergence)
Password management
Laptop management.
ISM activities – October
Information security policy creation and development
Anti-virus (malware) management
Standard build and image roll-out
Password management (again)
Audit log management
Vulnerability management
Cloud Computing – third-party management, etc.
Project and people management.
ISM activities – November
Remote working (again) – location network set-up
Ensuring security is built into all projects from the outset
Information labelling and classification of information assets
Ensuring lessons learnt are recorded and shared.
ISM activities – December
Security improvement programme (SIP)
Fax management
Image build (again)
Physical security (again).
..................Content has been hidden....................
You can't read the all page of ebook, please click
here login for view all page.