Week 51: The Year in Review -- Part 2: Planning for the upcoming year


Understanding what's been accomplished, what worked well, determining what still needs to be done and what still needs fixing is intrinsic to a well-run, proactive security operation.

How do you start thinking about planning for a year? Model the

Requires Free Membership to View

Information Security Protection Matrix and/or the Perpetual Calendar to get started. What worked for your organization? What wasn't relevant? What wasn't listed and should be? [Please drop me a note.] Afraid you'll forget about something? Have a session or working lunch and invite a few key people to brainstorm a workable list; these can be folks on your staff or people from key sections of the enterprise you're protecting.

Going through the list of tips should trigger topic ideas, such as those on budgets, licenses and disaster recovery. For example, October was the beginning of the government's new budget year. Does yours align with the government's fiscal year or the calendar year? Assess what you spent on supplies and equipment-related peripherals -- stock up now, or see what you can trim or get a better deal on. The holidays are beginning, and soon family will be all around us -- who's part of your organization's family? Review all of your Non-Disclosure Agreements, Memorandums of Agreement/Understanding, etc and Service-Level Agreements (SLAs) with providers. Are they still current and favorable to your operating requirements? Software licenses and systems may be due for renewal or inspection, for example, the fire suppression system in your server room(s). Also, it's the end of hurricane season in the south, but winter weather's upon us … are you prepared for power outages, etc?

What's keeping you updated in the security world? Time to review those input channels and see where you can trade time for quality information. What courses do you need to take? Any conferences coming up that your folks should attend? Coordinate coverage for events like these now.

You need to protect your enterprise and practice defense-in-depth by using, at a minimum, all of the tips from this past year. In addition, the following topics are likely to need your attention as they're hot for the coming year:

  • 1. Supervisory Control and Data Acquisition (SCADA) systems
  • 2. Power over Ethernet (PoE)
  • 3. VoIP advances
  • 4. Wireless advances
  • 5. Forensics

More information
For a refresher, see 52 weeks of security: A security practitioner's guide I've enjoyed bringing you these weekly tips over the past year. I hope I've taken some of the fear and mystery out of running a comprehensive information security protection program. You have the tools to be proactive and in control of your security program. You should feel great about starting the New Year! Good luck and good planning!

About the author
Shelley Bard, CISSP, CISM, is a senior security network engineer with Verizon Federal Network Systems (FNS). An information security professional for 17 years, Bard has briefed and written infosecurity assessments and technical reports for the White House and Department of Defense, special interest groups, industry and academia. Please e-mail any comments.

Opinions expressed in this column are those of Shelley Bard and don't necessarily reflect those of Verizon FNS.

This was first published in December 2004

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.