In an effort to help busy security managers, CISSP Shelley Bard's weekly column builds upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic security plan. Here are the objectives Shelley prescribes for the first four weeks of the year.
Week 1: The security manager's daily checklist
Objective: Download a daily to-do list that you can customize to suit your needs.
Week 2: Passwords -- Updating, selecting and recording user and administrative passwords
Objective: Conduct audits once a quarter or every six months – depending on your level of CIA2 -- to make sure passwords comply with security policy.
Week 3: Restore a back-up tape and recover usable data
Objective: On low traffic days, 3-4 times per year, recover back-up data.
Week 4: Disaster recovery/business continuity plans, part 2 – Hardware
Objective: Review contingency plan twice yearly.