In an effort to help busy security managers, CISSP Shelley Bard's weekly column builds upon the concept of the perpetual calendar, offering a schedule of reminders for a proactive, strategic security plan. Here are the objectives Shelley prescribes for weeks 18 through 21.
Week 18: Budgets
Objective: Draft a budget each fiscal year.
Week 19: Configuration Management (CM)
Objective: Create a Configuration Control Board or Configuration Management Board.
Week 20: Beginning the dreaded risk assessment, part one
Objective: Form a strategy for tackling a risk assessment.
Week 21: The dreaded risk assessment, part two
Objective: Annually conduct a risk assessment. Here are steps one and two.