52 weeks of security: A security practitioner's guide

A year sounds like a long time, but before you know it, things will snowball if you don't plan for them. A proactive, strategic plan is necessary to help you account for all it takes to effectively run a security practice. Our Perpetual Calendar uses a calendar to plot all of the recurring responsibilities and best practices dictates a security manager should accomplish in a year's time. You will need to determine what frequency for each task is appropriate for your organization, based on your requirements.

The activities of Information Security System Managers (ISSM) can be broken down into the following five categories: functional security; coordination; documentation; configuration management and certification and accreditation; and risk management. Accomplishing all of the tasks associated with these five areas ensures an ISSM is limiting his/her organization's liability, and is accomplishing due diligence in support of the organization as well as any customers associated with the organization.

The Perpetual Calendar is powerful because it:

• Illustrates to management security responsibilities over the course of a year
• Acts as a checklist
• Demonstrates to your staff their appropriate division of responsibilities
• Will help determine adequate staffing
• Acts as a time management tool, allowing you to project for potential issues

Understand that you will never have enough talent, time, money, people or resources, so you have to target your activities to use the best of these to protect your most critical assets.

Typical security-related activities you need to plan:
Daily activities (use a summary checklist for each month)