APPENDIX 2: ISM ACTIVITIES
There are many activities or tasks that an ISM has to contend with and they obviously can’t all be done in one month. You need to try and spread your activity across the year with some level of planning, so that you are not constantly fire-fighting. Below are the key headlines from each of the chapters, represented as task points for an ISM to focus on.
ISM activities – January
• Embedding security culture
• Desktop refresh and consumerisation
• Incident reporting
• Data-sharing protocols/information sharing agreements
• Records management
• Penetration testing
• Environmental management issues
ISM activities – February
• User administration (and rights management)
• Inventory management
• Review back-up arrangements ...