|
Organization |
Division | Administrator |
|---|---|---|
|
ABC Industries |
Mid-west |
Jeff Williams |
|
Project Number |
Start Date |
Due Date |
% Project Complete |
Updated on |
| 1702 | 11/12 | 03/12 | 91 % | 2/17 |
Implementation task management
|
Task Title |
Assigned to |
Date Started | Due Date | Task Status | Training | Tasks | Policy | Audit | |
|---|---|---|---|---|---|---|---|---|---|
|
OPENING MEETING |
Roy Johnstone | 11/12 | 11/13 | ||||||
|
Introduction to ISO Security Solutions |
Jeff Williams | 11/12 | 11/13 | ||||||
|
Overview of training program |
Susan Bristol | 11/12 | 11/13 | ||||||
|
Implementation tools |
Jeff Williams | 11/14 | 11/14 | ||||||
|
Selection of implementation teams |
Jeff Williams | 11/14 | 11/15 | ||||||
|
Selection of Internal Auditors |
Robert Sythe | 11/15 | 11/18 | ||||||
|
Overview of ISO-17799 / BS-7799 |
Susan Bristol | 11/18 | 11/18 | ||||||
|
Overview of auditing |
Robert Sythe | 11/18 | 11/18 | ||||||
|
Implementation Tasks and Training |
Susan Bristol | 11/19 | 11/22 | ||||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
INFORMATION SECURITY POLICY |
|||||||||
| 1 |
Information security policy document |
Jeff Williams | 11/19 | 12/16 | |||||
| 2 |
Review and evaluation |
Jeff Williams | 11/19 | 12/16 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
ORGANIZATION SECURITY |
|||||||||
| 3 |
Management information security forum |
Jeff Williams | 11/15 | 11/22 | |||||
| 4 |
Information security co-ordination |
Jeff Williams | 11/15 | 11/22 | |||||
| 5 |
Allocation of information security responsibilities |
Jeff Williams | 11/18 | 12/16 | |||||
| 6 |
Authorization process for information processing facilities |
Julia Anderson | 11/15 | 01/23 | |||||
| 7 |
Specialist information security advice |
Julia Anderson | 11/18 | 12/13 | |||||
| 8 |
Co-operation between organizations |
Julia Anderson | 11/18 | 12/13 | |||||
| 9 |
Independent review of information security |
Jeff Williams | 01/10 | 02/24 | |||||
| 10 |
Identification of risks from third party access |
Marci Bishop | 11/22 | 01/06 | |||||
| 11 |
Security requirements in third party contracts |
Marci Bishop | 11/22 | 01/06 | |||||
| 12 |
Security requirements in outsourcing contracts |
Marci Bishop | 11/22 | 01/06 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
ASSET CLASSIFICATION AND CONTROL |
|||||||||
| 13 |
Inventory of assets |
Cindy Watson | 11/22 | 01/15 | |||||
| 14 |
Classification guidelines |
Cindy Watson | 11/22 | 12/06 | |||||
| 15 |
Information labeling and handling |
Cindy Watson | 11/22 | 12/06 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
PERSONNEL SECURITY |
|||||||||
| 16 |
Including security in job responsibilities |
Susan Bristol | 11/22 | 12/20 | |||||
| 17 |
Personnel screening and policy |
Susan Bristol | 11/22 | 12/20 | |||||
| 18 |
Confidentiality agreements |
Susan Bristol | 11/22 | 12/13 | |||||
| 19 |
Terms and conditions of employment |
Susan Bristol | 11/22 | 12/13 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
USER TRAINING |
|||||||||
| 20 |
Information security education and training |
Susan Bristol | 12/09 | 01/10 | |||||
| 21 |
Reporting security incidents |
Andrew Marcus | 12/02 | 01/06 | |||||
| 22 |
Reporting security weaknesses |
Andrew Marcus | 12/02 | 01/06 | |||||
| 23 |
Reporting software malfunctions |
Andrew Marcus | 12/02 | 01/06 | |||||
| 24 |
Learning from incidents |
Andrew Marcus | 01/06 | 01/23 | |||||
| 25 |
Disciplinary process |
Susan Bristol | 12/16 | 01/20 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
PHYSICAL AND ENVIRONMENTAL SECURITY |
|||||||||
| 26 |
Physical security perimeter |
Bob Taylor | 11/20 | 12/13 | |||||
| 27 |
Physical entry controls |
Bob Taylor | 11/20 | 12/16 | |||||
| 28 |
Securing offices, rooms and facilities |
Bob Taylor | 11/20 | 12/16 | |||||
| 29 |
Working in secure areas |
Bob Taylor | 11/20 | 12/16 | |||||
| 30 |
Isolated delivery and loading areas |
Bob Taylor | 11/20 | 12/10 | |||||
| 31 |
Equipment sitting and protection |
Bob Taylor | 12/10 | 01/10 | |||||
| 32 |
Power supplies |
Bob Taylor | 12/10 | 01/10 | |||||
| 33 |
Cabling security |
Bob Taylor | 12/10 | 01/10 | |||||
| 34 |
Equipment maintenance |
Bob Taylor | 12/17 | 01/17 | |||||
| 35 |
Security of equipment off-premises |
John Peters | 12/02 | 01/06 | |||||
| 36 |
Secure disposal or re-use of equipment |
John Peters | 12/02 | 01/06 | |||||
| 37 |
Clear desk and clear screen policy |
John Peters | 12/02 | 01/06 | |||||
| 38 |
Removal of property |
John Peters | 12/02 | 01/06 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
COMMUNICATIONS & OPERATIONS |
|||||||||
| 39 |
Documented operating procedures |
Kim Wu | 12/17 | 01/20 | |||||
| 40 |
Operational change control |
Kim Wu | 12/17 | 01/20 | |||||
| 41 |
Incident management procedures |
Andrew Marcus | 12/10 | 01/10 | |||||
| 42 |
Segregation of duties |
Jeff Williams | 11/27 | 12/20 | |||||
| 43 |
Separation of development and operational facilities |
Jeff Williams | 11/27 | 12/20 | |||||
| 44 |
External facilities management |
Bob Taylor | 12/02 | 01/15 | |||||
| 45 |
Capacity planning |
Kim Wu | 12/02 | 01/10 | |||||
| 46 |
System acceptance |
Kim Wu | 12/02 | 01/10 | |||||
| 47 |
Controls against malicious software |
Bob Taylor | 11/18 | 12/03 | |||||
| 48 |
Information back-up |
Kim Wu | 11/19 | 12/05 | |||||
| 49 |
Operator logs |
Kim Wu | 11/25 | 12/10 | |||||
| 50 |
Fault logging |
Kim Wu | 11/25 | 12/10 | |||||
| 51 |
Network controls |
Kim Wu | 12/10 | 01/10 | |||||
| 52 |
Management of removable computer media |
Bob Taylor | 11/25 | 12/06 | |||||
| 53 |
Disposal of media |
Bob Taylor | 11/25 | 12/06 | |||||
| 54 |
Information handling procedures |
Kim Wu | 11/25 | 12/10 | |||||
| 55 |
Security of system documentation |
Kim Wu | 11/18 | 12/03 | |||||
| 56 |
Information and software exchange agreements |
Bob Taylor | 11/22 | 12/16 | |||||
| 57 |
Security of media in transit |
Bob Taylor | 11/22 | 12/16 | |||||
| 58 |
Electronic commerce security |
Bob Taylor | 11/26 | 01/23 | |||||
| 59 |
Security of electronic mail |
Bob Taylor | 11/26 | 01/10 | |||||
| 60 |
Security of electronic office systems |
Bob Taylor | 11/26 | 01/10 | |||||
| 61 |
Publicly available systems |
Kim Wu | 11/22 | 12/20 | |||||
| 62 |
Other forms of information exchange |
Kim Wu | 11/22 | 12/20 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
ACCESS CONTROL |
|||||||||
| 63 |
Access control policy |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 64 |
User registration |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 65 |
Privilege management |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 66 |
User password management |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 67 |
Review of user access rights |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 68 |
Password use |
Lisa Steinberg | 12/02 | 01/15 | |||||
| 69 |
Unattended user equipment |
George Paterson | 12/09 | 01/23 | |||||
| 70 |
Policy of use of network services |
George Paterson | 12/09 | 01/23 | |||||
| 71 |
Enforced path |
George Paterson | 12/09 | 01/23 | |||||
| 72 |
User authentication for external connections |
George Paterson | 12/09 | 01/23 | |||||
| 73 |
Node authentication |
George Paterson | 12/09 | 01/23 | |||||
| 74 |
Remote diagnostic port protection |
George Paterson | 12/17 | 02/03 | |||||
| 75 |
Segregation in networks |
George Paterson | 12/17 | 02/03 | |||||
| 76 |
Network connection control |
George Paterson | 12/17 | 02/03 | |||||
| 77 |
Network routing control |
George Paterson | 12/17 | 02/03 | |||||
| 78 |
Security of network services |
George Paterson | 12/17 | 02/03 | |||||
| 79 |
Automatic terminal identification |
George Paterson | 12/26 | 02/10 | |||||
| 80 |
Terminal log-on procedures |
George Paterson | 12/26 | 02/10 | |||||
| 81 |
User identification and authentication |
Lisa Steinberg | 12/14 | 01/17 | |||||
| 82 |
Password management system |
Lisa Steinberg | 12/14 | 01/17 | |||||
| 83 |
Use of system utilities |
George Paterson | 01/15 | 02/10 | |||||
| 84 |
Duress alarm to safeguard users |
George Paterson | 01/15 | 02/10 | |||||
| 85 |
Terminal time-out |
George Paterson | 01/15 | 02/10 | |||||
| 86 |
Limitation of connection time |
George Paterson | 01/15 | 02/10 | |||||
| 87 |
Information access restriction |
Lisa Steinberg | 01/03 | 01/20 | |||||
| 88 |
Sensitive system isolation |
Lisa Steinberg | 01/03 | 01/20 | |||||
| 89 |
Event logging |
Lisa Steinberg | 01/03 | 01/20 | |||||
| 90 |
Monitoring system use |
Lisa Steinberg | 01/03 | 01/20 | |||||
| 91 |
Clock synchronization |
Lisa Steinberg | 01/03 | 01/20 | |||||
| 92 |
Mobile computing |
Roy Johnstone | 12/02 | 01/07 | |||||
| 93 |
Teleworking |
Roy Johnstone | 12/02 | 01/07 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
SYSTEMS DEVELOPMENT AND MAINTENANCE |
|||||||||
| 94 |
Security requirements analysis and specification |
George Paterson | 12/09 | 02/24 | |||||
| 95 |
Input data validation |
John Peters | 12/16 | 01/10 | |||||
| 96 |
Control of internal processing |
George Paterson | 12/02 | 01/06 | |||||
| 97 |
Message authentication |
John Peters | 12/16 | 01/10 | |||||
| 98 |
Output data validation |
John Peters | 12/16 | 01/10 | |||||
| 99 |
Policy on the use of cryptographic controls |
Roy Johnstone | 12/02 | 01/23 | |||||
| 100 |
Encryption |
Roy Johnstone | 12/02 | 01/23 | |||||
| 101 |
Digital signatures |
Andrew Marcus | 12/02 | 01/23 | |||||
| 102 |
Non-repudiation services |
Andrew Marcus | 12/02 | 01/23 | |||||
| 103 |
Key management |
George Paterson | 12/16 | 02/10 | |||||
| 104 |
Control of operational software |
George Paterson | 12/16 | 02/07 | |||||
| 105 |
Protection of system test data |
George Paterson | 12/16 | 01/06 | |||||
| 106 |
Access control to program source library |
George Paterson | 12/20 | 01/06 | |||||
| 107 |
Change control procedures |
George Paterson | 11/22 | 11/27 | |||||
| 108 |
Technical review of operating systems changes |
Andrew Marcus | 12/16 | 01/27 | |||||
| 109 |
Restrictions on changes to software packages |
Andrew Marcus | 12/16 | 01/27 | |||||
| 110 |
Covert channels and Trojan code |
Andrew Marcus | 12/16 | 01/27 | |||||
| 111 |
Outsourced software development |
Marci Bishop | 12/12 | 01/17 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
BUSINESS CONTINUITY MANAGEMENT |
|||||||||
| 112 |
Business continuity management process |
Roy Johnstone | 12/16 | 02/14 | |||||
| 113 |
Business continuity and impact analysis |
Roy Johnstone | 12/16 | 02/14 | |||||
| 114 |
Writing and implementing continuity plans |
Roy Johnstone | 12/19 | 02/14 | |||||
| 115 |
Business continuity planning framework |
Roy Johnstone | 12/19 | 02/14 | |||||
| 116 |
Testing, maintaining and re-assessing Business continuity plans |
Roy Johnstone | 02/14 | 03/03 | |||||
|
Task Title |
Assigned to |
Date Started | Date Due | Task Status | Training | Tasks | Policy | Audit | |
|
COMPLIANCE |
|||||||||
| 117 |
Identification of applicable legislation |
Robert Sythe | 12/02 | 01/09 | |||||
| 118 |
Intellectual property rights (IPR) |
Robert Sythe | 12/02 | 01/09 | |||||
| 119 |
Safeguarding of organizational records |
George Paterson | 12/06 | 01/09 | |||||
| 120 |
Data protection and privacy of personal information |
George Paterson | 12/06 | 01/03 | |||||
| 121 |
Prevention of misuse of information processing facilities |
George Paterson | 12/06 | 01/17 | |||||
| 122 |
Regulation of cryptographic controls |
Robert Sythe | 01/10 | 02/14 | |||||
| 123 |
Collection of evidence |
Robert Sythe | 01/10 | 02/14 | |||||
| 124 |
Compliance with security policy |
Robert Sythe | 01/27 | 03/07 | |||||
| 125 |
Technical compliance checking |
Robert Sythe | 01/27 | 03/07 | |||||
| 126 |
System audit controls |
Robert Sythe | 01/27 | 03/03 | |||||
| 127 |
Protection of system audit tools |
Robert Sythe | 01/27 | 02/27 |
Overall status of tasks
|
Task Status |
|
|
N/a |
|
|
Not Started |
|
|
In-process On time |
|
|
Complete |
|
|
Late |
Communications (not available in demo)
|
Download Reports |
|---|
|
Spreadsheet - complete report |
|
Spreadsheet - update from last week |
|
Spreadsheet - past due items |
|
Request Assessments |
|
Assignments - this week |
|
Assignments - last week |
|
|
|
Completed assignments |
|
Questions |
Have Questions? We are on-line to answer them, click below!
