2023 is here! Happy New Year’s All!
It is time to take a close look at your 2023 schedule to make sure the critical elements of your information security and compliance programs are mapped out, plus a few extra key factors we think are important to focus on.
Items you may want to schedule:
- Information Security Awareness training
- Policy review, updates, and approval (annually)
- IT Risk Assessment review and updates
- Cybersecurity review and updates
- Ransomware review and update
External security assessment and audits
- Vulnerability Assessment (internal and external, expected annually)
Internal assessment and audits
- User account review/audit
- Cloud infrastructure review
- User permission testing and audits (suggested quarterly)
- Testing backups
- Power generator and UPS testing
- Firewall configuration and rule review (expected quarterly)
- Continuing education for IT security and IT administration
- VACATION!
Other items that may need attention:
- Have you remediated all findings from your past audits and examinations?
Have all your employees read and sign your institution’s:
- Acceptable Use Policy
- Employee Handbook
- Confidentiality Agreements
Program Training & Testing:
- End-user training
- Walk-through exercises
Partial or Complete Tests of the Following:
- Business Continuity Plan
- Disaster Recovery Plan
- Business Impact Analysis
- Pandemic Continuity Plan