IDENTIFY - PROTECT - DETECT - RESPOND - RECOVER
1.1 Establish Information Valuation & Classification
1.2 Complete Information Inventory
1.3 Map Data Flows
1.4 Determine Information Values, Efficiencies, and Control Requirements
2.1 Understand / Create Governance Structure & Identity Personas
2.2 Determine Decision-Making Process
2.3 Ratify Governance Structure
2.4 Determine Compliance Monitoring Process
3.1 Create / Update Information Policy & Standards
3.2 Establish Internal Review and Processes
3.3 Publish Information Policy & Standards
4.1 Create / Update Training, Marketing, Communication Content & Plans
4.2 Update Review and Approval Process
4.3 Update General Security Awareness Curriculum
4.4 Conduct Role Specific Training & Marketing
4.5 Develop Training & Marketing Content
4.6 Conduct End-User Training
5.1 Determine Solutions & Controls for Critical Unstructured Information
5.2 Determine Business Impact of Proposed Solutions
5.3 Deploy Solutions for Pilot Deployments
5.4 Evaluate Pilot Deployment Scenarios
5.5 Deploy Solutions & Controls for High-Risk Unstructured Information
6.1 Determine Solutions & Controls for Critical Structured Information
6.2 Determine Business Impact of Proposed Solutions
6.3 Deploy Solutions for Pilot Deployments
6.4 Evaluate Pilot Deployment Scenarios
6.5 Deploy Solutions & Controls for High-Risk Structured Information
7.1 Determine Risk & Threat Monitoring Solutions
7.2 Develop Response Procedures for Business Continuity and Disaster Recovery
7.3 Deploy Monitoring Systems
7.4 Monitor & Report Event Activity
7.5 Monitor Requirement Changes
Powered By: