editione1.0.0
Updated October 9, 2023The following table is by no means exhaustive, but provides a guide to the types of events that might happen in your company that you would want to plan for. Don’t get overwhelmed, there are a lot of them (and I’m sure you will think of more)—remember that a lot goes on in your growing business, so it’s not surprising that there is a lot of security to consider on the way.
For each of these, you would list the associated actions, procedures, or playbooks that should form part of your response. For example:
| Event | Suggested Actions |
|---|---|
| A new device is acquired | 1. Record the device in the asset register. 2. Assign the device an owner. 3. Provide secure storage guidance to the new owner. 4. Configure the device with appropriate security controls or hardening. |
See the table of ISO domains for a refresher on what each area covers.
| Domain | Type | Event |
|---|---|---|
| Security policy | Planned | A new policy is developed |
| Unplanned | A policy changes | |
| Organization of information security | Unplanned | A new risk is identified |
| Unplanned | An existing risk changes | |
| Planned | A new leader joins the organization | |
| Unplanned | A change in the economic environment | |
| Asset management | Planned | A new device is acquired |
| Planned | A device is decommissioned | |
| Unplanned | A device is lost or stolen | |
| Human resources security | Planned | An employment offer is made |
| Planned | A new person starts | |
| Planned/Unplanned | Someone changes roles | |
| Planned/Unplanned | Someone leaves the organization | |
| Physical and environmental security | Planned/Unplanned | Someone visits your office |
| Unplanned | An alarm triggers | |
| Communications and operations management | Planned | A new tool is selected |
| Planned/Unplanned | Data is shared internally | |
| Planned/Unplanned | Data is shared externally | |
| Access control | Planned | Someone requests admin permissions |
| Planned | Someone requests access to an additional tool or datastore | |
| Unplanned | Unexpected access reported | |
| Information systems acquisition, development, and maintenance | Planned | A new product idea is suggested |
| Planned | A change is made to some existing code | |
| Planned | Systems are used in a new way | |
| Unplanned | A new security update is available | |
| Planned | Code is deployed to production | |
| Planned | A system component is deprecated | |
| Information security incident management | Unplanned | Security notification from vendor |
| Unplanned | Security notification from open source | |
| Unplanned | Security notification from customer | |
| Business continuity management | Planned | A new system is deployed |
| Planned | Changes in the business or operating environment | |
| Compliance | Planned | Customers acquired in a new region |
| Planned | Business expands into new area |
At the risk of sounding like the detective from a black-and-white movie, the key is that as a leader, you need to “expect the unexpected.” While this doesn’t always feel like something you can plan for, there are many common planned and unplanned security events that happen in most companies.
Just having a plan or process for these common events can put you a long way ahead when it comes to repeatable security processes and can allow you more time to think. This way you can focus on anything truly unexpected that happens.