Day 36 — Kicking Off Sprint #5
The Remaining Mountain to Climb
Welcome to Week #5! Hard to believe it’s been 6 weeks since I started this mini-experiment. If you’re reading this, thanks for the accountability!
I started today by organizing all the Info Security work I’ve done over the past weeks in JIRA. As it turns out, I’ve accomplished a lot —but I’ve also created a lot of new work that makes it feel like I’m walking on a stair machine while getting batted over the head.
I broke out the remaining work into Epics (based on the Information Security Control Sections in our policies). Here’s where I stand:
If it seems like a lot, it is. But after today, I’m down to a bunch of smaller tasks that I created through last week’s work and 4 BIG epics:
- Business Continuity
- Incident Response
- Privacy Management
- Secure System Development
Today’s Deep Dive: Technology Acceptable Use
With my remaining work sorted out, my goal for the rest of today was to knock out another section of our Information Security Policy.
I chose Technology Acceptable Use, which is basically how we’ll use devices and manage data internally. Here’s how it breaks down (by policy):
1 — BYOD Checklist: I created this checklist for bringing our own devices based on our policies. I’m hoping to make it really easy to ensure we have strong security on our devices.
2 — Info Security Policy Updates: Added to our information security policy based on our controls in this section. Check the link for the original policy — the author has somehow made policies fun.
3 — Asset Inventory Data Retention Schedule: Added a column to our asset inventory to designate how long we will keep records.
Tomorrow I aim to tackle one of the bigger remaining epics: Business Continuity / Incident Response.