July 12, 2021

Annual Security Calendar

I’m relatively new to Security, although I have 20+ years of ITAdmin experience. I am now working in a non-technical Governance role for a state educational agency. I’ve been asked to put together an annual calendar containing things that we should be working on and testing. We’ve got plenty of funding so budget is not too large a concern. So far I’ve got the following:

SOC Audit – annually (already going through our first)

NIST CSF Assessment – ongoing during entire year

Full Penetration Test – Biannually

External Vulnerability Scan – weekly or monthly

Review DR, IR and BCP Plans – Biannually

Test DR, IR and BCP Plans – annually

Review of all firewall rules – Biannually

ReviewCleanup of Active Directory – Annually

Employee Security Training – Annually

Can anyone recommend anything I am missing that should be added to this calendar? I am also thinking about tying in National Cybersecurity Awareness month in October and International Fraud Awareness week in November.



I’d add:

1. Annual review of policies and sign off by the exec team
2. Annual review of critical vendors (rolling basis)
3. Annual inventory check


Hi, Dragonzim! (If that’s a Dragon Prince reference, I’ll buy you a Jelly Tart)

We’re scratching our heads on the best way to help you with an internal calendar without the context for what’s important to your organization. One quick piece of critique we might be able to extend to you: Consider scheduling your review of the response plans immediately following the test. If you’re SOC Type 2 or under stiffer regulations, that’s an easy way to show continuous improvement of your program.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.