Scribd
Upload
7 views

ECC

The document is a comprehensive ECC Control Implementation Tracker listing various cybersecurity tasks, their categories, responsible teams, start and due dates, priorities, and current statuses. Most tasks are marked as pending, with a few completed, indicating ongoing efforts to establish a robust cybersecurity framework. The tasks cover areas such as policy development, risk management, asset management, and incident management, among others.

Uploaded by

alizx2060
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
7 views

ECC

The document is a comprehensive ECC Control Implementation Tracker listing various cybersecurity tasks, their categories, responsible teams, start and due dates, priorities, and current statuses. Most tasks are marked as pending, with a few completed, indicating ongoing efforts to establish a robust cybersecurity framework. The tasks cover areas such as policy development, risk management, asset management, and incident management, among others.

Uploaded by

alizx2060
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 6

ECC Control Implementation Tracker LIST

ECC Control No Task Category Responsible Team Start Date Due Date Priority Status Remarks
1.1.1 Define or Develop a cybersecurity strategy Document Creating GRC Team Medium Completed

1.2.1 Establish dedicated cybersecurity Department Setup/Structure Top Management High Pending

1.2.3 Define A cybersecurity steering committee Setup/Structure Top Management High Pending

1.2.3 Committee members, roles and responsibilities HR Administration HR Manager High Pending

1.2.3 Roles and responsibility documentation HR Administration HR Manager Low Pending

1.3.1 Develop Cybersecurity policies and Policy GRC Team Medium Pending

1.3.1 Develop Cybersecurity procedures Procedure GRC Team Medium Pending

1.3.4 Policies and procedures are reviewed Revision Top Management High Pending

1.4.1 Define roles and responsibilities of Cybersecurity Resource Human Resource HR Administration Team Low Pending

1.4.2 Cybersecurity roles and responsibilities are reviewed Revision HR Administration Team Medium Pending

1.5.1 Risk Management framework document Document Creating GRC Team Medium Pending

1.5.2 Conduct Risk assessment Assessment GRC Team High Pending

1.5.3 Risk Management document review Revision GRC Team Medium Pending

1.6.1 Change Management Policy Policy GRC Team Medium Pending

1.6.2 Change Management Procedure Procedure GRC Team Medium Pending

1.6.3 secure Coding Standard or Guideline define Standard/Guideline GRC Team High Pending

1.6.3 trusted and licensed sources for software use Configuration/System Check IT Audit team Medium Pending

1.6.3 System Hardening benchmark configure Configuration/System Check IT Audit team High Pending
organization comply with related national cybersecurity laws
1.7.1 Assessment IT Audit team High Pending
and regulations?
1.8.1 Conduct Internal Audit of entire organization Assessment IT Audit team Medium Pending
1.8.2 Result of internal audit report Assessment IT Audit team Medium Pending

1.9.1 Screening Human Resource HR Administration Team High Pending

1.9.2 Terms and conditions of employment Human Resource HR Administration Team Medium Pending

1.9.3 Management responsibilities Human Resource HR Administration Team Medium Pending

1.9.4 Information security awareness, education and training Human Resource HR Administration Team High Pending

1.9.5 Disciplinary process Human Resource HR Administration Team Low Pending

1.9.6 Termination or change of employment responsibilities Human Resource HR Administration Team Medium Pending

1.10.1 Developed and approved cybersecurity awareness program Document Creating GRC Team High Pending

1.10.2 implement a cybersecurity awareness program Training and Development Cyber Security Team Low Pending

1.10.3 Review cybersecurity awareness program Training and Development Cyber Security Team Medium Pending

2.1.1 assets management policy Policy GRC Team Medium Pending

2.1.1 Ownership of assets Form Document Creating GRC Team Low Pending

2.1.1 Acceptable use of assets policy Policy GRC Team Medium Pending

2.1.1 Return of assets form Document Creating GRC Team Low Pending

2.1.1 Asset management solution implement Setup/Structure Cyber Security Team High Pending

2.1.5 All Assets classified, labeled OR Tagging Setup/Structure/work IT Team Medium Pending

2.2.1 access management Policy Policy GRC Team Medium Pending

2.2.1 access management Procedure Procedure GRC Team Medium Pending

2.2.3 IAM Solution implement Setup/Structure/work Cyber Security Team High Pending

2.2.4 access management Policy review Revision GRC Team Low Pending

2.3.1 Anti-malware policy Policy GRC Team High Pending

2.3.1 Anti-malware procedure Procedure GRC Team High Pending

2.3.3 Implement anti-malware solution Setup/Structure/work Cyber Security Team High Pending

2.3.4 Anti-malware policy review Revision GRC Team Low Pending

2.3.3 restrict usb port Setup/Structure/work IT Team High Pending


2.3.3 Centralized clock synchronization Setup/Structure/work IT Team High Pending

2.3.3 PATCH management solution implement Setup/Structure/work IT Team High Pending

2.4.1 Email protection policy Policy GRC Team Medium Pending

2.4.1 Email protection Procedure Procedure GRC Team Medium Pending

2.4.3 Ensure Email security Setup/Structure/work Cyber Security Team High Pending

2.4.4 Email protection policy review Revision GRC Team Low Pending

2.5.1 Network security policy Policy GRC Team Medium Pending


Logical or physical segregation and segmentation of network
2.5.3 Setup/Structure/work IT Team High Pending
segments using firewalls
Network segregation between production, test and
2.5.3 Setup/Structure/work IT Team High Pending
development environments.
2.5.3 Wireless network protection Setup/Structure/work IT Team High Pending

2.5.3 restrictions on network services, protocols and ports Setup/Structure/work IT Team High Pending

2.5.4 Network security policy review Revision GRC Team Low Pending

2.6.1 Mobile device security policy Policy GRC Team Medium Pending

2.6.4 Mobile device security policy Revision GRC Team Low Pending

2.7.1 Information handling and transfer policy Policy GRC Team Medium Pending

2.7.1 Information handling and transfer procedure Procedure GRC Team Medium Pending

2.7.2 Information or asset transfer form Document Creating GRC Team Low Pending

2.7.4 Information handling and transfer policy review Revision GRC Team Low Pending

2.8.1 Cryptography policy Policy GRC Team Medium Pending

2.8.3 Secure management of cryptographic keys during their lifecycles. Setup/Structure/work Cyber Security Team High Pending

2.8.4 Cryptography policy review Revision GRC Team Low Pending

2.9.1 Backup and recovery policy Policy GRC Team Medium Pending

2.9.1 Backup and recovery procedure Procedure GRC Team Medium Pending

2.9.2 backup solution implement Setup/Structure/work Cyber Security Team High Pending
2.9.3 Backup testing Setup/Structure/work Cyber Security Team High Pending

2.9.4 Backup and recovery policy review Revision GRC Team Low Pending

2.10.1 technical vulnerabilities management policy Policy GRC Team Medium Pending

2.10.2 implement VA Solution Setup/Structure/work Cyber Security Team High Pending

2.10.2 Periodic vulnerabilities assessments. Setup/Structure/work Cyber Security Team High Pending
Vulnerabilities remediation based on classification and
2.10.3 Setup/Structure/work Cyber Security Team High Pending
associated risk levels.
2.10.4 technical vulnerabilities management policy review Revision GRC Team Low Pending

2.11.1 penetration testing policy Policy GRC Team Medium Pending

2.11.2 implement PT Solution Setup/Structure/work Cyber Security Team High Pending

2.11.3 Conducting penetration tests Setup/Structure/work Cyber Security Team High Pending

2.11.4 penetration testing policy review Revision GRC Team Low Pending

2.12.1 Event log management policy & process Policy GRC Team Medium Pending

2.12.2 Log management system implement Setup/Structure/work Cyber Security Team High Pending
Identification of required technologies (e.g., SIEM) for
2.12.3 Setup/Structure/work Cyber Security Team High Pending
cybersecurity event logs collection.
2.12.4 Event log management policy review Revision GRC Team Low Pending

2.13.1 Incident management framework Standard/Guideline GRC Team Medium Pending

2.13.2 Reporting information security events Document Creating Cyber Security Team Medium Pending

2.13.2 Reporting information security weaknesses Document Creating Cyber Security Team Medium Pending

2.13.2 Assessment of and decision on information security events Document Creating Cyber Security Team Medium Pending

2.13.2 Response to information security incidents Document Creating Cyber Security Team Medium Pending

2.13.2 Learning from information security incidents Document Creating Cyber Security Team Medium Pending

2.13.3 Collection of evidence Document Creating Cyber Security Team Medium Pending

2.13.4 Incident management framework review Revision GRC Team Low Pending

2.14.1 Physical security perimeter Document Creating Cyber Security Team Medium Pending
2.14.2 Physical entry controls Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Securing offices, rooms and facilities Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Protecting against external and environmental threats Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Working in secure areas Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Delivery and loading areas Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Equipment siting and protection Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Supporting utilities Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Cabling security Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Equipment maintenance Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Removal of assets Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Security of equipment and assets off-premises Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Secure disposal or reuse of equipment Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Unattended user equipment Setup/Structure/work Cyber Security Team Medium Pending

2.14.2 Clear desk and clear screen policy Policy GRC Team Medium Pending

2.14.4 Physical security policy and procedure create and review Policy GRC Team Medium Pending

2.15.1 Web application security policy Policy GRC Team Medium Pending

2.15.2 WAF implement Setup/Structure/work Cyber Security Team Medium Pending

3.1.1 business continuity management policy and procedure Standard/Guideline GRC Team Medium Pending
Developing response plans for cybersecurity incidents that
3.1.2 Document Creating GRC Team Medium Pending
may affect the business continuity.
3.1.3 Developing disaster recovery plans. Document Creating GRC Team Medium Pending

3.1.4 business continuity management policy and procedure review Revision GRC Team Medium Pending

4.1.1 Third-Party Cybersecurity policy Policy GRC Team Medium Pending

4.1.2 Non-disclosure clauses for third-party Human Resource HR Administration Team Low Pending

4.1.3 Conducting a cybersecurity risk assessment for 3rd party Setup/Structure/work Cyber Security Team Medium Pending
review periodically cybersecurity requirements for contracts
4.1.4 Human Resource HR Administration Team Low Pending
and agreements with third-parties
4.2.1 Cloud computing hosting policy Policy GRC Team Medium Pending

4.2.3 Cloud computing hosting policy review Revision GRC Team Low Pending

You might also like

pFad - Phonifier reborn

Pfad - The Proxy pFad of © 2024 Garber Painting. All rights reserved.

Note: This service is not intended for secure transactions such as banking, social media, email, or purchasing. Use at your own risk. We assume no liability whatsoever for broken pages.


Alternative Proxies:

Alternative Proxy

pFad Proxy

pFad v3 Proxy

pFad v4 Proxy