"Do not store The Business Continuity Plan and Disaster Recovery Plan on the server. If you are only reviewing the plan annually, you are already behind. Things move too quickly for annual review."
Build Your Defenses
Operations:
Establish baseline and target security maturity. Establish baseline and target security posture. Review personnel capabilities and determine skill paths. Develop and provide standards and guidelines for secure application development and infrastructure requirements.
Emerging Threats:
Develop risk and threat models. Determine available tools in use or to be acquired.
Threat Intelligence:
Learn how to integrate and contribute.
Vulnerability Management:
Develop automation for the detection and remediation of new vulnerabilities.
Incident Response:
Review current IR procedures and update if needed. Define internal and external communication protocols and guidelines.