PL-6 — Security-related Activity Planning

Security-related activities — like penetration testing, vulnerability scanning, or security assessments — need to be planned and coordinated to avoid disrupting operations or triggering false alarms.

Example 1: Create a security activity calendar that schedules all planned security activities: annual penetration tests, quarterly vulnerability scans, monthly phishing simulations, and weekly log reviews. Share this calendar with IT operations so they know what to expect and when.

Example 2: Before conducting any security testing, submit a notification to IT operations, help desk, and management. Include the scope, timing, and expected impact. This prevents unnecessary incident responses when your vulnerability scanner triggers IDS alerts or your phishing test generates a flood of reports.