Security Basics: Operational Security

["Roman Tomazi" <romantomazi () googlemail com>]

Hi

I am doing some work for a company who wish to take a bottom up
approach to establishing a security practice. They want to start out
with a checklist of activities that a security analyst (maybe later a
group) would do on an operational basis (e.g. daily, weekly, etc). For
instance, daily: check firewall logs; quarterly, review incident
response process.

I come from more of a development background than an operational one,
so wondered if anyone could point me at any good resources that
address this, or give any advice they may have?

Thanks