Source: Ten Must-Have CISO Skills – By Darren Death
CISO should have answers to these questions before meeting with the senior management.
- What are the top risks
- Do we have inventory of critical InfoSec assets
- What leading InfoSec standards and regulations apply to us
- Are we conducting InfoSec risk assessment
- Do we have risk treatment register
- Are we testing controls, including DR/BCP plans
- How do we measure compliance with security controls
- Do we have data breach response plan
- How often we conduct InfoSec awareness
- Do we need or have enough cyber insurance
- Is security budget appropriate to current threats
- Do we have visibility to critical network/systems
- Are vendor risks part of our risk register
October 17th, 2019 7:52 am
[…] Types of Experiences Every Security Pro Should Have Ten Must-Have CISO Skills What CISO does for a living CISOs and the Quest for Cybersecurity Metrics Fit for Business […]