What CISO does for a living by Louis Botha

It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies

CISO does for living

Download of What CISO does for a living (pdf)

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?




CISO should have answers to these questions before meeting with the senior management.

  • What are the top risks
  • Do we have inventory of critical InfoSec assets
  • What leading InfoSec standards and regulations apply to us
  • Are we conducting InfoSec risk assessment
  • Do we have risk treatment register
  • Are we testing controls, including DR/BCP plans
  • How do we measure compliance with security controls
  • Do we have data breach response plan
  • How often we conduct InfoSec awareness
  • Do we need or have enough cyber insurance
  • Is security budget appropriate to current threats
  •  Do we have visibility to critical network/systems
  • Are vendor risks part of our risk register

 Subscribe in a reader