What CISO does for a living by Louis Botha
It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies
[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/04/CISO-does-for-living.pdf” title=”CISO does for living”]
Download of What CISO does for a living (pdf)
CISO MindMap 2018 – What Do InfoSec Professionals Really Do?
CISO should have answers to these questions before meeting with the senior management.
- What are the top risks
- Do we have inventory of critical InfoSec assets
- What leading InfoSec standards and regulations apply to us
- Are we conducting InfoSec risk assessment
- Do we have risk treatment register
- Are we testing controls, including DR/BCP plans
- How do we measure compliance with security controls
- Do we have data breach response plan
- How often we conduct InfoSec awareness
- Do we need or have enough cyber insurance
- Is security budget appropriate to current threats
- Do we have visibility to critical network/systems
- Are vendor risks part of our risk register
October 17th, 2019 8:34 am
[…] What CISO does for a living […]