Apr 18 2019

What CISO does for a living

Category: CISODISC @ 9:14 am

What CISO does for a living by Louis Botha

It’s based on the CISO mindmap by Rafeeq Rehman, updated for 2018 and adding the less technical competencies

[pdf-embedder url=”https://blog.deurainfosec.com/wp-content/uploads/2019/04/CISO-does-for-living.pdf” title=”CISO does for living”]

Download of What CISO does for a living (pdf)

CISO MindMap 2018 – What Do InfoSec Professionals Really Do?




CISO should have answers to these questions before meeting with the senior management.

  • What are the top risks
  • Do we have inventory of critical InfoSec assets
  • What leading InfoSec standards and regulations apply to us
  • Are we conducting InfoSec risk assessment
  • Do we have risk treatment register
  • Are we testing controls, including DR/BCP plans
  • How do we measure compliance with security controls
  • Do we have data breach response plan
  • How often we conduct InfoSec awareness
  • Do we need or have enough cyber insurance
  • Is security budget appropriate to current threats
  •  Do we have visibility to critical network/systems
  • Are vendor risks part of our risk register

 Subscribe in a reader

Tags: Chief Information Security Officer, CISO

One Response to “What CISO does for a living”

  1. The Adventures of CISO says:

    […] What CISO does for a living […]

Leave a Reply

You must be logged in to post a comment. Login now.