Questions a CISO should be able to answer

…or, ask himself/herself at the very least

Vicente Aceituno Canal
The CISO Den

--

Photo by James Lee on Unsplash

“Wise is not the one who knows all the answers but the one who knows what questions to ask”

More than an article, this is a conversation starter for the CISO and his/her team: What are your answers for this list of essential question that any information security department must deal with?

Obviously there are many other questions, these are just the foundation for a security program.

Yes, Questions!

Roy Batty had questions, too

These questions are ordered, it will be hard to answer the last ones without having answers for the first ones.

For your organization:

  • Who are the clients of the information security team?
  • What are the drivers for security? This will include Business, Technical and Compliance aspects.
  • What are the business significant security objectives? Have these been agreed with the clients of the information security team?
  • How do you model your organization and the systems it relies on?

--

--

Responses (3)