Questions a CISO should be able to answer
…or, ask himself/herself at the very least
“Wise is not the one who knows all the answers but the one who knows what questions to ask”
More than an article, this is a conversation starter for the CISO and his/her team: What are your answers for this list of essential question that any information security department must deal with?
Obviously there are many other questions, these are just the foundation for a security program.
Yes, Questions!
These questions are ordered, it will be hard to answer the last ones without having answers for the first ones.
For your organization:
- Who are the clients of the information security team?
- What are the drivers for security? This will include Business, Technical and Compliance aspects.
- What are the business significant security objectives? Have these been agreed with the clients of the information security team?
- How do you model your organization and the systems it relies on?