Ten security questions every CIO must be able to answer…
- Published: Wednesday, 20 April 2016 08:38
Logicalis has prepared a list of ten questions which CIOs must have an answer for to ensure that their organization is adequately prepared for a cyber-incident. The questions offer a useful checklist for any information security planning activities :
- If you knew that your company was going to be breached tomorrow, what would you do differently today?
- Has your company ever been breached? How do you know?
- What assets am I protecting, what am I protecting them from (i.e., theft, destruction, compromise), and who am I protecting them from (i.e. cybercriminals or even insiders)?
- What damage will we sustain if we are breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
- Have you moved beyond an ‘inside vs. outside’ perimeter-based approach to information security?
- Does your IT security implementation match your business-centric security policies? Does it rely on written policies, technical controls or both?
- What is your security strategy for IoT?
- What is your security strategy for ‘anywhere, anytime, any device’ mobility?
- Do you have an incident response plan in place?
- What is your remediation process? Can you recover lost data and prevent a similar attack from happening again?