Ten security questions every CIO must be able to answer…

Published: Wednesday, 20 April 2016 08:38

Logicalis has prepared a list of ten questions which CIOs must have an answer for to ensure that their organization is adequately prepared for a cyber-incident. The questions offer a useful checklist for any information security planning activities :

  1. If you knew that your company was going to be breached tomorrow, what would you do differently today?
  2. Has your company ever been breached? How do you know?
  3. What assets am I protecting, what am I protecting them from (i.e., theft, destruction, compromise), and who am I protecting them from (i.e. cybercriminals or even insiders)?
  4. What damage will we sustain if we are breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
  5. Have you moved beyond an ‘inside vs. outside’ perimeter-based approach to information security?
  6. Does your IT security implementation match your business-centric security policies? Does it rely on written policies, technical controls or both?
  7. What is your security strategy for IoT?
  8. What is your security strategy for ‘anywhere, anytime, any device’ mobility?
  9. Do you have an incident response plan in place?
  10. What is your remediation process? Can you recover lost data and prevent a similar attack from happening again?