10 Question Security Assessment Process for CIOs and CSOs
10 Question Security Assessment Process is a way for CIOs and CSOs to quickly identify risks that they need to address.
- What does the enterprise need to differently today in order to stop a breach tomorrow?
- Does the enterprise know if the company has been breached? How does it know?
- What assets are protecting, what are they being protected from (i.e., theft, destruction, compromise), and who are they being protected them from (i.e. cybercriminals or insiders)?
- What risks does the enterprise face if it is breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
- Does the enterprise’s IT security implementation match the enterprise’s business-centric security policies?
- Are formal written policies, technical controls or both in place? Are they being followed?
- What is the enterprise’s security strategy for IoT?
- What is the enterprise’s security strategy for BYOD and “anywhere, anytime, any device” mobility?
- Does the enterprise have an incident response plan in place?
- What is the enterprise’s remediation process? Can the enterprise recover lost data and prevent a similar attack from happening again?