12 Security Questions Every CIO Must Be Able to Answer
April 21, 2016 3:24 PM
Cybercrime is an insidious business; it happens in plain sight, avoids detection and causes damage quickly. There are even cybercrime-as-a-service offerings available to criminals who lack the technical know-how to reap the big jackpots capable of totaling tens of millions of dollars, according to Logicalis, an international IT solutions and managed services provider (www.us.logicalis.com). So, how do you prepare your organization to overcome an eventual attack? The firm stresses that any solution begins by answering these important questions. [This slideshow first appeared on Information Management]
If you knew that your company was going to be breached tomorrow, what would you do differently today?
Has your company ever been breached? How do you know?
What assets am I protecting, what am I protecting them from (i.e., theft, destruction, compromise), and who am I protecting them from (i.e. cybercriminals or even insiders)?
What damage will we sustain if we are breached (i.e., financial loss, reputation, regulatory fines, loss of competitive advantage)?
Have you moved beyond an inside vs. outside perimeter-based approach to information security?
Does your IT security implementation match your business-centric security policies? Does it rely on written policies, technical controls or both?
What is your security strategy for IoT (also known as the Internet of threat)?
What is your security strategy for anywhere, anytime, any device mobility?
Do you have an incident response plan in place?
What is your remediation process? Can you recover lost data and prevent a similar attack from happening again?