|
Based on what you have read, consider the following questions and how you would reply to them:
Where do you think the ISSO position and InfoSec organization should report at IWC or within your company?
Why?
Have you read your company's business plans?
Have you integrated your InfoSec organization plans to support the successful accomplishment of the company goals?
If not, why not?
If so, how do you measure your success in that support?
Do you have a CIAPP?
Is the CIAPP current?
Do you have a process in place to keep it current?
Do you have a process in place to ensure it is working at least cost and impact to the company's business?
In support of the IWC vision, mission, and quality statements, what would you write as the IWC ISSO to support them or those of your company?
Are the statements realistic?
Are the statements known by your staff?
Are the statements useful, or do they exist only because management said to write them?
Are the statements one of the basic foundation pillars of the CIAPP?
If not, why not?
|