|
Based on what you have read, consider the following questions and how you would reply to them:
If you could define your title and your reporting level within a corporation, what would it be and why?
Do you believe that all assets protection functions should be under one leader within a corporation?
If so, what would that person's title be?
If not, why not?
As an ISSO, do you know what is expected of you?
Do you have a strategic, tactical, and annual InfoSec (CIAPP) plan that supports the corporate plans?
Do you have vision, mission, and quality statements?
If so, are they something that you actually use in planning or just in meeting management requirements?
If you are not using them, why not?
Do you use formal project management processes and techniques?
If so, how and when?
Do you use formal risk management processes and techniques?
If so, when and how?
If you could change your ISSO duties and responsibilities, how would you change them and why?
|