|
Based on what you have read, consider the following questions and how you would reply to them:
Does your company have plans that can be considered to be strategic, tactical, or annual, for example, long-range, short-range plans?
Have you read them?
If not, how do you know you are providing adequate service and support to the company?
Do you have strategic, tactical, and annual plans that support the company's business plans?
If so, are they current?
How do you know?
Do you have a process in place to keep them current?
If not, why not?
If you do have such plans, do you have a process in place and flow-charted to show how the plans, your information and systems protection functions, projects, risk management strategy, cost-benefit philosophy, and such are integrated into your CIAPP that supports the company's plans?
If not, why not?
|