|
Based on what you have read, consider the following questions and how you would reply to them:
Do you have a formal, that is, documented CIAPP?
If not, why not?
What would you consider as the benefits of such a plan?
What would you consider as the negatives of such a plan?
Have you ever briefed executive management on InfoSec-related matters?
Do you identify the costs of staffing and providing InfoSec functions using a cost-benefit-risk management process?
If you were to develop a CIAPP for IWC, what would you do differently from what was stated in this chapter?
If you could build and manage an InfoSec organization for IWC, how would the structure compare to the one cited in this chapter, and why?
How would you manage the off-site locations—for example, would you manage them from the corporate office, or ask some off-site manager to matrix manage the staff for you?
What other job descriptions would you add to the ones provided?
What other duties and responsibilities would you add to the job descriptions provided in this chapter?
Do you know how to successfully work with Human Resources staff to meet their requirements and also effectively and efficiently get your objectives accomplished?
|