Management Questions

Risk Assessment/Management
Does your organization:

• Regularly perform vulnerability assessments?
• Act on the results of a vulnerability assessment in a timely manner?
• Identify critical information assets?
• Identify the threats to critical information assets?
• Determine the financial and other impacts of a successful attack on critical information assets?
• Evaluate and manage your information security risks on an ongoing basis? In other words, are risks to critical information assets managed in a similar fashion to other key business risks?

Management/Policy
Does your organization:

• Have a security policy (both IT and physical) established by senior managers?
• Link your security policies to specific business objectives and specific risk areas?
• Inform all managers at all levels of their responsibilities regarding security, including policy enforcement?
• Include security as a regular agenda topic at management and staff meetings?
• Ensure that all users receive training in your organization’s security policy, as well as penalties and consequences for non-compliance, prior to receiving an account on any system?
• Periodically conduct an independent audit of organizational compliance with security policies?

System and Network Management
Does your organization:

• Assign, manage, and update user identities and access permissions?
• Control system and network changes, and manage system and network configuration, including selecting, testing, and applying high priority patches?
• Regularly scan for viruses/worms/ Trojan horses/ denial of service agents on servers, desktop systems, laptop systems, and mobile devices?
• Monitor for, detect, report, and act on suspicious files/behaviors/ events including user reports?
• Actively work to contain the damage caused by a virus/worm/Trojan horse?
• Recover/restore files, systems, and networks compromised in an attack in a timely manner?

Corporate Security
Does your organization:

• Require identification and authentication for accessing your work facilities/buildings?
• Have business continuity and disaster recovery plans in place?
• Provide training to employees on identifying suspicious packages, behaviors, persons and events, and alerting security personnel?
• Require human resources to conduct background checks on all new hires?

Source:
CSO Magazine and CERT Security Capability Assessment Tool
CSO Magazine

207No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F11%2F02%2Fsecurity-capability-assessment%2FSecurity+Capability+Assessment2007-11-02+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F11%2F2%2Fsecurity-capability-assessment%2F Posted by Administrator / Security Questions

• What percentage of your sales presentation/proposal is devoted to describing your company and your solution?
• What percentage of your sales presentation/proposal is devoted to describing your customer’s business, their problems and objectives?
• How well do customers understand their own problems?
• How much of your presentation is focused on persuading and convincing?
• How well can your customers connect your solutions to their business situation?

Source:
The Presentation Trap: Why Making Presentations Can Cost You the Sale
by Jeff Thull
The CEO Refresher, October 2006

206No Comments »http%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F11%2F01%2Fsales-presentation-questions%2FSales+Presentation+Questions2007-11-01+18%3A15%3A00Administratorhttp%3A%2F%2Fwww.mgmtquestions.com%2F2007%2F11%2F1%2Fsales-presentation-questions%2F Posted by Administrator / Sales Questions