Executive Level Cybersecurity Questions

Far too many boards and CEOs see cybersecurity as a set of technical initiatives and edicts that are the domain of the CIO, chief security officer and other technical practitioners. In doing so, they overlook the perils of corporate complexity—and the power of simplicity—when it comes to cyber risk. We’d propose, in fact, that leaders who are serious about cybersecurity need to translate simplicity and … [ Read more ]

25 Crisis Management Questions

Much of the training top executives receive around crisis management is little more than training in crisis communications—only one part of the broader crisis-response picture. Executives should ask themselves the following 25 questions about preparedness.
Understanding threats

  • What are the organization’s top ten risks and, relative to these, what are the top five “black swan” threats that could destabilize the organization?
  • For each black-swan threat, how

[ Read more ]

Information (Data) Inventory Questions

  • What information are we collecting?
  • Where and how are we collecting it?
  • Who owns it?
  • Who has access to it?
  • What are we doing with it?
  • What would be the impact to the organization if it got into the wrong hands?
  • What

[ Read more ]

Diagnose Your Enterprise Resilience: Eight Fundamental Questions

  1. Are the complexity of the extended enterprise and major earnings drivers across it transparent?
  2. Are interdependencies understood and interdependence risks identified?
  3. What programs are in place to ensure the viability of earnings drivers?
  4. Are these programs fully aligned with corporate strategy and objectives, and do we understand the trade-offs within these programs?
  5. Do we know what we spend on resilience?
  6. How good is our situational awareness — that is, do

[ Read more ]

3 Key Risk Management Questions

  • How good is my company at understanding risk? i.e., what risks do we face and how does that risk impact on my organization?
  • What control procedures does my company have in place to mitigate these risks?
  • How does my company achieve recognition for the effort we have put into implementing control measures and managing risk?

Source:
An explicit item for the main[ Read more ]