Get 4 FREE months of Conformio to implement ISO 27001

Expert Advice Community

Guest

Questions to top management

  Quote
Guest
Guest user Created:   Jan 09, 2019 Last commented:   Jan 09, 2019

Questions to top management

I need a list of types of questions the chief executive officer (CEO), chief information security officer (CISO), chief information officer (CIO), or chief technology officer (CTO) of an organization needs to answer about the security technology you are using (or need to invest in), and how it is postured to best mitigate risk to cyberthreats.
0 0

Assign topic to the user

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

ISO 27001 DOCUMENTATION TOOLKIT

Step-by-step implementation for smaller companies.

Expert
Rhand Leal Jan 09, 2019

Or the types of questions to direct to CISO, CIO, or CTO to identify the types of technologies they have implemented to mitigate future cyberattacks.

Answer:

First it is important to understand that in general the C-level will not think directly about risk (neither they have to), so you have to make questions about their concerns regarding the business objectives (which are them, which are the most important, and why) and how information can help achieve these objectives, or prevent these of being achieved. From these answers you will be able to identify their risk posture, the most relevant risks and what you can do to treat them.

Another important issue is that in general these questions are as ked by the responsible for the information security (i.e., the CISO or similar role).

These articles will provide you further explanation about requirements identification:
- Top management perspective of information security implementation https://advisera.com/27001academy/blog/2012/12/04/top-management-perspective-of-information-security-implementation/
- Management’s view of information security https://advisera.com/27001academy/blog/2011/05/16/managements-view-of-information-security/
- How to identify ISMS requirements of interested parties in ISO 27001 https://advisera.com/27001academy/blog/2017/02/06/how-to-identify-isms-requirements-of-interested-parties-in-iso-27001/

Quote
0 0

Comment as guest or Sign in

HTML tags are not allowed

Jan 09, 2019

Jan 09, 2019

Suggested Topics

Guest user Created:   Mar 13, 2019 ISO 27001 & 22301
Replies: 1
0 0

Questions to top management

Ash Created:   Jan 21, 2024 ISO 27001 & 22301
Replies: 1
0 0

ISO 27001 Internal Audits

Guest user Created:   May 13, 2023 ISO 27001 & 22301
Replies: 1
0 0

Risk Register & BYOD