CISO First 100 days

From Glitchdata
Jump to navigation Jump to search

Here is a runsheet for CISO's first 100 days.

Caption text
Phase Topic Details & Examples Schedule
Assess Stakeholder Meetings Conduct meetings with crucial stakeholders, including the Chief Technology Officer (CTO), Chief Financial Officer (CFO), Data Protection Officer/Legal (DPO/Legal), IT, HR, Research and Development (R&D), DevOps, Quality Assurance (QA), and Sales/Marketing, as well as Operations personnel. During these meetings, focus on eliciting valuable insights through the following inquiries:
  1. Obtain a comprehensive overview of each manager's domain.
  2. Gain a deep understanding of the business aspects within each department.
  3. Identify and prioritize key objectives for each manager.
  4. Address any concerns they may have.
  5. Establish success criteria for the security program.Additionally, it is crucial to comprehend the business side of operations and establish points of contact. This understanding will prove invaluable in responding to security incidents such as ransomware recovery, business email compromise, compromised web application servers, and other potential threats. ||
Assess Review Past Infosec activities such as:
  1. Awareness Program
  2. Pentests
  3. Vulnerability management program
  4. Tools and configurations
  5. Incidents/ Breaches
  6. Privacy and compliance assessments
Assess Gather existing InfoSec materials such as:
  1. Policies
  2. Diagrams
  3. Risk Assessments
  4. Business Impact analysis
  5. Assets list
  6. Security Plan/roadmap
  7. Controls list
  8. Historical Pen Tests
  9. Strategic plan
  10. Work Plans
  11. Incidents list
  12. 3rd parties and supply chain data
  13. Hardening procedures
  14. Data mapping and classification
  15. Compliance processes
  16. Knowledge management system
  17. Awareness training materials and campaigns
Assess identify all Assets: