In 2012, Gartner made the following prediction: "Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented; tested response plans will be fired."
As an information security leader there is no "hard and fast" rule that defines whether or not you are doing a sufficient job. However, once you have a breach, the expectations of your organization are clearly defined and backed by numerous regulators eager to show their constituencies that they mean business. This is a major concern for your Board of Directors and is probably the last thing you are prepared to deal with.
What you will learn:
- Addressing the strategic risk(s) of the corporation
- Ensuring your plan is "actionable" detailing a decision making process
- Making "your" plan an "our" plan
- Importance of testing at least annually