In 2012, Gartner made the following prediction: "Through 2016, 75% of CISOs who experience publicly disclosed security breaches and lack documented, tested response plans will be fired."
As an information security leader there is no "hard and fast" rule that defines whether or not you are doing a sufficient job. However, once you have a breach, the expectations of your organization are clearly defined and backed by numerous regulators eager to show their constituencies that they mean business. This is a major concern for your Board of Directors and is probably the last thing you are prepared to deal with.
What you will learn:
- Addressing the strategic risk(s) of the corporation
- Ensuring your plan is "actionable" detailing a decision making process
- Making "your" plan an "our" plan
- Importance of testing at least annually