These questions are to help you apply some of the concepts, best practices, and lessons learned from the content in each chapter. You can use them in individual reflection, or present them to your security team for group feedback and discussion.
If you haven’t bought the book yet go to our “Buy the Book” tab or click here: http://store.elsevier.com/Managing-Online-Risk/Deborah-Gonzalez/isbn-9780124200555/
Risk Management Digital Style
- When did your company last do a risk assessment? Does it include online/digital activity risks? Is it time for a new one?
- What were some of the findings? Did they surprise anyone?
- What actions were implemented due to the findings? If none were why not?
- How many of the SANS’ 20 Critical Security Controls for Cyber-Defense (listed on page 16) has your organization implemented?
- Do you have a Risk/Incident Response Plan? When was it last reviewed?
- What system do you have in place to monitor online/digital risks? Is it working?
- Do any of the Ten IT Security Myths (listed on pages 22-23) ring true in your organization? How can you de-mythify them?
- Do you, your IT security team, or any company employees use any of the security/risk management apps listed on page 24? Any others? Do you know?