9 Cyber Security Questions Every Executive Should Ask

November 25, 2015

According to 2015 Cost of Cyber Crime, recently released by The Ponemon Institute, the minimum cost of cyber crime to a company was $1.9M while the maximum cost was as much as $65M. As news of major cyber attacks becomes an almost weekly occurrence, organizations are still struggling to define a security model and determine how many resources (money, people) to allocate to their cyber security program. Each organization has limits to the resources it can allocate and it should not have to choose between making profits and providing security; however, these choices are not straightforward and may leave valuable assets unprotected.

"This year, companies saw an average of 160 successful cyber attacks per week, more than three times the 2010 average of 50 per week." ~Riley Walters, Cyber Attacks on U.S. Companies Since November 2014

The Idenhaus team has compiled some key questions to help organizations assess their level of preparedness.

9 Cyber Security Questions Every Executive Should Ask

  1. Have you defined a security governance model and defined security policies and procedures? (Key roles: Executive sponsor, cross-functional team of IT and business leaders, business risk management, compliance)
  2. Have you identified sensitive information in your organization and where it is stored?
  3. Do you understand the impact to your business/customers if sensitive data were breached?
  4. Are you using SIEM and Data Loss Prevention (DLP) tools to monitor data use and enforce security policy?
  5. Have you defined a holistic program to monitor your infrastructure and respond to incidents?
  6. Do you have an Identity Management solution and is it integrated with your security framework?
  7. Most successful cyberattacks begin with a compromised user account, especially a user with privileged access. Do you have mature IDM processes that will automatically disable a user’s accounts when they leave your organization?
  8. Have you implemented a Privileged Account Management solution?
  9. Have you implemented a security training program to educate your users (employees, contractors, and partners) on cybersecurity?

If you answered no to any of the questions above, it's time to reassess your approach to network security. Contact us today to get started.

More News