What Questions Are CISOs Asking? Part 2

September 2, 2021 | By IANS Research

This is the second piece in our CISO Questions series, where we highlight questions CISOs and other information security leaders pose to our Faculty members through our Ask-An-Expert service. Here we share questions related to compliance, tools/technology and identity and access management (IAM).

CISO Question Categories

Technical InfoSec Questions

As information security practitioners who have "seen it and done it," our Faculty are well-positioned to field technical questions from CISOs requiring them to get deep in the weeds. Examples of the types of technical, security tool-related inquiries CISOs rely on the Faculty for guidance include:

  • Requesting input on the value of tools like Armis, Dragos and Claroty for asset discovery and inventory. If widely deployed, can these tools provide 100% visibility into assets? How do other organizations get this type of visibility, particularly with industrial control systems (ICS)? 
  • Asking for advice on transitioning away from a specific software vendor and leveraging their expertise in the space to help determine top options for alternative vendors, including which vendors facilitate automation and allow the team to be more agile to address shifting business practices.
  • Getting help understanding what tools are available for internal resource tracking and what project management experience is needed to lead the effort.

Compliance-Related Questions

Navigating complex compliance waters can be a challenge for even the most seasoned CISOs, given industry requirements, as well as state and domestic/international variance. Our 80-plus Faculty members cover every vertical and assist clients with:

  • Finding information about safeguarding data and insights on the possibility of building a uniform data protection policy, including plans for alignment of disparate state laws and regulations, and ways to adjust when dealing with data on EU citizens.
  • Learning about the associated costs of ISO certification, costs around annual recertification and any other costs the team should consider.
  • Searching for guidance on building out a compliance program. What services should be offered, what key performance indicators (KPIs) need to be reported to management, what does a charter statement need to include and what should the scope of responsibilities be?

Identity and Access Management Questions

IAM is growing in importance and complexity, as more organizations move critical workloads to the cloud and need to implement IAM programs that effectively support on-prem, cloud and hybrid work environments. Some questions security leaders asked in the IAM arena:

  • Seeking input on how to centralize IAM for the cloud, including developing a centralized IAM team and establishing centralized directory services, identity provisioning/lifecycle, SSO, monitoring and more.
  • Leaning on the Faculty for content on creating an IAM framework architecture.

 

DOWNLOAD:  5 Attributes of Top-Performing CISOs

 

InfoSec Resources for CISOs

CISOs and their teams posing questions receive either a detailed and action-oriented 1,000-word written report or participate in a one-hour phone call in response to all Ask-An-Expert questions.

The service, which is part of our flagship offering, gives CISOs and their teams the opportunity to submit an unlimited number of questions to an InfoSec practitioner with deep domain-level expertise. 

Get in Touch with IANS to learn more about how you and your security team can benefit from an Ask-An-Expert engagement.


Find additional resources from our security practitioners.


Learn how IANS can help you and your security team.