Unit 1 - Questions Every CEO Should Ask About Cyber Risk Flashcards
What is the significance of cybersecurity for CEOs?
Cyber threats affect businesses of all sizes and require attention from CEOs and senior leaders.
What types of critical information should CEOs consider regarding cybersecurity threats?
CEOs should consider the loss of:
* trade secrets
* customer data
* research
* personally identifiable information.
What is a key question CEOs should ask about cybersecurity threats?
How could cybersecurity threats affect the different functions of my business?
What is a recommended best practice for organizational cybersecurity?
Elevate cybersecurity risk management discussions to the company CEO and the leadership team.
What role does the CEO play in cybersecurity risk strategy?
The CEO engages in defining the organization’s risk strategy and acceptable risk levels.
True or False: Compliance standards are sufficient for managing cybersecurity risks.
False
What should organizations do to evaluate their specific cybersecurity risks?
Identify critical assets and associated impacts from cybersecurity threats.
What is a key metric for measuring cybersecurity effectiveness?
The time it takes to patch a critical vulnerability across the enterprise.
Fill in the blank: Organizations should create a _______ process to cross-train employees in risk management.
repeatable
What is the importance of regular testing of incident response plans?
It helps prevent incidents from escalating and ensures preparedness across the organization.
What is one way to maintain workforce quality in cybersecurity?
Retain skilled personnel who can identify proper tools for the organization.
What should organizations maintain awareness of regarding cybersecurity?
Emerging cybersecurity threats.
What is the role of training for personnel in cybersecurity?
Training increases the likelihood of detecting and responding to cybersecurity threats.
What kind of information sharing practices can businesses adopt?
Foster community among different cybersecurity groups where the business is a member.
What is essential for cybersecurity program metrics?
Metrics should be measurable and meaningful.
What is a significant question regarding insider threats?
What measures do we employ to mitigate insider threats?
What is the importance of engaging with government cyber incident responders?
Preparation to work with federal, state, and local government responders is crucial.
What should CEOs regularly discuss with their boards regarding cybersecurity?
Risk decisions and their implications on the organization.
What is a common misconception about cybersecurity threats?
The belief that ‘it can’t happen here’ is a dangerous mindset.
What are some examples of cybersecurity threats organizations should be aware of?
Examples include:
* phishing emails
* malware
* ransomware.
What resource can assist with workforce planning in cybersecurity?
The National Initiative for Cybersecurity Careers and Studies (NICCS).
How can organizations ensure they are proactive in combating cybersecurity threats?
By establishing an organizational baseline of expected enterprise network behavior.
