• What has been good, in your experience, about conducting cybersecurity audits and/or assessments? What has not gone well – and why?
• How to set up an audit or assessment exercise up for success – and how is “success” defined?
• What innovations are you seeing in the methodology for audits and assessments?
• How are findings presented back to the wider firm? Can this process be improved?
• Have you encountered challenges around implementing change from findings? Why or why not?
• How do you determine the ROI (or ROSI) of undertaking an audit or assessment exercise? When is this done?
For more information about our CISO Forum series, get in touch.
|