Irvine, CA - Overseeing IT and security is a daunting task, even if you are an IT professional. If you are an executive to whom IT reports, then the task becomes near impossible. The list of following questions is designed to empower you to have a meaningful discussion with your IT team so you can be an informed and responsible manager pursuing your due diligence role in protecting the assets of your firm. If you are an IT professional, these are questions you should be prepared to answer.
1. Q. When did we last do a risk assessment? Please share that document with me. I would particularly like to see the Risk Assessment Table.
A. Make sure your IT team is periodically assessing the risks to your IT systems. They should be recommending upgrades and new solutions for you from time-to-time, and you should be listening. They need to be able to express the threat in operational and economic terms in order to justify the expenditure. If your team can’t give you a clear and coherent answer on when and how they last did this, send them off with a task and a deadline.
2. Q. When did we last do a Vulnerability Scan? What were the results of that scan? I would like to see the report. Who did the remediation? When is our next scan planned?...