The best business decisions are often made based on senior leadership’s confidence in facts, figures and calculations made by appropriate parties within the organization. Relying on gut instinct—or worse, potentially false or incomplete information—is a dangerous road to travel, especially in cybersecurity.
While a gut instinct may work in marketing, sales, or other facet of the business, the planning, implementation, and verification of security operations require facts to be complete and accurate. You need to have all the answers to every possible question at any time.
CompTIA’s Cybersecurity Advisory Council has developed a series of questions to ask within your organization to ensure that you have a complete security picture in order to make the best decisions for the company.
Note: It’s important that the person or people answering these questions recognize that they are obligated to share any and all pertinent information relevant to the larger decisions being made, whether a direct request was made or not.