Cyber Security; Ask this:
Gerard Blokdyk
???? 34K+ | Bestselling Author | Innovator | Speaker | Mentor | Founder and CEO at The Art of Service | Bestselling Author - With 1000+ Academic Citations my work is in the top 1% of most cited work worldwide
Organized by Key Themes: Security, Cloud, Product, Technology, Data, Development, Management, Risk, Onboarding and Change:
SECURITY:
Are there any security background checks or security clearances required for vendor personnel to access the data center?
Check that your process provides technical expertise and support to (internal) clients, IT management and staff in cybersecurity threat risk assessments, development, testing and the implementation and operation of appropriate information security plans, procedures, and control techniques designed to prevent, minimize or quickly recover from cyber-attacks or other serious events.?
Do you have a comprehensive plan for managing a cyber event that could lead to a crisis?
Make sure the Technical Lead Engineer partners with the Business Information Security Officers to review incoming projects for Information Security requirements, determines the scope of Information Security services needed to address project demands, performs quality control on Information Security threat and vendor risk management products, and mentors team members.?
Has management considered all stakeholders when developing your organizations security strategy?
Safeguard that your personnel is involved in developing your organization needs in depth security architecture standards, frameworks and design patterns in all aspects of the Cloud including the server, application, network, and data layers.?
Do you perceive auditing of your cloud infrastructure is an important part of security guarantees?
Guarantee your operation is responsible for the planning and development of an enterprise information cybersecurity strategy and best practices in support of the enterprises information security architecture.?
Has the accountable officer identified which organizations the business should collaborate with externally?
Collaborate with Corporate Technology Services, Legal, Hosting, Product Engineering Service Reliability Engineering (SRE) teams to drive continued operational maturity across your cyber security processes, platforms and tools overall information security and risk posture.?
How do you make your employees aware about the importance of the involvement in cybersecurity?
Make sure the Information Security Analyst is responsible for supporting and maintaining critical security controls, cybersecurity operations and programs, data compliance and risk management.?
Does cloud computing make it more difficult to protect confidential or sensitive information?
Make headway so that your staff is involved in intrusion prevention systems (IPS), vulnerability scanning/management, system hardening, security standards, data loss prevention (DLP) solutions, and endpoint detection and response (EDR).?
What do other organizations have to do to make on premises and cloud applications play well together?
Make sure the Application Protection Security Engineer provides design and engineering expertise for the Cybersecurity organization to application support teams delivering external and internal services.?
How do you go about finding out the costs involved with migrating applications to the cloud?
Establish that your design is involved in common information security management and cybersecurity frameworks.?
How do you make decisions without knowing what your top risks are?
Make sure there is expertise in cybersecurity technologies including Data Loss Prevention, network operations, architecture, security, firewall, endpoint protection, security monitoring, key and secrets management, incident response and cyber exercises.?
CLOUD:
How do you build common cloud security services with standard interfaces for security?
Interface so that your team is involved in cloud systems security components (SSO, Cybersecurity) assessments.?
Are some organization assets high value enough to warrant needing faster log availability times?
Warrant that your organization is involved in enterprise cloud solutions and serverless applications.?
Does your IT team have the necessary skills to oversee the implementation, the security of your approach, and the load balancing between your organizations on premise and cloud presence?
Oversee that your organization is involved in IaaS cloud infrastructure, Kubernetes, containers, and service oriented architectures.?
How do you meet user demand faster and remain secure?
Be confident that your design is involved in identifying and remediating cloud based applications.?
What are the guarantees or representations from the cloud provider regarding the security of your data?
Guarantee your staff is involved in cloud native architectures and micro services design.?
Is the procurement process structured to be able to get the appropriate systems and software licenses and materials delivered in a timely manner?
Be confident that your process is involved in analyzing threats of cloud and application components.?
Does the vendor have an obligation to implement additional security or other safeguards identified by your organization?
Safeguard that your staff is involved in Azure cloud technologies and associated technical services.?
How do you engage with the industry and policymakers on data sharing?
Make sure your team works with architecting, designing, and supporting cloud infrastructure and its solutions.?
How do you keep up to date with developing cybersecurity risks?
Develop experience designing the deployment of applications and infrastructure into public cloud services.?
PRODUCT:
When a faulty product is to be returned, what processes does the vendor have in place to ensure that no customer data exists on disks or storage before it is sent to one of the return centres?
Ensure your Industry Services portfolio ranges from classic product related services (online support, training, field service, maintenance, and upgrades) to innovative data-based services (cyber security and cloud technology) which let (internal) customers leverage opportunities in the digitalization era.?
How to certify critical industrial systems taking industrial cybersecurity into account?
Certify your team is involved in cloud infrastructure and networking in a production context.?
How does the vendor make cybersecurity a basic culture that embedded into the essence of its culture and accepted by all employees?
Make headway so that your group performs call monitoring to ensure the quality of service and appropriate level of product knowledge.?
Does your logging and monitoring framework allow isolation of an incident to specific customers?
Work with the infrastructure and product teams to ensure that they have secure by default systems.?
How do you communicate the scale of the risk to stakeholders across the team?
Collaborate and communicate efficiently with product and engineering teams to establish standards and patterns for the integration delivery process that is inline with existing engineering best practices.?
Does your organization perform regular reviews of system and network logs for security issues?
Perform as an internal evangelist, supporting and consulting with product and engineering teams on needed solutions and implementation methods.?
Has your business ever asked a supplier to demonstrate or guarantee the robustness of the cybersecurity processes as part of a contract or other business agreement?
Guarantee your strategy collaborates with Architecture, Delivery and Product teams to define and execute on architectural and platform strategies.?
Do you know what risks your clients face for cyber liability, data breach, and identity theft?
Be certain that your workforce is working alongside product and design to scope and implement new features and product lines across the stack.?
How do you make sure nobody can access the data on your old machine?
Make headway so that your design is creating awareness, demand and preference for organization products and services.?
How do you assure ourselves that your organizations approach to cybersecurity is effective?
Assure your strategy is quantifying residual product risk and identifying appropriate mitigation activities.?
TECHNOLOGY:
Does the solution provide advanced visualization for easy investigation of malicious activity?
Invest in adherence to technology policies and comply with all security controls.?
Are the performance limitations with network traffic in a shared environment an issue?
Work closely with the Technology leadership team to identify solutions to meet or exceed business requirements and to understand the impact of service interruptions on respective business areas.?
How to certify critical industrial systems taking industrial cybersecurity into account?
Certify your strategy leads and provides end-user training in the proper use of hardware, software and computer-related equipment; helps ensure end users are aware of available technologies and how to obtain support for all information technology services.?
Are you satisfied that your audit committee has the time and expertise to oversee the major risks on its agenda in addition to carrying out its core oversight responsibilities?
Oversee that your team consults with other teams regarding technology solutions for business needs and/or problem resolution.?
What are the most important rules that every business leader must follow in order to minimise cyber risk?
Serve as a lead resource for information security GRC program activities which include engaging business and information technology leadership.?
How do you work with other departments that have cybersecurity research and development programs?
Develop experience consulting with business and technology stakeholders to build and implement secure solutions.?
Does your organizations leadership for IT Security approve of and participates in creating the cloud adoption strategy or planning sessions?
Participate in the full project lifecycle of software and technology initiatives, from feasibility studies to conception and design of system architecture to implementation.?
How satisfied is your organization with the security and access control SLAs that your cloud service provider offers?
Provide analytical, strategic and technical skills to design, develop, implement and use state of the art technology cybersecurity solutions aimed at reducing risk.?
What contract protections must be articulated to protect the enterprise regarding cyber issues?
Devise and articulate effective solutions that solve (internal) customer problems based on your technology stack working with your Integration engineering and delivery team.?
DATA:
How do you objectively measure the level of security and business risk involved in a cybersecurity incident?
Be certain that your design is involved in Data Modelling (Dimensional, Normalized, Key value pair), Information Architecture, Analytics, Schema Evolution, Data Organization Layouts.?
Is it possible to rely on assurance work done by peers or industry groups, or cybersecurity rating departments for lower risk suppliers?
Interface with peers on the Technology and Data team as well as leaders of business units throughout Bottom Line, to both share and solicit their involvement in strengthening the enterprise risk posture.?
Are there any established and documented security policies, standards, and supporting procedures?
Establish that your staff is involved in concepts and practices as threat modeling, data tokenization, access management.?
What decisions are leaders of companies, even at the board level, being asked to make in order to secure operations and make shareholders comfortable with cyber defense measures?
Lead the Chief Technology and Data Officer in the identification, selection, and implementation of tools to support of various IT infrastructure and risk programs and initiatives such as monitoring of traffic to prevent against potential data exfiltration and malware attacks.?
Does your organization have an individual officially designated for overseeing information security?
Liaison so that your design is leading requirements gathering initiatives from key stakeholders for selecting and implementing the Data Management program, which includes, Data Classification, Data Reduction and Data Loss Prevention (DLP) solutions and process.?
Do you have assurances that your staff, suppliers, cloud providers, contractors, overseas subsidiaries and partners can be trusted to safely access your critical information and data assets?
Partner with internal and external teams to understand, interpret and analyze Cybersecurity, Product and Application Security, Physical Security, Resiliency domain data to develop and apply a broad range of techniques and theories from statistics, machine learning, and business intelligence to deliver actionable business insights to prospects and (internal) customers based on large-scale data.?
Are there any binding norms in context of warranties that may be relevant for cloud computing?
Warrant that your team is involved in data loss/leakage prevention processes and tools.?
Do you have a policy which identifies how your organization handles cybersecurity risk, equipment usage, and data privacy?
Be certain that your organization is involved in analyzing and interpreting data from different sources, detailing the results and providing meaningful analysis reports and briefings.?
How do you isolate and safeguard client data?
Safeguard that your process works closely with InfoSec, Risk and Compliance to ensure all data is properly protected and all annual audits are successful.?
Does the board know who is responsible for leading the response to a security breach and who has the authority to make decisions?
Make sure your design is responsible for asset mapping, data collection of community needs, gap analysis, and identification of best practices to ensure your community engagement and partnerships are appropriately aligned, comprehensive and efficient to meet stated financial outcomes.?
领英推荐
DEVELOPMENT:
Should the board participate in or observe tabletop exercises to better understand the response plan?
Participate in the context of a larger consulting team in the development of Cybersecurity documents to enable a (internal) client organization to meet program goals and objectives.?
How do you develop an ongoing process to mitigate ICS cyber risks and maintain an integrated program?
Design and maintain standard templates, reference architectures, and design patterns that aid other Cloud Engineers in development of standards based designs.?
How often are your organizations business resumption, disaster recovery and contingency arrangements tested?
Perform/arrange for static, dynamic, and penetration tests for development projects; work with project teams to evaluate the risk exposure of the findings; drive the effective design, prioritization, and implementation of remediating controls in collaboration with development teams.?
How far left into the software development lifecycle SDLC has your security testing shifted?
Develop experience performing risk and threat assessments in the context of product development.?
How do you ensure that the board and senior management are regularly involved in managing Cybersecurity risks and resource allocation?
Ensure your team is involved in balancing incremental codebase and tooling improvements with the ongoing development of new features.?
How do you ensure that your organization have enough safeguard over cybersecurity risks?
Safeguard that your team is involved in development and scripting languages (Java, Javascript/Typescript, Python, PHP).?
How do you verify Google Apps and Google Cloud Platforms security?
Verify that your company is supporting business development by participating in team considerations.?
Is the system scanned for unauthorized wireless access points at a specified frequency, and is appropriate action taken if access points are discovered?
Secure that your personnel is collaborating with Business Development counterparts and Operations team members in engaging (internal) customers relating to key opportunities.?
How do you confirm your providers security standards and policies are sufficient to build trust?
Confirm that your organization manages the development and implementation process of process improvement and system implementations.?
MANAGEMENT:
Does the corporate officer accountable for reporting on cyber risk and resilience ensure internal coordination by all relevant parts of your organization on the cyber risks arising from AI?
Ensure your expertise and primary support is in areas of Program Management, Software Development, Artificial Intelligence (AI), Enterprise Architecture, Data Analytics and Business Intelligence, and Cyber Security.?
How does your solution work with other providers solutions to help build a chain of trust from the application users interfaces to the underlying hardware?
Interface so that your staff is involved in integration between Incident Management Systems (SOAR) and SIEM in an enterprise environment.?
Who is your jurisdictions cybersecurity liaison to privately owned and operated critical infrastructure?
Liaison so that your team is involved in supporting a delivery service or inventory management SaaS solution.?
What is your perception of the current ability to monitor across the various cloud service providers your organization uses to ensure compliance with its security posture and processes?
Ensure the rigorous application of information security/cybersecurity policies, principles and practices in the delivery of data management services.?
How do you make risky decisions from experience?
Make sure your workforce is involved in business change management, Corporate IT Service management.?
How to certify critical industrial systems taking industrial cybersecurity into account?
Certify your organization has involvement leading an IT, project management, cybersecurity, and data analytics functions.?
Do you participate in industry collaborations with regard to information security /cybersecurity?
Participate in detailed staff performance management process and handle the needs and development of the Infrastructure team.?
Will it ever be possible that enterprises with super critical data security requirements like could ever use the cloud, whether public or private?
Be confident that your operation is involved in identity and user management solutions provided by Azure, OKTA, or other 3rd parties.?
Which web technology should the service provider use to build an interface that users can leverage?
Interface so that your workforce is involved in vulnerability management processes and tools.?
How do you address the cybersecurity dimensions of external relationships within your organization?
Be confident that your organization leads enterprise portfolio in take, project and process management and continuous improvement.?
RISK:
What is the optimal storage solution that provides the required performance and is cost effective?
Perform strategic planning and vision setting on the Risk and Controls team in alignment with Corporate Third Party Oversight (CTPO), Cybersecurity and Technology Controls (CTC) and regional/local regulatory requirements.?
How does your organization establish a practical and sustainable framework for long term, proactive, cyber risk mitigation?
Establish that your workforce is involved in your organization with one or more big insider risk investigation instruments (Endpoint monitoring, DLP, user behavior analytics).?
How do you secure your confidential business data on laptops, smart phones, flash drives or in the cloud?
Be certain that your design drives periodic information systems risk assessments.?
How do you make employees aware of new cybersecurity threats?
Make sure your workforce is involved in representing technical viewpoints to diverse audiences, and in making prudent technical risk decisions.?
What roles do senior leaders and the board play in managing and overseeing cybersecurity and cyber incident response, and who has primary responsibility?
Oversee that your operation evaluates vulnerabilities published by third party vendors or other media, assesses risk to your organization and recommends course of action.?
Does your network utilize any virtual machines, cloud services or third party service providers?
Utilize corporate risk register to mature the threat modeling process for protecting your organizations high value assets.?
How do you practically ensure policy makers have a sufficient knowledge base and understanding to meet present and future cybersecurity challenges?
Make headway so that your team participates in the selection of consultants to conduct outside risk assessments and/or pen tests.?
What expertise does the designated cyber incidence response team have, and what is lacking?
Ensure your design reviews complex architecture design diagrams and documents for new technologies and changes to existing technologies to determine risks and provide recommendations and mitigations.?
Is there an established framework the insurance provider uses to assess security readiness?
Establish that your team analyzes technical risks and advises on risk mitigation strategies.?
Does your cyber insurance offering conduct the same risk assessment for all business sectors?
Conduct compliance and privacy risk assessments in partnership with Department and Program Leaders; develop corrective action plans.?
ONBOARDING:
How often are enforcement being performed to ensure all security configurations are checks applied?
Ensure your group is involved in end to end onboarding journey design and product implementation.?
Do particular business sectors or organization types lack sufficient incentives to make cybersecurity investments more than others?
Make sure your process is identifying opportunities for onboarding new data partners and integrations.?
How will the overall structure of the emerging system drive the uptake of cyber trust technologies?
Drive product strategy with (internal) client during onboarding to ensure successful long term partnership.?
Are you covered for the costs of investigating an alleged or suspected breach or just a confirmed cyber breach?
Confirm that your process is learning and Development Program Manager, Onboarding.?
What types of network based and host based security controls are required for monitoring application activity?
Work with Events platform and Operations team to constantly update the onboarding and training materials.?
Can the solution integrate with the identity management solution for Single Sign On access to the user interface?
Interface so that your organization is onboarding, movement, offboarding, HR operations, process improvement.?
Have risk management activities standards and guidelines been identified and implemented?
Act as a guide for managements through the onboarding process ensuring a smooth management involvement.?
How can a locally driven, inclusive and accountable security sector reform process be achieved?
Drive the Implementation process and proactively identify potential issues during the onboarding phase.?
Are there policies and procedures to ensure there are no unattended, unsecure workstations?
Attend team meetings, training sessions and be diligent in keeping up with your onboarding knowledge base.?
CHANGE:
Is the migration concept designed for the cloud service defined as a part of the security concept for cloud use?
Be sure your design partners with business and technical project team members to assess the impact of upcoming changes.?
Do you conduct penetration tests/ethical hacking to check that your employees are sticking to your security policy?
Check that your staff has organizational change management program design and implementation involvement.?
How has the board sought to reassure investors and customers of its robust approach to the cybersecurity of personal data?
Assure your group is involved in successfully driving process improvement utilizing organizational change management.?
How do you know that changed or otherwise touched data is authorized to do so, on an individual, group or role related basis?
Provide direct support and coaching to change management specializations and other supporting team members.?
How important is continuing skills development in the minds of cybersecurity professionals?
Develop experience leading organization change management and developing communications.?
Does your organization employ a process that can be used to ensure that its decision makers are provided with the most comprehensive information possible?
Make headway so that your workforce leads work to create change management strategy to include sustainment plan.?
Does the agreement guarantee to maintain any current APIs or features, or does it promise to evolve to provide future functionality?
Guarantee your personnel works with project teams to integrate the change management strategy into project plans.?
How do you make insights actionable?
Make headway so that your staff is involved in running large scale marketing or change communications campaigns.?
What sort of assurances and guarantees should you look for from a cloud provider in terms of security and performance?
Guarantee your team assures quality of program deliverables for the change management levers.?
Are some organization assets high value enough to warrant needing faster log availability times?
Warrant that your operation is ensuring program plan remains aligned with key change management activities.?
Bachelor of Commerce - BCom from Nizam College at Hyderabad Public School
3 年????
Marketing & Visibility Strategist for Smart, Strategic, High-Impact Visibility with Virtual Expos ?? Be More Visible, More Credible, More Profitable Exhibiting your Expertise Globally
3 年i could see this as a very important point: "Are there any security background checks or security clearances required for vendor personnel to access the data center?" Specially when personnel changes and new clearances need to be put in place and previous ones revoked