1. Questions CEOs Should Ask About Cyber Risks
Informational:
1) How many employees do you have in your organization?
a. Small Business (1 – 19 Employees)
b. Medium Business (20 – 99 Employees)
c. Large Business (100 – 249 Employees)
d. Corporate (250+ Employees)
2) How Is Our Executive Leadership Informed About the Current Level and Business Impact of Cyber Risks to Our Company?
3) What Is the Current Level and Business Impact of Cyber Risks to Our Company? What Is Our Plan to Address Identified Risks?
4) How Does Our Cybersecurity Program Apply Industry Standards and Best Practices?
5) How Many and What Types of Cyber Incidents Do We Detect In a Normal Week? What is the Threshold for Notifying Our Executive Leadership?
6) How Comprehensive Is Our Cyber Incident Response Plan? How Often Is It Tested? Did I play a role in constructing and approving the plan?
7) How do we, as a leadership team, determine who is in need of further investment in cyber security training and development?
SOURCE: DHS Cyber Security for CEOs