As soon as a CISO arrives in the company, carry out an assessment to understand which are the most relevant problems.

In summary, the first actions that CISO will undertake in the company are:

  • Initial assessment
    • Create an action plan and a long-term strategy
    • Implement the necessary policies
    • Managing compliance issues (e.g. GDPR)
    • Manage information classification
    • Manage asset management
    • Manage access rights to assets and information
    • Manage perimeter protections as well as wi-fi networks
    • Prevent attacks, perform hardening, patch and vulnerability management activities
    • Manage digital identities
    • Manage incidents
    • Manage staff training
    • Report directly to top management