Pre-vCISO Engagement Checklist
Download the Checklist
Things you can do to make your vCISO engagement successful
- Get buy-in from your executive leadership or your board of directors
- If you don’t know how to get this buy-in, ask your vCISO provider
- Communicate that this is not just an IT issue, and requires business involvement and decisions.
- Identify key stakeholders to involve in your information security decisions and initiatives related to the
topics below, and invite these stakeholders to the first vCISO meeting.
- Business risk
- Cyber insurance
- Policies and procedures
- Human resources
- Business continuity and disaster planning technology (including cloud and third-party providers )
- Cyber incident response
- Compliance and legal
- Finance and asset management
- Vendor management
- Facilities/office management
- Involve all people inyour key stakeholder group in the delivery of the risk assessment results.
- Present the risk assessmentresults to your executive management or board of directors. Locate current
organizational policies, including:
- Employee handbook
- Acceptable use and other organizational policies
- IT documentation
- Network diagram
- Asset inventory
- Know the age and accuracy of the information you are providing. Find out when the documents were
last reviewed or updated.
- Review the top recommendations from the risk assessment and know who should be involved
in making decisions on when and what resources are needed to address them.
- Start collecting questions to ask your vCISO. The vCISO is there to educate and help you make the
best, most informed decision.
- Prepare your team to consistently attend and be engaged in the monthly vCISO check-ins.