November 2008
Intermediate to advanced
444 pages
13h 38m
English
Content preview from How to Complete a Risk Assessment in 5 Days or Less
Become an O’Reilly member and get unlimited access to this title plus top books and audiobooks from O’Reilly and nearly 200 top publishers, thousands of courses curated by job role, 150+ live events each month,
Start your free trial
104 ◾ How to Complete a Risk Assessment in 5 Days or Less
Table 5.3 Gap Analysis Example 1
Control
Compliant
(Yes/No) Comment
A corporate information security officer
(CISO) or equivalent executive-level
authority has been named and is responsible
for implementing and maintaining an
effective organizationwide information
protection (IP) program.
The CISO has a team or department with
dedicated job responsibilities to IP activities
within the organization, including security
administration, awareness and training,
research, and incident investigations.
The IP program supports the business
objectives/mission statement of the
organization.
An enterprisewide ...