By Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP
This content was created for an executive who needed to conduct a quick evaluation
of a cybersecurity program within the first few days of joining a company. S/he wanted
"a short list" of artifacts to review.
Subject: Cybersecurity artifacts
Would you gather the following artifacts for me within the next few days?
If an artifact does not exist, just let me know. We need risk transparency. No one should rush to create a document.
- Cybersecurity program assessment report
- Cybersecurity issues list
- Cybersecurity metrics, KPIs and KRIs
- Cybersecurity risk register
- Vulnerability scan report
- Penetration test report
- Incident response plan
- Business continuity plan
- Disaster recovery plan
- Crisis communications plan
- Incident response exercise minutes
- Business continuity exercise minutes
- Disaster recovery exercise minutes
NOTE: This is not intended to be a complete list of cybersecurity program artifacts. I ask for
60+ artifacts when conducting an assessment.
If you need cybersecurity program or assessment support, feel free to give me a call.
Click here for more professional development tips