Cybersecurity Artifacts
By Gideon T. Rasmussen, CISSP, CRISC, CISA, CISM, CIPP

This content was created for an executive who needed to conduct a quick evaluation of a cybersecurity program within the first few days of joining a company. S/he wanted "a short list" of artifacts to review.

Subject: Cybersecurity artifacts

Hi <Name>,

Would you gather the following artifacts for me within the next few days?

If an artifact does not exist, just let me know. We need risk transparency. No one should rush to create a document.
  • Cybersecurity program assessment report
  • Cybersecurity issues list
  • Cybersecurity metrics, KPIs and KRIs
  • Cybersecurity risk register
  • Vulnerability scan report
  • Penetration test report
  • Incident response plan
  • Business continuity plan
  • Disaster recovery plan
  • Crisis communications plan
  • Incident response exercise minutes
  • Business continuity exercise minutes
  • Disaster recovery exercise minutes
Many thanks,

NOTE: This is not intended to be a complete list of cybersecurity program artifacts. I ask for 60+ artifacts when conducting an assessment.

If you need cybersecurity program or assessment support, feel free to give me a call.

Click here for more professional development tips

Have a Great Time In New Braunfels