Scribd Logo
Upload

Welcome to Scribd!

  • 2023 SA Information Security Thermometer Research Report 05

    Uploaded by

    Bruce ROBERTSON
    12 views5 pages

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    12 views5 pages

    2023 SA Information Security Thermometer Research Report 05

    Uploaded by

    Bruce ROBERTSON

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 5

    3/15/23, 3:11 PM The 2023 Information Security Thermometer

    The 2023 Information Security Thermometer

    * Required

    2. Information Security Governance


    (Estimated completion time: 3 mins)
    Information security governance covers the principles and vision guiding the process of creating an
    effective information security system. Information security governance plays an important role in
    organisations today. It allows you to show potential business partners that you have an actual
    governance structure and process that guides your information security decisions and incident
    responses. You are not leaving anything up to chance and this quality makes a business more
    attractive to its stakeholders and gives you a competitive advantage over rivals that don’t apply
    good governance.

    15. Do you have a dedicated Information Security Officer (ISO) or equivalent


    senior role devoted entirely to information security within your
    organisation? *

    Yes

    No

    In the process of appointing

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 1/5
    3/15/23, 3:11 PM The 2023 Information Security Thermometer

    16. Who does the Head of Information Security directly report to? *

    CIO (Chief Information Officer or relevant IT executive)

    CEO (Chief Executive Officer or Managing Director)

    CFO (Chief Financial Officer or Financial Executive)

    COO (Chief Operations Officer)

    Physical Security Executive

    Risk Management Executive

    Compliance Executive

    Steering Committee

    Architecture

    Governance Role

    Not applicable

    Other

    17. How long is Information Security’s slot on the Board’s agenda? *

    No standing Board slot

    Ad hoc or only when there has been a major incident

    Less than 15 minutes

    Around 30 minutes

    60 minutes or more

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 2/5
    3/15/23, 3:11 PM The 2023 Information Security Thermometer

    18. Do you have an established Information Security Steering Committee


    (ISSC) that meets at set intervals? *

    Yes and represented by senior management across the business

    Yes but only represented by Information Security or IT team

    An ISSC is established but seldom meets

    Not yet but plan to establish shortly

    No

    19. Do you have external expertise represented at the information security


    steering committee (ISSC)? *

    Yes – our ISSC is chaired by an outside subject matter expert

    Yes - part of the committee only

    Not yet but plan to bring in someone shortly

    No plans to action this

    Not applicable

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 3/5
    3/15/23, 3:11 PM The 2023 Information Security Thermometer

    20. Has your Board assumed accountability for the information security
    governance as per KING IV –  (The Board should ensure that information
    assets are managed effectively)? *

    Yes – documented evidence

    Not yet but plan to shortly

    No plans

    Don’t know

    Not applicable

    21. What type of information security training has been conducted with the
    Board in the last two years? *

    Information security training and cyber crisis desktop simulation

    More theoretical high-level Information Security training workshop (less than one
    hour)

    E-learning awareness training only

    No training intervention at all

    Other

    22. Has information security been considered as part of the strategic


    objectives of the business? *

    Yes – information security is considered by senior management when making strategic


    business decisions

    Somewhat – information security may influence decisions more at an operational level

    Not at all – information security is not considered when making business decisions

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 4/5
    3/15/23, 3:11 PM The 2023 Information Security Thermometer

    23. Is there anything you would like to add to the information you have
    provided in this section? *

    Yes

    No

    Back Next

    Never give out your password. Report abuse

    This content is created by the owner of the form. The data you submit will be sent to the form owner. Microsoft is
    not responsible for the privacy or security practices of its customers, including those of this form owner. Never give
    out your password.

    Powered by Microsoft Forms |


    The owner of this form has not provided a privacy statement as to how they will use your response data. Do not
    provide personal or sensitive information.
    | Terms of use

    https://forms.office.com/pages/responsepage.aspx?id=i_oLrX6FCkO1bgA0PMDIoTq8GFulIJxMsoSr_wljBsFUMjI5UU45UjNCN0RSTzU2N0RENj… 5/5

    You might also like