10 Things an ISO Needs to Ask Themselves

Last reviewed: March 2017

Now that you have a mentor and you are meeting on a regular basis, you may need some ideas for things to talk about. Here are just a few ideas to get you started. 

10 Things an ISO Needs to Ask Themselves

  1. Why did I take this job? Someone remind me! (How on earth do you all sleep at night?)
  2. Do I have appropriate management support and understanding?
  3. Do I understand what the major risks the the institution are? What is the most valuable data at the institution? Where is it, how is it controlled?
  4. What are the institution's policies that affect information security? Do the policies I need to do my job effective exist?
  5. Who owns the data? Is this defined in a policy?
  6. Does my management have the same list in their heads?
  7. What capabilities does my management expect me to provide?
  8. Do I have the ability to meet those expectations? Staff, Skills, Technology, Policy, Procedures
  9. What technology do I have deployed? Is it deployed in an effective manner?
  10. What technology do I not have that I need?


The Mentoring Toolkit includes additional ideas for conversation starters.


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).