10 Things an ISO Needs to Know

Last reviewed: March 2017

Now that you have a mentor and you are meeting on a regular basis, you may need some ideas for things to talk about. Here are just a few ideas to get you started. 

10 Things an ISO Needs to Know

  1. What are your information security policies?Are they any good? How do you know?
  2. What incidents have occurred in the past year? The past 5?
  3. What is your Incident Response plan, and does it work? Who do you contact in the event of an incident?
  4. Are there risk management and disaster recovery plans in place? Have they been tested?
  5. What is your role in the above three items?
  6. What does your management expect from you?
  7. What does your staff expect?
  8. What mailing lists should I be a member of?
  9. What professional groups should I be a member of?
  10. What is your communication style? Are you communicating and providing information at the right level for executives or other staff?


The Mentoring Toolkit includes additional ideas for conversation starters.


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).