10 Things an ISO Should Not Do

Last reviewed: March 2017

Now that you have a mentor and you are meeting on a regular basis, you may need some ideas for things to talk about. Here are just a few ideas to get you started. 

Top 10 Things an ISO Should Not Do

  1. Don't Panic
  2. Publicly or privately make the claim that the institution is secure
  3. Assume that there is some place on the internal network that is "secure"
  4. Make a service so inaccessible that it becomes insecure
  5. Consider any process, training, or device as a silver bullet
  6. Consider technology in isolation as a solution to security risk
  7. Fight fires (okay, almost never)
  8. Develop punitive measures for IT staff who make mistakes in securing their systems
  9. Compromise ethics for expedience, or at the direction of your management
  10. Make decisions in isolation


The Mentoring Toolkit includes additional ideas for conversation starters.


Questions or comments? Contact us.

Except where otherwise noted, this work is licensed under a Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License (CC BY-NC-SA 4.0).