A brief overview of my CISO plan for the first 90 days
In this section, I will explore the elements that make up a 90-day plan for a new CISO. My intent is to provide some examples so that you can prepare your own plan, either reusing the template or taking this as a starting point. The structure has some similarities to the CIO 90-day plan and several significant differences. That’s not surprising though as these are very different roles. However, the plan is also to be shared with all stakeholders, and with staff, so that they are aware of where you are spending your time. As with the case of the CIO plan, the guidelines for the CISO plan remain similar:
- The plan must fit on one page
- It must be clear as to what you will focus on and what you won’t focus on
- It is designed to be openly shared (so avoid any confidential references)
- It should be structured with time-based deliverables (this provides you with pressure to stay on track)
- People, Process...
