Who in your organization governs information security?
Does your organization have an information security program?
Does your organization have an information classification policy?
Does your organization employee handbook have information concerning security?
Does your organization have employee training in the areas of privacy and information security?
Does your organization have Cyber Liability coverage?
Does your organization have a documented incident response plan for information security events?
Does your organization have documented internal and external IT audit plans?
Does your organization place information on the “Cloud”?