When a company experiences a data breach, hack or other compromise to infrastructure or assets, a post-mortem is usually conducted to look at what went wrong. More often than not, senior leaders are surprised and dismayed by what they hear the processes or policies that were overlooked, or the risks they didn’t realize existed.

Acknowledging errors is merely table stakes, however. CISOs and their colleagues need to get one step ahead by offering better education and training, addressing areas of vulnerability and building a “security-first” culture.

That’s why we have put together this comprehensive checklist of all the questions, gaps and mistakes you need to talk about…before a disastrous incident can happen!