Skip links
Jump to navigation
Jump to main content
Select your language
English
Nederlands
(Dutch)
My CIO
Log in
My dashboard
Home
Association
Themes
Impacts
News
Event list
Become a member?
Register
Menu
Questionnaire Information Security - 2021
First name + last name
We can put you in contact with the CIO Platform Nederland via your known e-mail address.
Organization
What is your role irt Information Security?
I am CxO, though ultimately responsible for information/cyber security
I am CxO not ultimately responsible for information/cyber security
I am ultimately responsible for information/cyber security, but not CxO
I am working in the information/cyber security department
Main concerns regarding information security/cyber security (IS)
INTERN
1. Organisation, set-up, verifiability of own organisation.
2. Inadequate classification of information.
3. Lack of security policies and resources tailored to classification level.
4. IS still not a responsibility of the business (awareness).
5. IS not sufficiently connected to agile application development.
6. Limited grip as IS officer on the purchase of applications or devices by the business.
7. Lack of overview of coherence and dependencies of the systems used.
8. Growing complexity and decreasing relevant knowledge.
9. Knowledge disappears from still important systems, how to handle knowledge management.
10. Lack of redundancy in systems.
11. Not being able to implement changes in laws and regulations in the systems in time.
12. Unaware/incompetent users.
13. Insufficient IB staff to cope with the work.
14. Lack of security event management.
15. Lack of crisis management.
16. Use of private and mobile devices by employees.
17. Too little practice in procedures in case of incidents.
18. Too little supervision and support on the correct use of systems in connection with working from home.
19. Security underexposed in data governance.
20. Too little budget to organise all adequate IS efforts.
21. There is too little board involvement in IS.
22. Insufficient insight into return on investment in IS.
Other
:
External with whom you have a relationship
1. No insight into IS level of suppliers.
2. No insight into third-party dependencies and/or the security level of chain partners
3. Limited liability of suppliers for insufficiently secure products and services.
4. Limited / no support from suppliers for (older) systems/applications.
5. Inadequate patch management by suppliers (mutual coordination and dependence).
6. Insufficient up-to-date information about vulnerabilities and incidents.
7. No clear contractual agreements & co-operation on IS.
8. Lack of clarity in importance of third party information/data for our systems.
9. No contractual agreements about handling or reporting of security incidents.
10. Insufficient grip on IS in case of outsourcing, how to gain certainty about the actual security level.
11. Insufficient grip on GDPR compliance in case of outsourcing.
12. Insufficient grip on IS with 'from the Cloud' service provision (including SaaS, PaaS).
13. Insufficient exercise of cyber incidents with chain partners.
14. Insufficient alternative providers to switch to safer providers
Other
:
Completely external
1. Entanglement of agencies involved in regulation, supervision and support of IS.
2. Reliability of supervisory bodies (i.a. Data Protection Authority); are they competent and do they take up their role properly?
3. Reliability of supervisory authorities; clarity about the scope of the controls.
4. Sharing information about (potential) threats/incidents and reporting on their handling.
5. Sensitivity to and dependence on foreign governments.
6. Cyber espionage, theft of trade secrets.
7. Cybercrime and lack of awareness of the risks.
8. Inadequate tackling of cybercriminals.
9. Vulnerability of intercontinental physical infrastructure.
10. Identity fraud, both for private and business identities.
Other
:
Which threats are you most worried about at the moment?
Ransomware
Man in the middle attack
Whatsapp fraud
DDoS
Phishing
Identity fraud
Data breach/data theft
Spearphishing/whaling
Other
:
From which corner do you expect the most important/most serious threat to your organisation?
State actors
Opportunity crime
Insecure software
(Corporate) espionage
Hactivists
Unreliable partners
Organised crime
(Former) employee(s)
Other
:
Mind you!
Missing in this questionnaire is:
S
end
Close
Home
Association
About us
Board & Bureau
Our members
Ecosystem
Themes
Vendor Relations
Information Security
Digital Strategy, Innovation & Transformation
Diversity & Inclusion
Impacts
About impact
Priorities
European Cooperation
News
News
Blogs
Event list
Events agenda
Events explanation
Become a member?
Benefits
More information
Request membership
Register
My CIO
Log in
My dashboard
English
Dutch