ID.IM-02.182

Does your organization involve internal stakeholders (such as senior executives, legal, and HR) in security tests and exercises?

Explanation

Including key internal stakeholders in security tests and exercises ensures broader organizational awareness and buy-in for security initiatives. When stakeholders participate, they gain firsthand experience with security challenges, understand potential business impacts, and can better align security priorities with business objectives. This involvement also helps break down silos between security teams and other departments, creating a more cohesive security culture. Evidence could include meeting minutes from tabletop exercises showing executive participation, after-action reports from security drills listing stakeholder involvement, or formal security exercise plans that define roles for various internal departments.

Implementation Example

Involve internal stakeholders (e.g., senior executives, legal department, HR) in security tests and exercises as appropriate

ID: ID.IM-02.182

Context

Function: ID: IDENTIFY
Category: ID.IM: Improvement
Sub-Category: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub