CISOs need a simple set of questions to assess how they’re doing in security. These include People, Data, Applications and Infrastructure. We organized these along the dimensions of people, data, applications and infrastructure. If you think about People, the Data they Access, the Applications they use and the Gear theyre on (Infrastructure) then you have a decently holistic view of their security posture. These are key questions that get the CISO really to think: am I secure?”]
Source: https://securityintelligence.com/17-questions-business-leaders-should-ask-their-ciso/