The risk isn’t of “having a security incident” its about handling it in a calm, collected, and methodological manner so a small incident doesn’t turn into a major one. Or worst case, a major one is identified and mitigated in minutes, as opposed to days. This sort of reinforces the “there is no real ROI” argument, as a motivated threat actor will not give up just because they were stopped once.
1. What proactive measures do you have in place now and would have like to have /implement as part of your go-forward strategy to reduce the overall impact and expense of an incident and the potential future ones?
2. How has the shift to the cloud changed your security strategy?
4. To what extent are you able to exercise governance over the cloud service you are using?