UnixTime

Research Note

Template - Role and Responsibility Interview Questions

- What are your basic information security responsibilities? - Where can you find the information security policy? - How do you report a suspected incident? - What should you do...

On this page

A.5.2 Information Security Roles and Responsibilities

Ask employees

  • What are your basic information security responsibilities?
  • Where can you find the information security policy?
  • How do you report a suspected incident?
  • What should you do if you receive suspicious email?
  • What information are you allowed to access and use?
  • What security training have you completed?

Ask managers

  • What security responsibilities do you have for your team?
  • How do you ensure staff complete required training?
  • How are access requests approved?
  • How do you handle role changes or leavers?
  • Are security responsibilities included in job descriptions?

Ask system owners

  • What systems or assets do you own?
  • Who approves access to your system?
  • How often do you review access?
  • What risks are associated with the system?
  • What controls are you accountable for?

Ask security leadership

  • Who has overall information security responsibility?
  • How are responsibilities allocated across the ISMS?
  • How do you prevent gaps or overlaps?
  • How are responsibilities reviewed when the ISMS changes?
  • How are outsourced activities governed?

Ask vendor/procurement owners

  • Who owns the relationship with this supplier?
  • What security responsibilities are assigned to the supplier?
  • How are supplier obligations monitored?
  • What happens if the supplier has a security incident?
  • Are supplier responsibilities documented in contracts or SLAs?
  • Template
  • Audit
  • Interview
  • A5 2

Note Metadata

Aliases: Role Interview Questions

Source: 90 Templates/Role and Responsibility Interview Questions.md