For many years, Chief Information Security Officers (CISOs) were
measured against an impossible objective: 100% breach prevention.
Thankfully, many today understand there is no such thing as 100%
protection against breaches. This has changed how CISO effectiveness is
gauged: from
breach prevention to incident response and resilience.In a world where no organization is 100% protected from security
compromise, creating an effective incident response (IR) plan is perhaps
the most important job of the CISO.