Abstract: As a new CISO how do we respond to the question – “Is our organization secure?” Before we can respond, we need to first understand the ‘lay of the land’ by doing a comprehensive assessment of its operating environment and its specific business needs. Ultimately, implementing a cost-effective cybersecurity framework includes careful consideration of how we identify, protect, and recover critical assets, as well as detect and respond to security breaches. While we can’t avoid all cyber risk – we need to identify, mitigate and reduce it to an acceptable level.