Form cover
Page 1 of 2

Pre-CISO Bootstrap: Client Onboarding

V1.1
Written: February 2025
Right then, let's dive in. This isn't just any questionnaire—it's your organisation's cybersecurity blueprint in the making. While it'll take roughly an hour of your valuable time, this thorough preparation is absolutely essential. Your responses will give echo5 the precise insights needed to understand your security posture, organisational dynamics, and strategic priorities. Think of it as the foundation that will ensure we deliver exactly what your organisation needs—no faff, just focused, strategic value from day one.

Phase 1: Board and Leadership Qualification

This phase is crucial for integrating security into the company’s business strategy, ensuring that cybersecurity supports and enhances overall business goals. 


By crafting a tailored security vision aligned with the company’s objectives, establishing transparent governance and roles, and defining the client’s risk appetite, we lay the foundation for a security approach that drives business outcomes. 


An initial security maturity assessment helps us understand where we stand today, allowing us to prioritise actions to strengthen our security posture. Engaging key stakeholders through a thoughtful plan ensures that security initiatives are backed by leadership, keeping security efforts in sync with business priorities.


https://storage.tally.so/7b2efdb2-eebb-4afc-b4e9-13f967005444/stods21_A_cinematic_street-style_shot_of_a_young_man_walking_aw_280f176b-9511-43cb-97b3-a81bd3869a3d.png

Domain: Executive Security Vision & Governance

Control Category: Business Objectives and Growth Strategy

Develop a tailored security vision that aligns with the company’s overarching business objectives and growth strategy.

What are your company’s top 3-5 overarching business objectives for the next 12-18 months?

How does your leadership team currently view the role of cybersecurity in achieving these objectives?

Current Security Governance Structure

Provide an overview of a recommended governance structure detailing roles, responsibilities, and reporting lines for security within the executive team and board.

Identify key organisational stakeholders who will be involved in or impacted by security decisions.

Do you have a defined structure or framework for security governance today?

Who are the key members of your executive team involved in security decision-making?

Who are the key members of your executive team involved in security decision-making?

How frequently are security topics discussed at the board or executive level?

How frequently are security topics discussed at the board or executive level?
A
B
C
D
E
F

Control Category: Roles, Responsibilities, and Reporting Lines

Develop a plan to engage key stakeholders in security initiatives, including board members and executives.

Identify communication channels and frequency to ensure alignment between security and business objectives.

Is a designated person (e.g., CTO, COO) responsible for security leadership?

How is security accountability currently assigned across different teams or departments?

Control Category: Risk Appetite and Tolerance

Establish a clear understanding of client’s risk appetite and tolerance levels directly tied to business objectives.

Outline the types of risks (financial, operational, reputational, etc.) client is willing to accept versus those that require mitigation.

How would you describe your organisation’s current approach to taking on cybersecurity risk?

Are there any known business risks (financial, operational, reputational) that leadership is willing to accept for growth or innovation?