Does your organization have an Information Security Officer that is independent of the IT group and maintains a direct line to the board?
Does your organization maintain a Written Information Security Program that is updated on an annual basis and meets NIST Standards?
Has your organization implemented a solution to manage and store all logs for forensic purposes as well as alerts on active directory and other security threats?
Has your pandemic plan functioned as intended after being put into place this year?
Has your existing infrastructure been able to support a secure and flexible remote work strategy?
Does your organization have off-site backups of your data and infrastructure, able to meet critical recovery timelines and tested on an annual basis?