☛ What is ISO 27001 and why should a company adopt it?

☛ Please describe step-by-step how you would prepare and perform an audit of any given system.

☛ What is a “RISK”, how can it be measured and what actions can be taken to treat it?

☛ Please describe the steps to be taken by a company implementing an ISMS framework

☛ Why did you become (CISSP/CISA) certified?

☛ During an audit, an interviewee is not disclosing the information being requested. How would you overcome this situation?

☛ Within the PCI-DSS sphere, what is a compensating control?

☛ Who is the ultimate responsible to classify a company’s information: the Infosec Team or the information owner?

☛ Please describe the process of evaluating and analysing risks.

☛ What actions would you take to change end user behavior towards InfoSec?

☛ How do you ensure a secure software development? What are the best practices to be followed?