How do CISOs know if their security programs are effective? This session combines the well-respected management effectiveness framework (McKinsey 7S Model including strategy, structure, systems, skills, style, staff, and shared values factors), with 13 cybersecurity program activities the CISO must perform to determine the effectiveness of a security program. This session will follow Chatham House Rule to allow for free exchange of information and learning. We look forward to participants actively engaging in the discussion and remind attendees that no comment attribution or recording of any sort should take place. This is a capacity-controlled session. If added to your schedule and your availability changes, please remove this session from your schedule to allow others to participate.