PARTICIPANTS INTERVIEW QUESTIONS  
        
        Thank you for being willing to give us your time…  How would you like us to address you?  
        
        
        1.  Could you please detail your organisation’s cyber security strategy and the resultant 
          policies? (And may we have a copy of your cyber security strategy and policies, 
          please?)  
        
        2.  What role does the executive management team play in overseeing corporate 
          governance and controls? Do they take an active role in advocating cyber security 
          initiatives to keeping the organisation cyber secure?  
        
        3.  How has the responsibility assignment matrix of OAR (Ownership, Accountability, 
          Responsibility) been defined for cyber security risk, mitigation decision strategies and 
          governance? 
        
        4.  What are your responsibilities and specifically in terms of cyber security?  
        
        5.  How would you describe the cyber security culture in your organisations?  
        
        6.  Does your organisation have a Chief Information Security Officer (CISO) –                 
          i.e.: someone dedicated to your cybersecurity mission and function?  
        
        7.  Is your organisational budget structured to embed cyber security as priority?  
        
        8.  Is there anything important about cyber security in your information that you think we 
          haven’t discussed, or needs further discussion or explanation?   
           
           
        
       Thank you so much for your time – you have been incredibly helpful, and your answers are 
       really valuable to our research. 
        
        
       When we are reviewing and collating the data captured in this interview may we contact you 
       by phone or email to clarify or follow up?