A security checklist for CEOs to sleep at night

CEOs are in a complex quandary on information security. On the one hand this is a topic requiring deep technical expertise which is (usually) outside the wheelhouse of CEOs, unless they head up a security tech company. On the other hand, it has become abundantly clear that in the court of public perception (and for that matter, the court of law), it is considered a CEO's personal responsibility to ensure that appropriate protections are in place to protect the information of a company's customers - particularly consumers. No CEO wants to end up on the front page of the newspaper or sued for negligence over a breach. Recent incidents should serve as sufficient motivation: Yahoo - 3.5 billion account details were hacked in two different breaches.  Every single account on a system serving nearly half of the world's population in 2013-14 (not fully disclosed until 2017) Sony Motion Pictures - [...]