Peer-Driven Insights

Governance, Risk & Compliance

Active Ambassadors in This Topic

Chris Oehlerking

Chris Oehlerking

Honeywell

Manufacturing, 1k - 5k

United States
J

John Tziortzis

Centennial College

Education, 1k - 5k

CA
C

Clifton Persaud

ISACA

Education, 10k+

United States
View All Community Ambassadors

Community Posts

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

Read More Comments

Are you using tools for cyber risk quantification? What are they?

Read More Comments

Whats the biggest IT trend you want to learn more about?

Read More Comments

I'm building most on... share "why" in comments...

Public Cloud71%

Private Cloud28%

What do you think the CMMC (Cybersecurity Maturity Model Certification) will actually address?

Read More Comments

What role does IT play in sustainability efforts?

Read More Comments

What is your approach to enterprise architecture (EA) governance?

Read More Comments

What’s the best place to start when evolving data governance?

The data19%

The people43%

The processes21%

The policies12%

I wish I knew5%

View Results

How permanent are some of the pandemic-induced changes going to be?

Read More Comments

What percentage of your help desk calls are password or MFA related?

< 10%26%

10-20%39%

21-30%18%

31-40%7%

41-50%4%

51-60%2%

61-70%

71-80%

> 80%1%

View Results

I'm interested in understanding how your organizations estimate the complexity of digital initiatives, particularly as a basis for applying appropriate project management governance. In other words, how do you assess initiative complexity in order to determine the level or type of governance needed?

Read More Comments

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

How do you establish tech risk governance practices that protect the org without preventing staff from experimenting and innovating?

I’m in the process of developing and formalizing the Risk Appetite Statement (RAS) for my organization, a public transport operator. Before we bring the draft to the Board, I’d appreciate your views on the best approach for engaging the Senior Leadership Team (SLT): Is 1:1 engagement more effective to gather candid input? Or would a group workshop be better to align perspectives and drive collective ownership? If anyone has experience developing a RAS specifically for a public transport or infrastructure-focused entity, I’d love to hear your lessons learned or key considerations. Appreciate any tips or tools!

Are you already moving to quantum safe cryptography or planning to allocate budget to do so in the next year?

Read More Comments

Has your organization established an identity governance and administration (IGA) program or implemented an IGA platform solution? What do you consider to be key success factors when it comes to identity governance?

Read More Comments