Peer-Driven Insights

Risk Management

Active Ambassadors in This Topic

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

Community Posts

Public Cloud72%

Private Cloud27%

Excellent (more than enough)9%

Good (we have enough to reach our goals)52%

Acceptable (could be better but we make do)36%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

View Results

Continuous Monitoring44%

Staff Well Being58%

ESG & Sustainability47%

Service Provider Location Risk17%

Other (share below)2%

View Results

Active Ambassadors in This Topic

Rathik Pathak

Community Posts

Are you using tools for cyber risk quantification? What are they?

What cybersecurity awareness techniques have you found most effective?

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

What tools do you use for insider threat detection?

How will ransomware evolve in the short term?

I'm building most on... share "why" in comments...

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

Which of the following areas are you planning to make the biggest changes to within your governance and risk program in 2022?

Is red teaming a better way to demonstrate security needs to the board than traditional compliance audits?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

Does anyone have recommendations for risk management background services for a large technology consulting company? The employee count is over 20K.

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?If not - what is stopping you from setting this up?

Community Posts

Are you using tools for cyber risk quantification? What are they?

What cybersecurity awareness techniques have you found most effective?

How are you maintaining data and system security as IT decision making becomes increasingly decentralized?

What tools do you use for insider threat detection?

How will ransomware evolve in the short term?

I'm building most on... share "why" in comments...

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

As organizations deploy LLMs and other AI systems, how do you recommend security teams address risks such as data leakage, prompt injection and adversarial manipulation? What frameworks or practices should be prioritized to make AI security programs resilient from day one?

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

Which of the following areas are you planning to make the biggest changes to within your governance and risk program in 2022?

Is red teaming a better way to demonstrate security needs to the board than traditional compliance audits?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

Does anyone have recommendations for risk management background services for a large technology consulting company? The employee count is over 20K.

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?If not - what is stopping you from setting this up?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?