Peer-Driven Insights

Risk Management

Active Ambassadors in This Topic

Rathik Pathak

Rathik Pathak

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

India
View All Community Ambassadors

Community Posts

I’m in the process of developing and formalizing the Risk Appetite Statement (RAS) for my organization, a public transport operator. Before we bring the draft to the Board, I’d appreciate your views on the best approach for engaging the Senior Leadership Team (SLT): Is 1:1 engagement more effective to gather candid input? Or would a group workshop be better to align perspectives and drive collective ownership? If anyone has experience developing a RAS specifically for a public transport or infrastructure-focused entity, I’d love to hear your lessons learned or key considerations. Appreciate any tips or tools!

Read More Comments

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Read More Comments

Is red teaming a better way to demonstrate security needs to the board than traditional compliance audits?

Read More Comments

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?

How does your organization refer to a plant stoppage for scheduled maintenance?

Shutdown25%

Turnaround40%

Outage25%

STO (Shutdown, Turnaround, and Outage)5%

Other (please comment)3%

View Results

Does anyone have recommendations for risk management background services for a large technology consulting company? The employee count is over 20K.

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful?

If not - what is stopping you from setting this up?

Read More Comments

Overall, GenAI is currently…

More risky than useful35%

More useful than risky58%

Don’t know/show results6%

View Results

From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

Excellent (more than enough)10%

Good (we have enough to reach our goals)55%

Acceptable (could be better but we make do)31%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

View Results

What sorts of failsafe processes/controls, etc, do you rely on to make sure terminated or suspended employees’ access credentials are revoked immediately? Does your org generally rely on direct communications from HR or do you have an HRM or similar system to automate this?

Read More Comments

How are you socializing quantum-safe cryptography with your organization's leadership team? What’s your approach to the messaging around that given the complexity?

Read More Comments

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

How is the current geopolitical climate impacting identity security risks in your industry? What’s your approach to assessing potential risks associated with geopolitical instability?

How do you prioritize the organization’s identity security investments amid economic uncertainty? What's the most important focus when resources or budgets are especially constrained?

What are some best practices for identity security or IAM when dealing with decentralized users/assets? How can organizations adjust strategy or policies to address decentralization?

Read More Comments

How do you mitigate the impact of unexpected talent departures? Are there any tech solutions or other strategies you use to retain institutional knowledge?

Read More Comments