Security & GRC
Featured One-Minute Insights
Sept 2024
How are U.S. CISOs Addressing Liability Risk?
New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?
Active Ambassadors in This Topic
Community Posts
Does someone have advice on how they have balanced the risk/reward as it relates to introducing Open-Source Software to organization? My org is dipping its toe into the OSS world and the architecture and risk governance teams are looking to get ahead of these requests by coming up with policies and standards for OSS technology being brought into our environment. To clarify, this is not for software development and CI/CD pipelines, SDLC etc. This is for installing solutions that already exist out there (Zabbix, GreyLog, Prometheus etc.) into the organization's environment. We are looking to provide a balance on the obvious risk with the ability to move fast (like everyone else now).
Is the edge of your enterprise secure?
Yes75%
No10%
Working on it13%
Security45%
IT80%
Legal42%
Compliance (We have a dedicated leader)24%
Other1%
Lack of visibility16%
No data oversight39%
Unknown code and security controls34%
Risk of data exposure7%
Other2%