Peer-Driven Insights

Security & GRC

About this topic

Security and GRC refer to the practices and frameworks that protect information assets and ensure organizational alignment with regulatory and risk requirements, respectively. Information security safeguards digital and physical systems from unauthorized access and threats, while governance, risk, and compliance (GRC) guide strategic decision-making and regulatory adherence.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?

Community Posts

Would a Sarbanes-Oxley type law requiring public companies to attest to their cybersecurity integrity be a good idea?

Read More Comments

Which of the following security risks are you most concerned about affecting your organization moving into 2022?

Disruption via ransomware20%

Exploitation via phishing55%

Exfiltration of PII (Personally identifiable information)12%

Disruption via DDoS attacks4%

Disruption of a business-critical application7%

Other (comment below)

View Results

Who has the purchasing power at your organization when it comes to security?

CIO48%

CISO41%

Other C-suite individual (please specify)7%

Difficult to say.2%

View Results

Does adhering to compliance standards necessarily mean that your DevOps are secure?

Read More Comments

How has GDPR and CCPA changed your use or procurement cybersecurity tools?

Read More Comments

What's your annual cybersecurity budget per employee?

Less than $100038%

$1000 - $200050%

$2000 - $30006%

$3000+4%

View Results

How are you seeing the Enterprise Risk Management landscape change and how are you redefining some of those key controls?

Read More Comments

How do the departmental risk programs of your organization come together under Enterprise Risk?

Read More Comments

How did the security ecosystem allow for the kind of attack we have seen with SolarWinds?

Read More Comments

Do you think the SolarWinds breach will have a significant or lasting impact on how IT approaches supply chain risk management?

Read More Comments

Will SolarWinds recover from this breach?

Read More Comments

Are penetration tests effective at determining risk?

Read More Comments

Do you think vulnerabilities below the operating system (in firmware, BIOS, drivers, etc.) should be a concern in your industry?

Read More Comments

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Community Posts

Would a Sarbanes-Oxley type law requiring public companies to attest to their cybersecurity integrity be a good idea?

Which of the following security risks are you most concerned about affecting your organization moving into 2022?

Who has the purchasing power at your organization when it comes to security?

Does adhering to compliance standards necessarily mean that your DevOps are secure?

How has GDPR and CCPA changed your use or procurement cybersecurity tools?

What's your annual cybersecurity budget per employee?

How are you seeing the Enterprise Risk Management landscape change and how are you redefining some of those key controls?

How do the departmental risk programs of your organization come together under Enterprise Risk?

How do you communicate risk in your enterprise?

What security awareness programs do you find helpful for employees?

How does the increasing ubiquity of IOT change security?

How did the security ecosystem allow for the kind of attack we have seen with SolarWinds?

Do you think the SolarWinds breach will have a significant or lasting impact on how IT approaches supply chain risk management?

Will SolarWinds recover from this breach?

Are penetration tests effective at determining risk?

Do you think vulnerabilities below the operating system (in firmware, BIOS, drivers, etc.) should be a concern in your industry?

Community Posts

Would a Sarbanes-Oxley type law requiring public companies to attest to their cybersecurity integrity be a good idea?

Which of the following security risks are you most concerned about affecting your organization moving into 2022?

Who has the purchasing power at your organization when it comes to security?

Does adhering to compliance standards necessarily mean that your DevOps are secure?

How has GDPR and CCPA changed your use or procurement cybersecurity tools?

What's your annual cybersecurity budget per employee?

How are you seeing the Enterprise Risk Management landscape change and how are you redefining some of those key controls?

How do the departmental risk programs of your organization come together under Enterprise Risk?

How do you communicate risk in your enterprise?

What security awareness programs do you find helpful for employees?

How does the increasing ubiquity of IOT change security?

How did the security ecosystem allow for the kind of attack we have seen with SolarWinds?

Do you think the SolarWinds breach will have a significant or lasting impact on how IT approaches supply chain risk management?

Will SolarWinds recover from this breach?

Are penetration tests effective at determining risk?

Do you think vulnerabilities below the operating system (in firmware, BIOS, drivers, etc.) should be a concern in your industry?