Peer-Driven Insights

Security & GRC

About this topic

Security and GRC refer to the practices and frameworks that protect information assets and ensure organizational alignment with regulatory and risk requirements, respectively. Information security safeguards digital and physical systems from unauthorized access and threats, while governance, risk, and compliance (GRC) guide strategic decision-making and regulatory adherence.

Featured One-Minute Insights

Sept 2024

How are U.S. CISOs Addressing Liability Risk?

New regulations taking effect in the U.S. mean that cybersecurity leaders could face legal liability in the event of an incident. What strategies are they using to protect themselves?

Active Ambassadors in This Topic

Rathik Pathak

JM Financial Services Ltd

Travel and Hospitality, 1k - 5k

India

View All Community Ambassadors

Community Posts

What is the most effective frequency for 1-on-1 meetings with direct reports?

Once a week33%

Once every 2 weeks47%

Once a month14%

Adhoc4%

What 1-on-1?1%

View Results

Are smaller companies protecting their data risk management in the cloud or are banks and healthcare mostly concerned?

Read More Comments

As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Read More Comments

Curious if anyone has used Exabeam, what could you share with us?

In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Yes59%

No24%

Unsure10%

Too early to tell6%

View Results

Curious if anyone is or has used Canary or openCanary?

What worked well, and maybe what didn't work so well?

Read More Comments

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?

I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

From a security perspective, there are so many new tools out there. How do you think about point solutions that may be great at one thing vs. a platform solution that may be good at many?

Had a great time getting interviewed by Neil J. Rubenking for PC Mag. It's not every day that I get the chance to geek out about .COM viruses ... https://www.pcmag.com/news/369993/how-often-can-one-program-infect-another-let-us-count-the-w?fbclid=IwAR2gpL1dlSIIfHHE04G0DcgiHVs06BgZjbybB8gpUZq4DO1_ojkb4SyIH00

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

Read More Comments

In setting up a security team, how should CIOs think about the right org structure, roles, budget and goals?

It was just reported today that a second city in Florida had to pay ransom to hackers. How are your companies making sure this doesn't happen to you?

Read More Comments

The number of threats and attacks has been on the rise. But, there's also a big change in the technology that's being used like bots and AI. What are you seeing in terms of risk, and what advice and guidance do you have for us on the platform?

Read More Comments

Are you considering a move to the Gartner SASE model?

Yes, going with a best of breed model - multi-vendor27%

Yes, going with a single vendor SASE model44%

Learning/Planning Phase9%

No.18%

View Results

Security & GRC

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Active Ambassadors in This Topic

Rathik Pathak

Community Posts

What is the most effective frequency for 1-on-1 meetings with direct reports?

Are smaller companies protecting their data risk management in the cloud or are banks and healthcare mostly concerned?

As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Curious if anyone has used Exabeam, what could you share with us?

Curious if anyone is or has used Canary or openCanary?

What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?

I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

From a security perspective, there are so many new tools out there. How do you think about point solutions that may be great at one thing vs. a platform solution that may be good at many?

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

In setting up a security team, how should CIOs think about the right org structure, roles, budget and goals?

It was just reported today that a second city in Florida had to pay ransom to hackers. How are your companies making sure this doesn't happen to you?

The number of threats and attacks has been on the rise. But, there's also a big change in the technology that's being used like bots and AI. What are you seeing in terms of risk, and what advice and guidance do you have for us on the platform?

Are you considering a move to the Gartner SASE model?

What are some good DevOps security practices?

What frameworks or technology are you using to protect IoT devices, particularly in manufacturing/shop floors.

Community Posts

What is the most effective frequency for 1-on-1 meetings with direct reports?

Are smaller companies protecting their data risk management in the cloud or are banks and healthcare mostly concerned?

As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Curious if anyone has used Exabeam, what could you share with us?

Curious if anyone is or has used Canary or openCanary?

What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?

I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

From a security perspective, there are so many new tools out there. How do you think about point solutions that may be great at one thing vs. a platform solution that may be good at many?

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

In setting up a security team, how should CIOs think about the right org structure, roles, budget and goals?

It was just reported today that a second city in Florida had to pay ransom to hackers. How are your companies making sure this doesn't happen to you?

The number of threats and attacks has been on the rise. But, there's also a big change in the technology that's being used like bots and AI. What are you seeing in terms of risk, and what advice and guidance do you have for us on the platform?

Are you considering a move to the Gartner SASE model?

What are some good DevOps security practices?

What frameworks or technology are you using to protect IoT devices, particularly in manufacturing/shop floors.

About this topic

Featured One-Minute Insights

How are U.S. CISOs Addressing Liability Risk?

Active Ambassadors in This Topic

Rathik Pathak

Community Posts

What is the most effective frequency for 1-on-1 meetings with direct reports?

Are smaller companies protecting their data risk management in the cloud or are banks and healthcare mostly concerned?

As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Curious if anyone has used Exabeam, what could you share with us?

Curious if anyone is or has used Canary or openCanary? What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR? I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

From a security perspective, there are so many new tools out there. How do you think about point solutions that may be great at one thing vs. a platform solution that may be good at many?

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

In setting up a security team, how should CIOs think about the right org structure, roles, budget and goals?

It was just reported today that a second city in Florida had to pay ransom to hackers. How are your companies making sure this doesn't happen to you?

The number of threats and attacks has been on the rise. But, there's also a big change in the technology that's being used like bots and AI. What are you seeing in terms of risk, and what advice and guidance do you have for us on the platform?

Are you considering a move to the Gartner SASE model?

What are some good DevOps security practices?

What frameworks or technology are you using to protect IoT devices, particularly in manufacturing/shop floors.

Community Posts

What is the most effective frequency for 1-on-1 meetings with direct reports?

Are smaller companies protecting their data risk management in the cloud or are banks and healthcare mostly concerned?

As a CISO, what does your interaction with the board look like? Do you meet with them every quarter / board meeting? How often do you send updates? What does an update usually contain?

Curious if anyone has used Exabeam, what could you share with us?

Curious if anyone is or has used Canary or openCanary? What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR? I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

From a security perspective, there are so many new tools out there. How do you think about point solutions that may be great at one thing vs. a platform solution that may be good at many?

https://medium.com/@jonathan.leitschuh/zoom-zero-day-4-million-webcams-maybe-an-rce-just-get-them-to-visit-your-website-ac75c83f4ef5

In setting up a security team, how should CIOs think about the right org structure, roles, budget and goals?

It was just reported today that a second city in Florida had to pay ransom to hackers. How are your companies making sure this doesn't happen to you?

The number of threats and attacks has been on the rise. But, there's also a big change in the technology that's being used like bots and AI. What are you seeing in terms of risk, and what advice and guidance do you have for us on the platform?

Are you considering a move to the Gartner SASE model?

What are some good DevOps security practices?

What frameworks or technology are you using to protect IoT devices, particularly in manufacturing/shop floors.

Curious if anyone is or has used Canary or openCanary?

What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?

I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.

Curious if anyone is or has used Canary or openCanary?

What worked well, and maybe what didn't work so well?

For organizations leveraging Sophos for endpoint security protection. Have you upgraded from x-intercept to EDR?

I understand the overall EDR features and technology, but was interested in hearing back from someone who is using it currently or who has evaluated it.