Which departments/groups within your organization present the biggest risk for insider threats?

Governance, Risk & Compliance Security & GRC

Finance31%

Customer success29%

R&D17%

BoD/executive management teams7%

Sales8%

HR3%

General administration6%

224 PARTICIPANTS

1.6k views1 Comment

Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees

Interesting poll but the biggest risk is actually not listed on here. It would be your IT organization because they manage/own privilege accounts all over the place that can access data for whole organization. Compromise an admins account and you can have keys to the whole kingdom.

Content you might like

Which of the following areas are you planning to make the biggest changes to within your governance and risk program in 2022?

Governance, Risk & Compliance Security & GRC Risk Management

Continuous Monitoring51%

Staff Well Being57%

ESG & Sustainability45%

Service Provider Location Risk14%

Other (share below)2%

536 PARTICIPANTS

2.4k views1 Upvote4 Comments

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

Head of Cyber Security in Manufacturing, 501 - 1,000 employees

I would say, DPO and Security team both shall be involved and work hand in hand.

Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.

Lets ...read more

494 views1 Comment

Is there a disconnect between security leaders and the businesses they serve?

Security & GRC Board Engagement Internal CXO Relationships

Yes, most security leaders.25%

Yes, some security leaders.63%

No8%

Not sure2%

370 PARTICIPANTS

1k views1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

143 19 Replies

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRC Threat & Vulnerability Management

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more