Which departments/groups within your organization present the biggest risk for insider threats?
Finance22%
Customer success36%
R&D15%
BoD/executive management teams11%
Sales6%
HR3%
General administration4%
213 PARTICIPANTS
2k views1 Comment
Sort by:
Content you might like
As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).
Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?
We’re preparing for an IPO on the NYSE as a Foreign Private Issuer and evaluating CIS Benchmarks to measure OS and database hardening.
Our proposed tiers:
• Tier 1 (70–80%) baseline
• Tier 2 (85–90%) for sensitive data
• Tier 3 (95–100%) for mission-critical systems
Is 80% compliance defensible for IPO due diligence with SEC or SFC? Should Tier 3 be considered mandatory for critical systems? And can compensating controls (e.g., PAM, microsegmentation) offset gaps in legacy environments?
Does your organization leverage an Enterprise Architecture Solution/Tool for EA Practice?
Yes77%
No17%
We are in the process of selecting an EA tool7%
I don't have any concern about.16%
I feel there is a gap... but I haven't thought about before75%
I already have something on track to fix it6%
Other1%
Interesting poll but the biggest risk is actually not listed on here. It would be your IT organization because they manage/own privilege accounts all over the place that can access data for whole organization. Compromise an admins account and you can have keys to the whole kingdom.