Is there a disconnect between security leaders and the businesses they serve?

Security & GRCBoard Engagement

Yes, most security leaders.31%

Yes, some security leaders.56%

No9%

Not sure1%

488 PARTICIPANTS
3.1k viewscircle icon1 Comment
Sort by:
Director of Network Transformation2 years ago

What are the reasons for the disconnect and what are ways to help overcome them?  Interested in peoples thoughts here.  

Content you might like

Do you often wait for direction from business leaders before engaging your IT function? How can IT leaders break free from being in “wait and see” mode?

Read More Comments

Do you think the Sarbanes-Oxley (SOX) model adequately addresses evolving cybersecurity threats?

Yes40%

Yes, but only for small- and medium-sized businesses.40%

No18%

Other (comment below)1%

View Results

Do you think quick patching is key to security, or is testing patches just as important as applying them?

Speed is key!33%

Balance (test then patch)57%

It depends on the severity of the bug9%

View Results

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Read More Comments

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models.  Scope includes Environment Setup:  Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation.  Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.