Which of the following is the most damaging way that employees put your organization at risk of a security vulnerability?

People & Leadership Process Management Security & GRC +6 more

Intentionally Leaking data or intellectual property (criminal insider attack)25%

Downloading a compromised file / Clicking on a malicious link32%

Phishing Emails28%

Using unauthorized apps/tools/devices etc.7%

Insufficient Passwords4%

Mishandling sensitive data3%

Other (Leave a comment!)1%

194 PARTICIPANTS

834 views1 Upvote1 Comment

CIO in Education, 1,001 - 5,000 employees

I’d vote for a tie between downloading a malicious link and phishing emails. They are almost the same percentage and each can equally put as at enhanced risk.

Content you might like

Have you patched Log4j yet?

Threat & Vulnerability Management Third Party Risk Management (TPRM)Risk Management

Yes39%

Yes, but third & Nth parties are still a concern39%

Mostly16%

No4%

Don't know1%

184 PARTICIPANTS

1.3k views

Does anyone have any guidance, tips, and/or templates to share to help establish Identity Access Management governance as a part of an overarching Identity Governance and Administration program?

Process Management Identity & Access Management (IAM)

Director of IT in Healthcare and Biotech, 10,001+ employees

Here's a template that you can use:

1. Executive Summary
Background: Explain the objectives and risks and reasons the IAM is needed.
Specify the IAM governance scope (e.g., user access to systems, privileged ...read more

2.1k views2 Upvotes1 Comment

How soon do your new employees get security awareness training?

Awareness & Training Risk Management Security Strategy & Roadmap

First day on the job10%

Sometime during their first week52%

Sometime during their first month26%

2-3 months after their hiring date6%

It depends on their role/level3%

Other (explain in the comments section)1%

298 PARTICIPANTS

1.2k views

How do you keep a team motivated in absence of leadership?

People & Leadership

Supply Chain Analyst, Self-employed

You don't. Keeping a team motivated means leadership, if you don't have it, you aren't likely to have motivation. You might motivate the team but it will likely be to leave. If you are lucky they'll leave ...read more

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data.

Security & GRC Regulatory Compliance

Head of Cyber Security in Manufacturing, 501 - 1,000 employees

I would say, DPO and Security team both shall be involved and work hand in hand.

Most of the time the legals and or DPO don't have the technical acumen to understand when data is floating to third party services.

Lets ...read more

600 views1 Comment