Have you ever "whitewashed" a real security risk?

People & LeadershipSecurity & GRC

Yes, on my own12%

Yes, because I was asked27%

No, but I have been asked19%

No, and never been asked41%


1046 PARTICIPANTS
4.6k views1 Upvote17 Comments
Executive Architect in Healthcare and Biotech, 10,001+ employees
No
1
Board Member, Advisor, Executive Coach in Software, Self-employed
My view is that we all need to be careful of the "coaching" we may get and understand if we are being coached on how to manage the message around risks to other so a productive discussion can occur or is someone "coaching" to massage the message to "white wash it" or "water it down" so it doesn't appear so bad ...  I have had both experiences
1
Board Member, Advisor, Executive Coach in Software, Self-employed
WOW - 76% have either white washed risk or have been asked to ...
1 1 Reply
Director of Information Security in Energy and Utilities, 5,001 - 10,000 employees

I agree it seems very unrealistic. Most likely people didn't quite get the actual question of what it means to "whitewash". Im fairly certain its 76% who have done it to a degree where you needed to help close a security assessment/complete business deal.

Director of Product Management in Software, 10,001+ employees
How should you respond when asked to white-wash a security risk?  How does the CISO protect themselves from unfairly taking the blame and being held liable?  check out:  https://www.pulse.qa/post/how-respond-asked-to-white-wash-security-risk-how-ciso-protect-themselves-unfairly-taking-blame-being-held-liable
1
Director of Information Security in Energy and Utilities, 1,001 - 5,000 employees
this is a dangerous territory.  Make sure you check in with your self ethic dept.
Director of IT, Self-employed
No
1
CIO in Services (non-Government), 2 - 10 employees
Never
2
CIO, Senior VP in Finance (non-banking), 1,001 - 5,000 employees
Never. If we are serious about security, there is no need to do this. It's about solving problems, not pointing fingers
2
Director in Software, 10,001+ employees
No, Never. When in doubt raise it to Corp InfoSec group for clarity
2
Director of IT in Manufacturing, Self-employed
Whitewashing anything is a huge no-no, especially security or safety items.

Content you might like

What is the best work travel advice you’ve ever been given?

FeedbackPeople & Leadership
Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
16 2 Replies
Read More Comments
62.7k views61 Upvotes36 Comments

What are the biggest corporate difficulties you are facing right now?

Process ManagementFeedbackPeople & Leadership
Director of IT in Manufacturing, 5,001 - 10,000 employees
the biggest corporate difficulties is manage budget IT & lack of competency of IT personil
Read More Comments
777 views5 Comments

AWS customers – do you have team members with an AWS cybersecurity certification?

Training & CertificationTeam & Organizational DesignSecurity & GRC

Yes - one29%

Yes - multiple49%

No22%


41 PARTICIPANTS
243 views

Has anyone faced a situation where a client is imposing their security standards on them because they felt that our current maturity was not sufficient?

Customer Relationship Management (CRM)People & LeadershipIT Strategy & Roadmap+1 more
167 views

If the bulk of your workforce is hourly, non-salary, frontline or essential – a digital workplace is an:

People & LeadershipDisruptive & Emerging TechnologiesTeam & Organizational Design+22 more

Important solution for today’s way of working53%

Interesting idea to explore for 202241%

Not necessary6%


215 PARTICIPANTS
1.1k views1 Upvote1 Comment