Have you ever "whitewashed" a real security risk?

Leadership Security & GRC

Yes, on my own10%

Yes, because I was asked36%

No, but I have been asked18%

No, and never been asked34%

1107 PARTICIPANTS

7.3k views1 Upvote13 Comments

Sort by:

IT Manager in Construction2 years ago

Well, my feedback and voce is NO.
I know and I am aware of the chain of responsibility but even when enforce for a compromise, I never did it.
The classic example is the MFA 😉

CIO in Education4 years ago

No, I have not.

Director in Software4 years ago

At some point I have been instructed to not enforce a software policy that could open the door to real risks.

CISO in Services (non-Government)4 years ago

The security risk will always be there. There are mitigating strategies and they work to reduce the impact or the likelihood. When we are given resources to mitigate the risk, or assured, we can whitewash the risk. It is not that I have done it but as a hypothesis, it can happen.

Director of IT in Manufacturing4 years ago

Whitewashing anything is a huge no-no, especially security or safety items.

Content you might like

What is the best work travel advice you’ve ever been given?

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?

What topics would you like to learn more about / be most likely to attend a webinar on?

Ransomware / Malware / Phishing33%

Privacy27%

Cloud Security57%

Network Security34%

Zero Trust vs. VPN33%

Remote Workforce Security28%

Seamless User Experience16%

Legal and Regulatory Compliance8%

View Results

Where do you fall on the Technology Adoption Curve?

Bleeding Edge - We lead the charge!18%

Leading Edge - Willing to accept a reasonable number of issues to be an early adopter62%

Stable - Minimal issues before we adopt19%

If it ain’t broke - As long as it works we are good to go, no need to upset the cart2%

View Results

Have you ever "whitewashed" a real security risk?

Sort by:

Content you might like

What is the best work travel advice you’ve ever been given?

Seeking advice on integrating embedded AI agents into Workday/SAP/etc. How do you handle integration across HRIS, ATS, and LMS? Do you rely on vendor-native tools or build your own in-house registries?

What topics would you like to learn more about / be most likely to attend a webinar on?

Where do you fall on the Technology Adoption Curve?

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go