How would you describe the maturity of the risk management program at your organization currently?

Security & GRCThreat Intelligence & Incident Response

Early Stages - the security activities haven't been planned/deployed yet.16%

Middle stage - we've planned security activities, but we've only partially deployed them.60%

Late-middle stage - we've deployed the majority of our security activities and it's keeping up with threats.19%

Mature stage - all security activities are deployed and are proactively detecting threats.3%

592 PARTICIPANTS
3.4k viewscircle icon1 Upvote

Content you might like

In terms of ZeroTrust and organizations building out their environments in such a way that makes sense and minimizes risks. As a medium to large enterprise, are you satisfied with your progress to date? To riff a bit more on this topic , NIST 800-207 is a good read, it covers both greenfield and continuous improvement ZeroTrust scenarios. Similar to data compliance, I think most of us never experience greenfield.

Yes59%

No24%

Unsure10%

Too early to tell6%

View Results

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

Read More Comments

Are you considering a move to the Gartner SASE model?

Yes, going with a best of breed model - multi-vendor27%

Yes, going with a single vendor SASE model44%

Learning/Planning Phase9%

No.18%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Read More Comments