How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Identity & Access Management (IAM)Threat & Vulnerability Management

Very likely6%

Likely44%

Somewhat likely23%

Somewhat unlikely13%

Unlikely8%

Very unlikely3%

Unsure

583 PARTICIPANTS

3.5k views1 Upvote1 Comment

Sort by:

CTO in Software3 years ago

The "basics" of MFA are usually straightforward and not very challenging to get right. The challenging part is what happens next, I often refer to it as "operationalizing" security - driving adoption and awareness, providing training, controlling configuration drift, etc.

Content you might like

How are companies doing Unified Vulnerability Management? The idea is bringing all inputs (AppSec, DevSecOps, VM scanning, asset discovery etc) into one platform. Instead of creating a homegrown solution, are there vendors that do this well?

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Do you accept payments in crypto currency?

Yes, we do today.10%

No, but we plan to in the next 6 months.34%

No, but we plan to further in the future.10%

No, and we have no plans to.44%

View Results

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

GitHub's Developer Rights Fellowship will provide legal support to developers whose source code runs afoul of the Digital Millennium Copyright Act (DMCA). How do you see this affecting open source code legislation?

It will encourage eased restrictions and more advocation on behalf of open source communities.29%

It will bring the wrong attention to DMCA practices and cause additional legal issues.52%

It will balance the scales on difficult to navigate DMCA legislation, but no changes in the foreseeable future.14%

I don't know4%

View Results

How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Sort by:

Content you might like

How are companies doing Unified Vulnerability Management? The idea is bringing all inputs (AppSec, DevSecOps, VM scanning, asset discovery etc) into one platform. Instead of creating a homegrown solution, are there vendors that do this well?

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Do you accept payments in crypto currency?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

GitHub's Developer Rights Fellowship will provide legal support to developers whose source code runs afoul of the Digital Millennium Copyright Act (DMCA). How do you see this affecting open source code legislation?

What sets us apart?

Take Your Insights On-the-Go

How likely is an organization to have misconfigured multi-factor authentication (MFA) settings?

Sort by:

Content you might like

How are companies doing Unified Vulnerability Management? The idea is bringing all inputs (AppSec, DevSecOps, VM scanning, asset discovery etc) into one platform. Instead of creating a homegrown solution, are there vendors that do this well?

What models are in place for risk partners based in Line 2? What are the jobs to be done? How do they operate? What does the structure/operating rythms look like?

Do you accept payments in crypto currency?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

GitHub's Developer Rights Fellowship will provide legal support to developers whose source code runs afoul of the Digital Millennium Copyright Act (DMCA). How do you see this affecting open source code legislation?

What sets us apart?

Take Your Insights On-the-Go

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.