How often does your organization conduct vulnerability and risk assessments?

Threat & Vulnerability ManagementGovernance, Risk & Compliance

Quarterly30%

Twice per year44%

Annually16%

Vulnerability and risk assessments are ongoing activities.8%

488 PARTICIPANTS
3.8k viewscircle icon1 Upvote

Content you might like

As enterprise AI adoption accelerates, how is your organization adapting its governance and risk oversight to keep pace?

Established AI governance framework with defined policies and oversight36%

Currently developing governance models and risk controls64%

Relying on existing security/compliance frameworks (no AI-specific policy)26%

No formal AI governance approach in place4%

View Results

Do you have controls in place to protect your virtual machines from hyperjacking attacks, in which bad actors target the hypervisor with malicious code?

Yes29%

We’re currently implementing these controls53%

We’re currently exploring solutions10%

No7%

Other (please specify)

View Results

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group.  Before we start we should conduct a risk assessment -  my question is: can you recommend a tool or template?

Read More Comments

I am looking for insights on establishing an Architecture Review Board (ARB) within our organization. As we aim to enhance our architectural governance and ensure alignment with our strategic objectives, we recognize the importance of setting up an effective ARB. To this end, I would greatly appreciate your guidance on the following aspects:       1. Establishing a Charter: What key elements should be included in the ARB        charter to clearly define its purpose, scope, and authority?       2. Member Selection: What criteria should we consider when selecting members for the ARB to ensure a diverse and knowledgeable board?       3. Review Process: Could you share best practices for structuring the review process to ensure thorough and consistent evaluations of architectural proposals?       4. Decision-Making: What are effective methods for making decisions within the ARB, and how can we ensure transparency and accountability?       5. Documentation and Communication: What templates or tools would you recommend for documenting reviews and communicating decisions to stakeholders?      6. Measuring Success: How can we establish criteria for measuring the success and impact of the ARB on our architectural practices? Your expertise and experience in this area would be invaluable to us as we embark on this initiative. Any additional insights or resources you could provide would be greatly appreciated. 

Read More Comments

If you get hired by an SMB and you’re the company’s first/only security practitioner, where should you start? (Should you focus on SANS top 20 controls? Or start with the NIST framework?)

Read More Comments