Leadership sees cyber risk as a zero-sum game.

Governance, Risk & ComplianceRisk Management

Agree – this is true for my org63%

Neutral30%

Disagree – this isn’t the case for my org5%

281 PARTICIPANTS
3.2k views

Content you might like

CISA’s 37 cybersecurity performance goals are too basic.

Strongly agree8%

Agree61%

Neutral20%

Disagree9%

Strongly disagree

View Results

I am looking for insights on establishing an Architecture Review Board (ARB) within our organization. As we aim to enhance our architectural governance and ensure alignment with our strategic objectives, we recognize the importance of setting up an effective ARB. To this end, I would greatly appreciate your guidance on the following aspects:       1. Establishing a Charter: What key elements should be included in the ARB        charter to clearly define its purpose, scope, and authority?       2. Member Selection: What criteria should we consider when selecting members for the ARB to ensure a diverse and knowledgeable board?       3. Review Process: Could you share best practices for structuring the review process to ensure thorough and consistent evaluations of architectural proposals?       4. Decision-Making: What are effective methods for making decisions within the ARB, and how can we ensure transparency and accountability?       5. Documentation and Communication: What templates or tools would you recommend for documenting reviews and communicating decisions to stakeholders?      6. Measuring Success: How can we establish criteria for measuring the success and impact of the ARB on our architectural practices? Your expertise and experience in this area would be invaluable to us as we embark on this initiative. Any additional insights or resources you could provide would be greatly appreciated. 

Read More Comments

We are on the cusp of conducting a pilot of AI tooling - we intend to use Gemini & CoPilot, providing training, guidance & policy to our user group.  Before we start we should conduct a risk assessment -  my question is: can you recommend a tool or template?

Read More Comments

If you get hired by an SMB and you’re the company’s first/only security practitioner, where should you start? (Should you focus on SANS top 20 controls? Or start with the NIST framework?)

Read More Comments

Have you patched CVE-2022-3786 or CVE-2022-3602, both of which have an 8.8 rating?

Yes, both30%

Yes, but only 378650%

Yes, but only 36028%

Patching is in progress for one or both6%

No4%

View Results
Leadership sees cyber risk as a zero-sum game. | Gartner Peer Community