Does your organization regularly reevaluate its IT & Security posture? If so, how often?


Yes, on our 5-year plan29%

Yes, once a year28%

Yes, we constantly question our posture and look for newer, better architectures and solutions20%

Yes, but not regularly - only when a pressing need emerges6%


5k views17 Upvotes2 Comments

CTO for Digital & IT in Healthcare and Biotech, 10,001+ employees
We tend to update our risk matrix every year to make sure our priorities are still correct. We also have a multi-year security roadmap that lays out the overall trajectory we are on, and that is updated as needed throughout its lifetime, if only to go to the powers-that-be and obtain the funding approval for the next year's tranche of topics. We also semi-regularly bring in outside expertise to perform an overall assessment of our approach to security (organization, priorities, tools...) and ensure we are still reasonably in line with industry best practices.
I find there is a lot of value in these roughly annual updates, but in between we do need to let the teams actually get stuff done without pulling the rug out from under them, so I am not sure it would be very useful to do these kinds of exercices more often, barring of course some sort of major disruption.
Senior devops engineer in Software, 10,001+ employees
yes , it should required for every organisation if its small size or mid size.

Content you might like




95.7k views253 Upvotes71 Comments





Less frequent than annually4%


4.8k views1 Upvote