point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

I plan to rely on static annual external assessments of security to judge effectiveness61%

I plan to look at security performance management capabilities to assess continuously my security effectiveness39%


546 views2 Upvotes1 Comment

Chief Evangelist | Former Gartner Analyst | Former CISO in IT Services, 11 - 50 employees
Unfortunately the link is broken

Content you might like

Founder, Self-employed
Work travel is a privilege. Embracing your experience to meet new people, and see the beauty of nature and culture wherever you go.
Read More Comments
57.4k views48 Upvotes35 Comments


Yes, but not enough, we want/need to ramp up39%


No, but I expect this will change soon6%


1.7k views1 Upvote1 Comment