point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

LeadershipSecurity & GRC

I plan to rely on static annual external assessments of security to judge effectiveness72%

I plan to look at security performance management capabilities to assess continuously my security effectiveness28%

259 PARTICIPANTS
1.1k viewscircle icon2 Upvotescircle icon1 Comment
Sort by:
Chief Evangelist in IT Services3 years ago

Unfortunately the link is broken

Lightbulb on1

Content you might like

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments

Can you share any effective processes/strategies you’ve used to integrate cyber risk management and enterprise risk management at your org?

Read More Comments

Do you think DOGE's actions are likely to enable a successful ransomware attack on a U.S. government agency?

Extremely likely7%

Very likely22%

Somewhat likely17%

Neutral25%

Somewhat unlikely12%

Very unlikely9%

Extremely unlikely9%

Hard to say/Don’t know

View Results

Who leads the most AI projects with business impact at your company? The CEO or the CIO?

CEO34%

CIO62%

Other (please specify below).2%

View Results

Do you use an ERM-system that also includes cyber security risk management? What tools or systems do you use?

Read More Comments