point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

LeadershipSecurity & GRC

I plan to rely on static annual external assessments of security to judge effectiveness70%

I plan to look at security performance management capabilities to assess continuously my security effectiveness29%

254 PARTICIPANTS
1.1k viewscircle icon2 Upvotescircle icon1 Comment
Sort by:
Chief Evangelist in IT Services2 years ago

Unfortunately the link is broken

Lightbulb on1

Content you might like

As enterprise AI adoption accelerates, how is your organization adapting its governance and risk oversight to keep pace?

Established AI governance framework with defined policies and oversight38%

Currently developing governance models and risk controls63%

Relying on existing security/compliance frameworks (no AI-specific policy)25%

No formal AI governance approach in place4%

View Results

In your opinion, which function SHOULD own AI governance at your org?

IT18%

Data and analytics23%

Infosec9%

Privacy5%

GRC10%

Cross-functional working group/center of excellence34%

Something else (explain in a comment)1%

View Results

How do you think AI will disrupt business across industries? Add to my list: 1. Content creation 2. Photos and video production 3. Basic coding and debugging 4. Strategic analysis to be highly complimented 

Read More Comments

CIOs - how do you remain adaptable and open to change in the face of the unknown?

How do you deal with a mismatch of risk appetites with the board? What are some ways to increase, or temper, the board’s risk appetite if necessary?

Read More Comments