point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

LeadershipSecurity & GRC

I plan to rely on static annual external assessments of security to judge effectiveness72%

I plan to look at security performance management capabilities to assess continuously my security effectiveness28%

259 PARTICIPANTS
1.1k viewscircle icon2 Upvotescircle icon1 Comment
Sort by:
Chief Evangelist in IT Services2 years ago

Unfortunately the link is broken

Lightbulb on1

Content you might like

To what extent are organisations actually realizing measurable value from AI-enabled capabilities in GRC platforms, and to what degree is embedded AI now viewed as a core, expected feature in GRC tool selection rather than a nice-to-have add-on?

How much influence should analytics capabilities have on DEI goal setting?

DEI goals should be set based on current analytics capabilities38%

DEI goals should be set with current analytics capabilities in mind, but not limited by them55%

DEI goals should be set regardless of current analytics capabilities7%

View Results

Do you follow a specific Cyber Security governance framework in your organisation?

NIST47%

ISO 27001 and/or ISO 2700244%

Essential 827%

SOC222%

CIS Controls18%

Other (please name)2%

View Results

What are your IT resolutions for 2026?

What cultural shifts are necessary for IT teams to fully embrace continuous upskilling, and how can CIOs drive these changes across their organizations?

Read More Comments