point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

LeadershipSecurity & GRC

I plan to rely on static annual external assessments of security to judge effectiveness70%

I plan to look at security performance management capabilities to assess continuously my security effectiveness29%

253 PARTICIPANTS
1.1k viewscircle icon2 Upvotescircle icon1 Comment
Sort by:
Chief Evangelist in IT Services2 years ago

Unfortunately the link is broken

Lightbulb on1

Content you might like

How does your company split tech spending between “IT” and “Platform” categories?

All spend considered as IT37%

3/4 IT and 1/4 Platform43%

1/2 IT and 1/2 Platform15%

All spend considered as Platform4%

View Results

Have you considered employing usage-based billing to help stop revenue leakage at your organization?

Yes, we have usage-based billing20%

Yes, I've considered it55%

No, I haven't considered it20%

I'm unfamiliar with "usage-based billing"3%

View Results

What advice do you have for technology leaders that need help navigating the US administration's executive order to recalibrate the nation's AI strategy? Where do I begin?

Read More Comments

How do you establish shared accountability for IT cost optimization with business leaders to avoid being the sole owner of spending cuts?

Apart from applying the patches just released, what other mitigation tactics are you using to address the zero-day SharePoint vulnerabilities impacting on-premises servers?