Which security threat concerns you the most?

Security & GRC Threat & Vulnerability Management Identity & Access Management (IAM)+8 more

API breaches19%

Open source & code vulnerabilities31%

Automated website fraud (formjacking, bad bots, Credential stuffing, account takeovers etc.)30%

Insider threats (Excessive permissions, phishing, etc.)19%

Other (comment below)2%

756 PARTICIPANTS

5.6k views29 Upvotes3 Comments

Cyber Threat Intelligence and Incident Response Manager in Software, 201 - 500 employees

I believe the only threat we are still failing to create a solution for is the Human Element. We can implement systems to mitigate some risks from phishing insider threat. However, I feel like building that Security culture is the biggest factor.

Once the Security culture is built, it's about maintaining it

4 2 Replies

Information Security Analyst in Software, 51 - 200 employees

Is it possible that a security culture can be obtained by choosing solutions which get employee buy-in? Noise-free type of solutions which require little to no engagement/friction?

Cyber Threat Intelligence and Incident Response Manager in Software, 201 - 500 employees

Right-hand have a micro learing that give regular bites sized modules to continue the engagement. Without taking huge chunk of time

Content you might like

How often do you review and update control mappings?

Security & GRC

Monthly28%

Quarterly43%

Semi-annually19%

Annually6%

Less frequent than annually4%

187 PARTICIPANTS

4.6k views1 Upvote

How are companies planning to change manage the roll-out of Data Loss Prevention (DLP)? We have programme of work to roll this out and would be interested in getting feedback on how other companies have successfully rolled it out, and any lessons learnt that they are happy to share.

Security & GRC

IT Manager in Transportation, 10,001+ employees

Always remember about Risk Assessment. Conduct a thorough risk assessment to identify potential data loss risks and vulnerabilities. Use this assessment to prioritize DLP efforts.

I would like to know the status of data governance, the formulation of guidelines and rules, and the actual use of physical secure rooms and their level at other companies, including pharmaceuticals that handle personal information. Would anyone please share their experience?

Governance, Risk & Compliance Data Protection & Encryption Risk Management +3 more

Software Engineer in Software, 51 - 200 employees

The data governance policy should include procedures for managing data quality and integrity to prevent data errors, inconsistencies and other issues and to find and fix problems that do occur. It should also detail data ...read more

Where does the concept of Defense in Depth play into your org’s cybersecurity strategy? What are you doing practically to integrate that?

Security & GRC Security Strategy & Roadmap Risk Management +1 more

Director of IT in Education, 5,001 - 10,000 employees

This question requires a long explanation, but in a nutshell, implemented in the Risk Management Framework (NIST RMF). It is a layered protection in every step of the RMF.

Wondering if infosec folks consider the risk of burnout to be an unavoidable part of cybersecurity roles?

Culture & Values Security & GRC Employee Engagement

Yes, it’s unavoidable in cyber54%

No, it can be avoided42%

I don’t know…4%

322 PARTICIPANTS

12.4k views1 Upvote6 Comments