Which of these cyber assessments are better conducted by external consultants/services? (Tell me why in the comments)

Security Strategy & RoadmapThreat & Vulnerability Management

Threat assessments30%

Risk evaluations39%

Control reviews30%

Policy reviews34%

Change management process assessments22%

Incident reviews24%

Training program validation28%

Issue remediation11%

Application assessments15%

System assessments12%

Baseline assessments13%

Other (I’ll tell you in the comments)1%

417 PARTICIPANTS
3.8k viewscircle icon2 Comments
Sort by:
Cyber risk / cyber insurance professional, CMO in Softwarea year ago

Assessment will rarely be neutral if done by the teams responsible to make what's being assessed better. You need checks and balances. 
And often an outsider will see elements you just can't see if you're responsible for the function. 

CISO in Software2 years ago

Assessments are always best and performed by external and neutral 3rd parties.

Content you might like

Can anyone share how they have partnered with HR to prevent shadow agents from accessing HR data outside of sanctioned AI platforms/tools?

As a new-to-role CISO, I am wondering how do you make RACI look better than it looks `on-paper` in your company? What I am specifically looking for is, ways of fostering real collaboration and reaching to consensus between oldies and newcomers in their roles. 

Read More Comments

Have you been able to fully implement zero trust in IAM systems at your org?

Yes, fully (all IAM systems)38%

Yes, mostly48%

Currently working on this13%

No2%

View Results

Has your org implemented any breach and attack simulation tools?

Yes21%

Currently implementing BAS37%

Currently evaluating BAS tools26%

No11%

Other/show results3%

View Results

How do you mitigate the impact of unexpected talent departures? Are there any tech solutions or other strategies you use to retain institutional knowledge?

Read More Comments