Which of these resources have you used to design cybersecurity programs?
Control frameworks18%
Program frameworks38%
Risk frameworks22%
Consultant services11%
Managed security service providers (MSSPs)5%
Other outsourcing services3%
Other
155 PARTICIPANTS
1.6k views1 Comment
Sort by:
Content you might like
How does your cyber compliance team stay informed about new and changing regulations impacting your organization's compliance? Additionally, how are cyber compliance teams tracking, measuring and reporting on internal compliance?
The data19%
The people43%
The processes21%
The policies12%
I wish I knew5%
‘AI’ Business Model – With many components flowing into the AI domain (cost, data, E&C, people, value, strategy, duplication of everything, etc.), I’ve started to think about splitting out ‘AI’ from the operating model and putting it into a separate legal entity. This way, I could manage a) risk and compliance, b) cost, c) resource allocation, d) governance, e) IP, f) revenue generation, etc.
Of course, this isn’t new in general, but I’m especially interested in how this approach could help with the ongoing challenge of ensuring compliance with data privacy and regulations related to LLMs and data access/usage over time.
My question: Is anyone else thinking about this, or has anyone already done it? I know there are examples in the literature, but I wanted to float this here for general comments and discussion.
Are you implementing any of these security functions in your cybersecurity program in the next 12 months? Select all that apply.
Security controls such as EDR, authentication solutions, email security, etc.47%
24/7 monitoring, proactive detection, investigation, and response from a SOC.70%
Threat hunting based on IoCs, IoAs, or your validated hypotheses.66%
Enhanced post-incident capabilities to recover as soon as possible and improve your posture.51%
Delegate to your MSSPs or SOC advanced detection, response, and hunting capabilities.8%
None of the above.1%
Should be multi-select answer.