What do you do when business unit leaders push back on your SOC’s recommendations?

Relationship Management Security & GRC Internal CXO Relationships +2 more

969 views4 Comments

C-PIO in Software, 10,001+ employees

Listen. Then explain it is a shared responsibility. Appeal to corporate governance that we are all in this together.

CIO in Services (non-Government), 201 - 500 employees

Remind them of their responsibility to keep patient data safe and secure, and then reiterate the COST in dollars and to reputation of any breach, not to mention how it reflects on them as the leaders of our organization. Regulatory consequences for us (HIPAA, GDPR) are severe.

CIO / Managing Partner in Manufacturing, 2 - 10 employees

Ensure the risk is clearly defined in business terms, the likely loss of business, reputational damage etc.

Listen to their concerns and discuss them.

CEO in Services (non-Government), 2 - 10 employees

From business perspective, list the risks of non-compliance/not making necessary investments in layperson terms and the ROI of any required investments. Using Poneman 2022 as your reference, quantify the risk in terms of lost revenue ($4.35M average) and the impacts financially on margins, earnings, stock price, bonuses, etc. Present a risk reduction business case vs. what may be perceived as overbuilding/overreach.

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & Leadership Strategy & Architecture Cloud +57 more

CTO in Software, 201 - 500 employees

Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.

142 19 Replies

A recently reported security vulnerability in Microsoft's MSHTML browser engine is being detected all over the world. It affects everyone with a Windows machine of any kind, as it's based on the victim opening an infected MS document attachment. Has your organization been targeted by this attack in the last 3 months?

Security & GRC Threat & Vulnerability Management News

Yes56%

No29%

Unsure14%

498 PARTICIPANTS

1.3k views1 Upvote

Are you planning to improve endpoint security in the next 12 months with any of these additional capabilities?

Security & GRC Threat & Vulnerability Management Identity & Access Management (IAM)+8 more

Patch management: to reduce attack surface and avoid system misconfigurations39%

Malware and ransomware prevention: to protect endpoints from social engineering attacks58%

Malware and fileless malware detection and response: to protect against malicious software49%

Threat Hunting: to detect unknown threats that are acting or dormant in your environment and have bypassed the security controls33%

Not planning to change endpoint security strategy10%

184 PARTICIPANTS

372 views

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRC Threat & Vulnerability Management

ISSO and Director of the IRU in Healthcare and Biotech, 10,001+ employees

I would definitely suggest this based of how you categorize your types of data/systems and information being stored in certain parts of your data center. I think it’s really dependent on the size of your organization and ...read more

What's your initial reaction to Cisco acquiring Splunk?

Applications & Platforms Security Strategy & Roadmap IT Strategy & Roadmap

Director Global Network / Security Architecture and Automation in Finance (non-banking), 10,001+ employees

Nothing ever dies in Enterprise. Why did Broadcom Software buy Symantec and VMWare, why did SDX Central post a story today about MPLS and how it lives on. Why is the hot news about cloud repatriation becuase a terrible app ...read more

915 views1 Upvote1 Comment