What do you do when a business won't follow your cybersecurity recommendations?

Consulting & Professional ServicesSecurity Strategy & RoadmapBusiness Relationships
969 views4 Comments
CTO in Software, 11 - 50 employees
You have to treat those situations with the same disposition a doctor would have. I've done over 200 assessments around the globe, often in organizations that are seen as mission-critical to the country they’re in. It’s often a massive enterprise that’s responsible for the country’s gross domestic product, so I don't take it personally when they take my report and put it on a shelf. I did everything I could; I learned about the system and its makeup. It’s just the nature of the beast. 

CISO in Software, 10,001+ employees
Recommendations should always have details on the risks or impact if the recommendation is not followed so everyone and businesses are aware of the potential implications based on their decisions
CISO in Education, 5,001 - 10,000 employees
You can lead a horse to water but you can’t make ‘‘em drink!
Director of Information Security in Energy and Utilities, 1,001 - 5,000 employees
You are there to advise the business on cyber risks.  If the business understands the potential impact of the risk to the business, you've done your job.  Do document your recommendations and their responses for your record.

Content you might like

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
38.5k views128 Upvotes316 Comments

How do you approach security awareness training for your organization?

People & LeadershipStrategy & ArchitectureProcess Management+8 more

We provide company-wide training57%

We only train certain departments/roles32%

We have a targeted individual training approach.9%

I am unsure how we handle security training.3%


230 PARTICIPANTS
572 views

Which of the following modernization techniques have you used in the past year?

Strategy & ArchitectureCloudData & Analytics+9 more

Cloud43%

API Gateways26%

Modularization20%

Flexible Infrastructure19%

Digital Decoupling10%

Total Replacement6%

Other (please comment below)2%


625 PARTICIPANTS
2.2k views3 Upvotes1 Comment

Thoughts on cybersecurity mesh architecture (CSMA)? Is it just a new buzzword or a genuine step up from Zero Trust and SASE?

Zero TrustSecuritySecurity Strategy & Roadmap+1 more
Read More Comments
3k views1 Upvote3 Comments

Where does the concept of Defense in Depth play into your org’s cybersecurity strategy? What are you doing practically to integrate that?

Security & GRCSecurity Strategy & RoadmapRisk Management+1 more
Director of IT in Education, 5,001 - 10,000 employees
This question requires a long explanation, but in a nutshell, implemented in the Risk Management Framework (NIST RMF). It is a layered protection in every step of the RMF.
1
Read More Comments
4.9k views4 Upvotes15 Comments