Do your end users prioritize user experience over privacy? If not, what is an example of this?

Governance, Risk & ComplianceSecurity & GRCData Privacy
2.1k views4 Comments
Deputy Chief Engineer(Information Technology) in Energy and Utilities, 5,001 - 10,000 employees
Yes.
1
CIO in Energy and Utilities, 11 - 50 employees
They do because they want easier ways to interact with technology, not worrying about other intrincacies such as security. 
On the other hand not many users fully understand how important security is until they have problems. 
We have to make sure they understand how important security is without getting too geeky about it or you will loose their interest.
Group IT Manager Operations in Construction, 5,001 - 10,000 employees
User experience is always preferred by end users.
1
Associate Director, R&D in Education, 201 - 500 employees
I'm not sure if they (or us as a Software provider) prioritize UX over Privacy, but I know for sure that you cannot go wrong with Privacy if you're dealing with PI or PII. And, with regulations like the GDPR, it becomes all the more important to never down-prioritize Privacy atleast.
1

Content you might like

When migrating to the cloud, what's the top security issue that concerns you?

CloudSecurity & GRC

Data security52%

Shared resources/services34%

Compliance11%

Other: please specify.1%


703 PARTICIPANTS
2.6k views5 Upvotes1 Comment

Would anyone be willing to share best practices about how their organization deals with ensuring Cookie Compliance, specifically to GDPR rules? Where should this sort of compliance review sit in an organization? The particular issue we have is who should review new web deployments that use cookies and to make the decisions on whether Cookies are Strictly Necessary or Functionality Cookies. For example is a Cookie required for a Live Chat to work Functionality or Strictly Necessary? Our Security team does not consider taking on these compliance reviews as their domain, as Cookie Compliance is not an internal security matter and the Data Protection team has a limited interest as the GDPR rules around Cookies apply in case of any Cookie being used by a website, whether or not it contains personal data. 

Security & GRCRegulatory Compliance
610 views1 Comment

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


361 PARTICIPANTS
9.7k views9 Upvotes1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
143 19 Replies
Read More Comments
47k views133 Upvotes324 Comments

What are some effective ways to get buy-in from leadership to establish your first security PMO?

Security & GRCSecurity Strategy & RoadmapInternal CXO Relationships
153 views1 Comment