The FTC Safeguards Rule has recently been updated and mandates that all financial services companies must have MFA in place for applications that store/handle customer Personally Identifiable Information (PII). How are you delivering on this requirement (MFA, SSO, Other)? What have you done to reduce friction (ex. RBAC, CIM) or improve customer experience?

Security & GRC
777 views1 Upvote4 Comments
Head of Cyber Security in Manufacturing, 501 - 1,000 employees
A mix of multitude of topics, rbac, iga, least priviledge, logging combined with mfa best case phish resistant like x509 or fido2 and sso
1
Director of Network Transformation, Self-employed
My recommendation?  Move beyond MFA. The recent Verizon Breach report calls it out.  74% of all breaches included the human element with 86% of breaches involved the use of stolen credentials.  MFA is one layer.  As we saw with the recent Cisco incident, it only works so far.  Better, move to an adaptive trust model leveraging one of the SSE technology providers out there.  Include device posture in access to resources.  Add another or several layers beyond MFA.  And move to Zero Trust.  ZTNA for remote access is a great place to start.  
1
Chief Information Security Officer in Healthcare and Biotech, 1,001 - 5,000 employees
I would say today's customers are very much concerned about their data security and privacy; we, as a ciso along business, need to build awareness among the customers about how MFA will add layer of security to safeguard their assets.
1
Director, Information Technology in Services (non-Government), 10,001+ employees
SSO along with MFA options such as one-time passwords (OTP), hardware tokens, or push notifications to ensure secure authentication.

Options to improve user experience include implementing adaptive authentication, mobile authentication apps, or password-less authentication methods.

Content you might like

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Applications & PlatformsEnd-User Services & CollaborationPeople & Leadership+4 more

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.53%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.12%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).3%


349 PARTICIPANTS
9.2k views9 Upvotes1 Comment

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
46.5k views133 Upvotes324 Comments

Intelligent Process Automation (IPA) is the use of technology, such as artificial intelligence and machine learning, to automate and optimize business processes. It aims to improve efficiency, reduce costs, and enhance decision-making. How far along is your company?

Security & GRCEngineeringArtificial Intelligence & Machine Learning (AI/ML)

IPA has significantly improved our operations.7%

IPA has not brought much change to our operations.34%

IPA is very similar to traditional automation in our company.25%

IPA is quite different from traditional automation in our company.10%

Our company had a smooth implementation of IPA.2%

Our company faced some challenges during the implementation of IPA.5%

Our organization has integrated IPA with other technologies such as RPA and BPM.2%

Our organization has not yet integrated IPA with other technologies.8%

We have not yet encountered any significant challenges with IPA.2%

Our organization has automated some processes using IPA.2%


255 PARTICIPANTS
1.5k views1 Upvote1 Comment

What are some effective ways to get buy-in from leadership to establish your first security PMO?

Security & GRCSecurity Strategy & RoadmapInternal CXO Relationships
123 views1 Comment

We are looking into implementing Wecom / Wechat for Work for our Chinese employees, however we are having difficulty meeting our basic security requirements for SaaS solutions. Has anyone found a reasonably elegant solution to a) provision users through an IGA tool, b) federate with an SSO platform like Okta and most tricky c) send some form of security audit trail to a SIEM? Should we be thinking about this through a different paradigm?

Security & GRCEnd-User Services & CollaborationApplications & Platforms
1.2k views