Have you ever joined a security organization after it lost credibility within the business (for instance, after a major breach)? What did you do to build it back up?

Security & GRCSecurity Strategy & Roadmap
3k viewscircle icon1 Upvotecircle icon3 Comments
Sort by:
Senior Information Security Manager in Software3 years ago

Not directly.

But some years ago I was involved with the ISSA Generally Accepted Information Security Principles (GAISP)  project.
Since it was 100% volunteer-based and had no real leadership, it just sort of petered out.

Lightbulb on1
CIO in Government3 years ago

I myself have not been involved with an organization that has had a major security problem. Helped an organization with a security (ransomware) problem. Most important was solving first. Provide the right information to the public and, after recovery, communicate openly and transparently about the attack, the steps taken and the approach to recovery. Of course within the standards of security and privacy. This restored confidence in the organization and normal services were quickly restored.

Lightbulb on1
Senior Director Engineering in Travel and Hospitality3 years ago

Not a security organization, but in the past I have joined a place which had lost its reputation due to other reasons. Its almost like building it back from scratch, like any startup would. Take small steps in building trust, and ensure you pay high level attention to customer retention. If you are truthful and open, people will gain back trust.

Content you might like

Our organization is subject to data retention requirements over very long periods (50 years or more). Do your organizations face similar constraints? If so, what long-term retention strategy have you implemented for these regulated data, and what technologies or solutions do you use to ensure their durability and compliance?

Read More Comments

What type of technology does your organization use to provide access to internal resources for remote users?

VPN46%

ZTNA45%

VDI6%

Other2%

View Results

Are short term bans of the use of GenAI applications and tools (such as ChatGPT) a good idea for end users in most organizations? For context see this article on the State of Maine Government's directive before you vote: https://www.govtech.com/artificial-intelligence/chatgpt-generative-ai-gets-6-month-ban-in-maine-government

Yes - Maine did the right thing. There are too many security risks with free versions of these tools. Not enough copyright or privacy protections of data.30%

No, but.... - You must have good security and privacy policies in place for ChatGPT (and other GenAI apps). My organization has policies and meaningful ways to enforce those policies and procedures for staff.41%

No - Bans simply don't work. Even without policies, this action hurts innovation and sends the wrong message to staff and the world about our organization.22%

I'm not sure. This action by Maine makes me think. Let me get back to you in a few weeks (or months).6%

View Results

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

Read More Comments

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

Read More Comments