How do you currently involve departments and teams outside IT/security in your vulnerability management efforts, if at all?

Security Strategy & Roadmap Threat & Vulnerability Management

791 views2 Comments

Sort by:

Mission Diplomatic Technology Officer in Government2 years ago

As a risk statement with customer archetype check in every six months. Will only highlight maybe one risk that is appropriate to them out of our 20, but follow with the list of all risks we are tracking in our portfolio.

Have not measured for effectiveness, but it does creat awareness and a level of alliance-ship. Removes the use versus then and shapes it more as a we problem. Also helps gain perspective on their risks that I might not know or understand.

Anecdotally we feel there is more customer actions and partnership when we raise a vulnerability we are working to mitigate.

CISO in Education2 years ago

Coordinate Vulnerability Management Team (VMT) meetings to try and collaborate and/or facilitate remediation of vulnerabilities. Often, we've found that folks want to try and do the right thing, but don't necessarily have the connections or the the right level of influence to drive a vendor to fix an issue and/or prioritize an effort internally.

Content you might like

Data Analytics-as-a-Service (DAaaS) is a cloud-based delivery model for data analytics & AI. What do you see as the most important enabler for you to adopt DAaaS for your business?

Ease of getting my data into the DAaaS platform9%

Tools that make it easy to create use cases with the DAaaS platform41%

A pre-existing library of dashboards and report templates to help me quickly get up-and-running32%

The ability to try out the DAaaS platform for free before buying10%

Services from the DAaaS vendor (consulting, support, training)3%

Confidence that my data is safe in the cloud2%

View Results

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

What’s the top cybersecurity challenge concerning your organization right now?

AI-driven threats (deepfakes, automated attacks) 18%

Software supply chain risks 24%

Insider risk (both malicious & accidental) 13%

Regulatory compliance 13%

Cloud misconfigurations 13%

Shadow IT (or shadow AI) 8%

Ransomware 5%

Talent shortage in cybersecurity3%

Something else (comment to explain)3%

View Results

What are the best practices for securing the MFA registration phase when moving from SMS to phishing-resistant methods like passkeys (FIDO2) or TOTP-based authenticator apps? Specifically, how can we mitigate risks in device enrollment and key provisioning without phone numbers? What innovations are your organizations implementing or have implemented to bolster this process? - I don't see this as a competitive advantage but all of us good guys against the bad.

How do you currently involve departments and teams outside IT/security in your vulnerability management efforts, if at all?

Sort by:

Content you might like

Data Analytics-as-a-Service (DAaaS) is a cloud-based delivery model for data analytics & AI. What do you see as the most important enabler for you to adopt DAaaS for your business?

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

What’s the top cybersecurity challenge concerning your organization right now?

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

What sets us apart?

Take Your Insights On-the-Go