How do you evaluate overall Product Security risk in a software company? Do you use $$$, percentages, Risk levels (L,M,H). Do you reciprocate risk with the estimated effort required to reduce it? If yes, do you use $$$, effort days, or similar?

3.6k views2 Comments

Sort by:

Chief Information Security Officer in Healthcare and Biotech2 years ago

Quantification of impact is super important. If the product ( s/w) is down then the business loss and reputation is the primary; if legal implication is there - count that too.

CIO in Services (non-Government)2 years ago

We always lead with risk levels and potential regulatory issues that could arise due to product security issues, followed by $$$$ exposure.

We are HIPAA and GDPR heavy, in terms of regulatory compliance, and we have PCI-DSS and other customer/patient data that could potentially be exposed unless we ratchet up our security posture and we most definitely focus on code hygiene and security by way of end-to-end encryption.

Content you might like

How concerned are you about potential unauthorized data sharing when collaborating with external vendors for Gen AI?

Very Concerned20%

Somewhat Concerned60%

Neutral13%

Not Very Concerned6%

Not Concerned at All1%

View Results

Hi everyone! 👋

We’re exploring software solutions that allow companies to set up an online marketplace where employees can redeem points for rewards.

Ideally, the platform should support:
-Company-branded merchandise
-A wide selection of other gift options (e.g., experiences, tech, apparel)
-Easy point allocation and tracking
-Customization and integration with internal systems

One example we’re looking at is Givenly. Has anyone used them or something similar?

Would love to hear what platforms you’ve had success with — especially those that are easy to manage and scale across departments.

Thanks in advance!

I'm looking to create several strategic roadmap documents for senior management for a variety of platforms including ServiceNow and Salesforce. I need to consider the following points also: • Higher level "Why we are doing it" • Wider business benefits • Business Objective based • Need to include things being Secure & Resilient • Consider Tech Debt Does anyone have any examples of something similar they would be willing to share to give my ideas on the format and approach?

How are you establishing and measuring the business value of your IT initiatives? (pick all that apply)

Return on Investment (ROI)44%

Total Cost of Ownership (TCO)41%

Net Present Value (NPV)23%

Internal Rate of Return (IRR)11%

Payback Period22%

Business Process Improvements (e.g., increased efficiency, reduced cycle times, or enhanced productivity)44%

Customer Satisfaction and Retention30%

Competitive Advantage18%

Risk Mitigation27%

Ability to Foster Innovation and Agility14%

Employee Satisfaction19%

Something Else (share in a comment!)3%

View Results

How do you evaluate overall Product Security risk in a software company? Do you use $$$, percentages, Risk levels (L,M,H). Do you reciprocate risk with the estimated effort required to reduce it? If yes, do you use $$$, effort days, or similar?

Sort by:

Content you might like

How concerned are you about potential unauthorized data sharing when collaborating with external vendors for Gen AI?

How are you establishing and measuring the business value of your IT initiatives? (pick all that apply)

Has anyone recently implemented platform engineering? Could you share the pros and cons that your team is experiencing?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

CrowdStrike Outage: Impact And Recovery

DevSecOps: Strategies, Organizational Benefits and Challenges

Green Cloud Computing

Omnicloud: The Future of Cloud Computing?

Generative AI and Software Engineering Teams: Adoption and Training

Take Your Insights On-the-Go