How often do you survey your organization for new, emerging risks? My company currently does quarterly surveys and I am contemplating dropping it down to 2x/year. Appreciate the insights!

504 views2 Comments

Sort by:

Global Chief Cybersecurity Strategist & CISO in Healthcare and Biotech8 hours ago

2x ideally, but honestly really once a year generally around annual assessment time

Director of Design in Healthcare and Biotech2 days ago

It sort of depends how formal processes are related to taking action on the risks identified. We do one annual comprehensive enterprise risk assessment followed by an semi-annual update. If our process was more formal with clear risk owners, there may be a reason for more frequent updates.

Content you might like

What’s the hardest decision you made in the last 6 months that ended up being the right one for your team?

How do you effectively manage patch management in your organization? It is a very daunting operational task but yet important to secure your organization.

Virtual patch 37%

Leverage on AI agent for some low and medium severity58%

Conventional way of patch management (lots of human intervention)15%

View Results

What is a "must have" meeting for you or your team? If you can please share why/what makes it so great - topic, frequency, etc. - I'm looking to brainstorm some fresh opportunities for my group.

When you enter into an organization as a CIO/CISO, what is the first document you prioritize updating?

Information Security Policy21%

Business Continuity Plan54%

Acceptable Use Policy14%

Incident Response Plan7%

Other (share below)1%