Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful? If not - what is stopping you from setting this up?

Awareness & Training Threat Intelligence & Incident Response

668 views2 Comments

Sort by:

CISO in Software25 days ago

The first question to ask is whether you are ready with the data lake, resources and time to invest in this space. Not all companies can make this investment internally and are often best working with an external provider to explore this space as a project.

Chief of Information Security in Energy and Utilitiesa month ago

If you have an IR retainer, I'd evaluate their threat hunting service. This usually provides 24/7 threat hunting at the cost of 1-2 FTE (e.g., CrowdStrike Overwatch). If you wish to build your team, consider your ability to attract and retain skilled staff while providing 24/7 coverage.

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

I’m in the process of developing and formalizing the Risk Appetite Statement (RAS) for my organization, a public transport operator. Before we bring the draft to the Board, I’d appreciate your views on the best approach for engaging the Senior Leadership Team (SLT): Is 1:1 engagement more effective to gather candid input? Or would a group workshop be better to align perspectives and drive collective ownership? If anyone has experience developing a RAS specifically for a public transport or infrastructure-focused entity, I’d love to hear your lessons learned or key considerations. Appreciate any tips or tools!

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Security leaders, are you experimenting with generative AI at all for security operations?

Yes56%

Not yet, but we're exploring use cases38%

No4%

View Results

Are you planning to add team members to your cyber security incident response team?

Yes74%

Not sure yet21%

No4%

View Results

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful? If not - what is stopping you from setting this up?

Sort by:

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.

Security leaders, are you experimenting with generative AI at all for security operations?

Are you planning to add team members to your cyber security incident response team?

What sets us apart?

Take Your Insights On-the-Go

Does your organisation have a formalised threat hunting programme? If so - what were the key drivers for you in setting one up and what made it successful? If not - what is stopping you from setting this up?

Sort by:

Content you might like

What’s your organization doing to protect against risks related to disinformation? How are you approaching this & which business unit leaders are currently involved?

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.Has anyone implemented a "not relevant" risk tier in their model?This tier would apply to vendors posing genuinely negligible security risk.

Security leaders, are you experimenting with generative AI at all for security operations?

Are you planning to add team members to your cyber security incident response team?

What sets us apart?

Take Your Insights On-the-Go

A common challenge in our risk-tiering framework for suppliers is that even the lowest risk tier still requires processing.
Has anyone implemented a "not relevant" risk tier in their model?
This tier would apply to vendors posing genuinely negligible security risk.