Overall, was Biden’s executive order a net-positive for the cybersecurity industry?

Governance, Risk & ComplianceSecurity & GRCRisk Management+6 more
810 views4 Comments
Community Manager in Software, 11 - 50 employees
You can find the full executive order here: https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/
Member Board of Directors in Finance (non-banking), 201 - 500 employees
Anything is positive. The requirement to report within a certain date is great, but that wouldn't help any of the departments or companies that don't know that they've been breached. So it's not going so far as to say that if you do know about a breach then you have an obligation to report. In California, we already have regulations requiring us to report if any of the consumers’ PII has been stolen, but it's not doing that much to help proactively identify a breach.
1 1 Reply
Board Member, Advisor, Executive Coach in Software, Self-employed

Regardless of what sector we're in, an EO written like this has some ripple effects that will affect security, CIOs, and board members in different ways. Some of it is directional towards federal agencies, but some of the order has broader implications which will have a tail going across a wide variety of industries. Being aware of these developments is helpful from a planning perspective, but you can also point to this executive order and ask suppliers or third parties that you're involved with what they're doing about it and integrate that into your third-party risk management.

Board Member, Advisor, Executive Coach in Software, Self-employed
The primary thing that I liked about this executive order was that it's using the purchasing power of the US to effect some change. That's probably an over-simplification, but there's certainly a lot of that: Political moves that might move the needle a little bit, but broadly might not do a whole lot. There's a decent amount in the order on effecting change in supply chain security, which is pretty solid. I'm a big believer in NIST and their guidelines, and if people followed those guidelines even directionally it would make a big difference. I was actually pleased to see that it was more NIST-focused to define things in the software supply chain.

Content you might like

Where do HR and other non-security/IT departments fit into your insider risk management strategy/program? What role do they currently play?

Security & GRCRisk ManagementThreat & Vulnerability Management+1 more
Read More Comments
4k views1 Upvote7 Comments

What are some great on-prem and SaaS programs for internal PKI and Certificate Life Cycle Management? 

Applications & PlatformsSecurity & GRC
Read More Comments
1.8k views1 Upvote2 Comments

Have you launched any programs to close the cybersecurity skills gap?

Training & CertificationSecurity Strategy & RoadmapPortfolio, Program & Project Management

Yes48%

Not yet, but we’re developing one.36%

No13%

Other (please specify)2%


424 PARTICIPANTS
2k views1 Comment

How does your company handle AD accounts after a person leaves the company?  We have been changing the passwords, disabling them, and moving them to a separate OU, but I'm interested to hear if you do anything else.

Security & GRC
Product development engineer in Manufacturing, 201 - 500 employees
whattt
Read More Comments
936 views2 Comments

What are your CEO's top priorities for you this year?

Strategy & ArchitectureTeam & Organizational DesignCulture & Values+4 more

Lead digital business/transformation initiatives26%

Upgrade IT and data security44%

Identify new data-driven business opportunities15%

Collaborate with business leaders on customer initiatives4%

Help reach specific goals for corporate revenue growth11%


194 PARTICIPANTS
1.3k views1 Upvote