Can you share some of the best practices you've developed in your organization to ensure ongoing compliance for cybersecurity?

Security Strategy & RoadmapRegulatory Compliance
2.7k viewscircle icon4 Comments
Sort by:
VP of Information Security in Energy and Utilitiesa year ago

Document Controls in your Standards and create measurements to ensure they are implemented effectively

CTOa year ago

Bringing policies, processes with tools

Senior Information Security Manager in Softwarea year ago

These three things go a very long way.
1 - Reduce attack surface
2 - Patch management
3 - Anti-virus/malware/ransomware.

Director of IT in IT Servicesa year ago

We have a Comprehensive Cybersecurity Policy, we conduct regular risk assessments to identify and prioritize potential cybersecurity risks, continually we educate and train our employees on cybersecurity best practices. We have a strong mechanism for Identity and Access Management.

One of the most important things is to engage with industry peers, security professionals, and regulatory authorities to stay informed about the latest cybersecurity trends, threats, and best practices.

From technological preceptive, we have RSA Archer GRC, Tenable Nessus for Vulnerability Management, IBM QRadar (SIEM), okta for IAM and CIS membership.

Content you might like

What are the main 10 features requested in a GRC platform?

Read More Comments

What advanced identity analytics or continuous access controls is your organization using (or planning to implement)? Any lessons learned you can share regarding vendor selection or implementation?

Read More Comments

In your opinion, which function SHOULD own AI governance at your org?

IT19%

Data and analytics23%

Infosec9%

Privacy5%

GRC10%

Cross-functional working group/center of excellence33%

Something else (explain in a comment)2%

View Results

What does the blueprint look like at your org for a minimal viable organizational structure needed to run an AI governance program?

Read More Comments

Which cybersecurity assessments do you prefer to conduct internally?

Threat assessments31%

Risk evaluations48%

Control reviews36%

Policy reviews35%

Change management process assessments18%

Incident reviews24%

Training program validation13%

Issue remediation18%

Application assessments13%

System assessments13%

Baseline assessments15%

Other (I’ll explain in the comments)

View Results