What do you think about a 3-strikes rule for clicking malicious links? Is that taking risk reduction too far?

Governance, Risk & ComplianceAwareness & Training
2k views3 Comments
Senior Information Security Manager in Software, 501 - 1,000 employees
3 strikes? Babe Ruth struck out 1,330 times in his career.

It may be unfair to penalize an end-user for that, as there are a lot of other factors.

One could also turn the tables and point at information security. Why do they have systems that allow malicious links to enter the system in the first place?

Overall, it is a bad idea.
2
Director in Manufacturing, 1,001 - 5,000 employees
We did not have a three strike or nine strike or any other strike rule

However every single policy and rule we had for any topic, IT, HR, Financial, Travel had the phrase.

“Any employee violating this policy is subject to disciplinary action up to and including termination “

I don’t know of anyone being terminated for clicking on a malicious link, but they may have been encouraged to go work somewhere else
2
CISO in Insurance (except health), 5,001 - 10,000 employees
Security awareness training should be positive and if you have habitual "clickers" they need focused attention to help them strengthen their security prowess. Also, habitual "clickers" can be added to further security control with sandboxing, RBI and other zero trust technologies. 

Content you might like

Have you defined a desired future state (i.e., what success looks like) for your security awareness and training program?

Awareness & TrainingSecurity Strategy & RoadmapRisk Management

Yes30%

We’re currently discussing this45%

No, but I expect that may change18%

No, and I don’t expect that to change5%

Other (please explain in the comments)1%


320 PARTICIPANTS
1.7k views

Should Operational Technology (OT) cybersecurity controls (like NIST) be required by law, or remain as recommendations to businesses?

Strategy & ArchitectureGovernance, Risk & ComplianceSecurity & GRC

Control required by law.67%

Business recommendations.32%


538 PARTICIPANTS
1.9k views1 Upvote5 Comments

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
39.9k views130 Upvotes318 Comments

What is the most interesting/helpful/unique tool you're using right now that no one is talking about?

CloudNetworkCompute+37 more
Senior Director, Technology Solutions and Analytics in Telecommunication, 51 - 200 employees
Palantir Foundry
3
Read More Comments
7.4k views14 Upvotes48 Comments

How do you implement cryptography for top secret information exchange foreseeing a post quantum scenario soon and what types of algorithms do you use? What about network security, are VPN keys are more secure?

Security & GRCNetworkData Protection & Encryption+6 more
CISO in Software, 10,001+ employees
I think we need to be patient and wait for approved NIST algorithms and not rush ahead.
1
Read More Comments
3.3k views1 Upvote4 Comments