Does anyone use a commercially available Control library and also us the same for audit management/policy and  effectiveness metrics. If yes would also like to discuss and brainstorm on how are you using the same for threat modeling and any other area?

Security & GRC
768 views1 Upvote4 Comments
Sort By:
Oldest
Head of AI in Finance (non-banking)a year ago
I have some idea around Azure auditing, can brainstorm on your use case.
1 Reply
Deputy CISOa year ago

Thanks Avljieet,
would you suggest that the Azure auditing maybe sing something like Sentinel or azure 's other securty tool are an example of control library and can be used in other assessments (as a principle) and in threat model? i reckon the configuration elements might be too specific to Azure? keen to learn and  discuss 

IT Manager in IT Servicesa year ago
Yes, we use it to quickly assess the security posture of our assets and threat landscape. We also use it to define our policy, develop effective metrics, and then measure and monitor threat mitigation.
1 Reply
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Deputy CISOa year ago

Thanks Sabir, Could you elaborate a little bit.
Would i right be inferring that there is this list of controls (not oA type) and thier configuration requirement in a xl or a tool/portal  and we can map how we fare and even measure against its sucess? Could you suggest a couple of commercial ones you evaluated?

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

Applications & PlatformsCloudData & Analytics+15 more
Head of Enterprise Architecture MERCK Group in Healthcare and Biotecha year ago
Strategy & Architecture
Read More Comments
39k views5 Upvotes34 Comments

What cybersecurity topics do you think are critical for CIOs to be more involved in, even in orgs that have a CISO?

Relationship ManagementSecurity & GRCSecurity Strategy & Roadmap+1 more
Director of IT in Healthcare and Biotech9 days ago
Cybersecurity governance and risk management (setting up monitoring of emerging threats), data protection and privacy compliance (standardize on data protection across all channels), incident response and recovery planning ...read more
Read More Comments
1.3k views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

What tips or advice can you offer for improving collaboration between historically siloed security operations and IT teams? How can you begin building bridges between them to have better teamwork on things like vulnerability remediation?

People & LeadershipIT Strategy & RoadmapSecurity & GRC
CIO in Educationa month ago
I'm going to highly recommend Keith Ferrazzi's new book - Never Lead Alone - the book will explain how to shift from leadership to teamship. People need to be candid and accountable to and with each other as a start, and ...read more
1
Read More Comments
1.6k views1 Upvote3 Comments