Are there best practices or staffing models available to assist with setting up a team specific to the management, tracking, compliance and reporting of identified risks and issues.  Ie What's the right ratio of people to identified issues to properly manage those items to completion?

Security & GRC
1.1k views2 Comments
Sort By:
Oldest
Chief Information Security Officer in Healthcare and Biotech7 months ago
ratio of people to identified issues, depending on the size and complexity of the business, nature industry, and the level of risk appetite. Organizations should try to achieve a balance between resource requirements to attend the identified problems timely with efficiency and cost-effectiveness.
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
CIO in IT Services7 months ago
Typically, I'll use a 10-15% ratio against revenue for staffing needs (overall team size). Depending on the size of the company, the number of staff will adjust from this starting point. The CISO also needs to consider the organization's cyber maturity score, the tools that have been implemented, their compliance needs and their incident response rates. There is no hard fast rule here - it's a combination of people-process-technology that lends itself to obtaining the right answer on how to staff.

Content you might like

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

What methodologies or frameworks (like NIST CSF, CMMC, etc.) are you using to assess and track your cybersecurity maturity level?

Security & GRCStrategy & ArchitectureManagement Tools+6 more
Data Scientist in Consumer Goodsa year ago
we use CSF to assess and track cybersecurity maturity level
1
Read More Comments
43k views22 Upvotes61 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes