CISOs/heads of security - when capacity constraints are getting in the way of your goals, do you generally feel comfortable explaining this to your exec team? How do you approach that convo without potentially inviting doubts about your own capabilities?

Internal CXO RelationshipsSecurity & GRCAvailability & Capacity Management
2k views2 Comments
Sort By:
Oldest
Chief Information Security Officer in Softwarea year ago
As a CISO or head of security, your role should include managing capacity and communicating effectively with the executive team. When capacity constraints could prevent you from achieving your security goals, it is important to have a candid discussion with your team. It doesn't mean you're incapable, but that there are limitations in resources (i.e., human, technical, financial, etc.) that need to be addressed to achieve a successful outcome. In my experience, everyone is typically working towards the same goal: the success of the organization. Your exec team is there to provide support, and they need your expertise to understand the situation and make informed decisions.
1
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
Chief Information Security Officer in Healthcare and Biotecha year ago
In our periodic meeting, I always put a small para; about some unknown risk which can hit us and when even I feel any unknown risk looks high and bring to the spotlight.  

Content you might like

We are using MDM and MAM with Intune to protect our Office 365 data on employee mobile devices. We also have end-users who are contractors and have existing MDM/MAM controls on their device from their primary employer.  They cannot add our corporate INTUNE controls to the same device according to the Microsoft error messages. The same issue applies to NEDs who work for multiple corporates. Has anyone else found a solution for this?

Management ToolsSecurity & GRCStrategy & Architecture+1 more
Director of Information Security9 days ago
We haven't found a "good" solution short of issuing a separate managed device; the user has to choose whose policies to apply to their device. On Android you can technically create separate user profiles to get around this ...read more
Read More Comments
364 views3 Comments

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Does anyone have playbooks, or checklists covering cybersecurity aspects of Divestitures, Mergers, and acquisitions? 

Security & GRC
Director of Network Transformationa year ago
Excellent question!!  Folks, please share what should be included in a playbook/checklist.  Let's crowdsource one!
3
Read More Comments
4.2k views2 Upvotes4 Comments

What methodologies or frameworks (like NIST CSF, CMMC, etc.) are you using to assess and track your cybersecurity maturity level?

Security & GRCStrategy & ArchitectureManagement Tools+6 more
Data Scientist in Consumer Goodsa year ago
we use CSF to assess and track cybersecurity maturity level
1
Read More Comments
43k views22 Upvotes61 Comments

What is your organization’s current status for implementing endpoint security to protect O365 on mobile devices?

End-User Services & CollaborationSecurity & GRCDevice Management+14 more

Implementation complete23%

Implementation in progress54%

Planned within the next 12 months12%

Not planned7%

Not enabling O365 on mobile2%

View Results
2.4k views2 Upvotes