The recent MGM breach was made possible by a bad actor social engineering the help desk into providing them access. Does your organization take steps to authenticate callers to your help desk before the help desk performs any actions that may allow access (changing passwords, resetting/disabling/reconfiguring MFA etc.)  If yes, how have these methods worked out? Were they effective and did you get any pushback from users?

2.4k views3 Comments
Sort By:
Oldest
Co-Founder in Services (non-Government)a year ago
on a separate note, as an idea, have rules that will alert if people want to disable MFA. 
Chief Information Security Officer in Healthcare and Biotecha year ago
Yes
lock icon

Please join or sign in to view more content.

By joining the Peer Community, you'll get:

  • Peer Discussions and Polls
  • One-Minute Insights
  • Connect with like-minded individuals
IT Analysta year ago
Yes, Service Desk must call them back at their number listed in the company directory.  No user pushback.  

Content you might like

What is your primary deciding factor in adopting enterprise search?

Strategy & ArchitectureCloudEnd-User Services & Collaboration+26 more

TCO19%

Pricing26%

Integrations21%

Alignment with Cloud Provider7%

Security10%

Alignment with Existing IT Skills4%

Product / Feature Set7%

Vendor Relationship / Reputation

Other (comment)

View Results
5.7k views3 Upvotes1 Comment

If you have had a negative experience with a vendor (without naming the vendor), what did you learn from it?

Financial ManagementVendor Management
VP of Global IT and Cybersecurity in Manufacturing6 years ago
Have clear business requirements up front, make sure the proposal includes items such as scope, timeline, cost, resources.
Read More Comments
22.1k views3 Upvotes28 Comments

I have just been asked by an exec from another function to audit a critical project in their portfolio which does not appear to be going well. I have some ideas based on my own PMO experience, but wanted to explore how peers might think about approaching such an exercise. Considerations: - outside my main role - risk of conflict with the leader providing project management services to this exec - sensitivity within the other function to potential criticism of their governance - readiness of the project team to provide relevant information

Relationship ManagementProject ManagementCulture & Values+2 more
CFO3 days ago
I recommend that you consider finding an outside third party to perform the audit.  I have had to do something similar with an unprofitable division/product line that reports directly to our CEO. We outsourced with Alvarez ...read more
1
130 views1 Comment

In the past 6 months, have you seen an uptick in targeted cyberattacks on telehealth devices and networks?

Security & GRCNetworkThreat & Vulnerability Management+2 more

No Increase16%

1-5% increase47%

6-25% increase24%

26-50% increase6%

51-75% increase1%

76%+1%

Other2%

View Results
1.7k views1 Upvote

Looking for others insight into how they are measuring capacity for their Robotics Process Automation Programs. We have almost 100 bots in production and a defined amount of developers. We are continuing to deploy new bots/new use cases as well as sustaining all existing bots in production. What have others done to define a "trip wire" for identifying when you hit max capacity?

Disruptive & Emerging Technologies
18 views