What is the most common accidental insider threat you're most concerned about?

Governance, Risk & Compliance Security & GRC

Phishing attacks32%

Spear phishing38%

Poor passwords20%

Orphaned accounts4%

Browsing suspicious sites4%

205 PARTICIPANTS

1.8k views1 Upvote1 Comment

Sort by:

Senior Manager in Consumer Goods5 years ago

Phishing attacks

Content you might like

Are you prepared to meet the new requirements outlined by the California Privacy Rights Act (CPRA)?
https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf

Yes, we’re very prepared16%

Yes, we’re moderately prepared74%

No, we’re moderately unprepared8%

No, we’re very unprepared1%

View Results

How has the COVID-19 crisis affected your IT priorities for 2022? (Select all that apply)

We will be spending more on remote technologies for employees to work from home51%

We will be spending more on network and internet security46%

We are planning to postpone major projects30%

We are planning to increase project load18%

It has not affected our IT priorities13%

Other (please share below)

View Results

As part of our NYSE IPO prep, we’re debating how to communicate our system hardening efforts in regulatory disclosures (e.g., SEC Form 20-F, SFC).

Would you recommend sharing % compliance (e.g., “85% CIS Tier 2”) or sticking to qualitative descriptions of how we identify and mitigate risks? Also, do SFC/ISO 27001 expectations require full ISMS integration, or is a % model acceptable?

We’re preparing for an IPO on the NYSE as a Foreign Private Issuer and evaluating CIS Benchmarks to measure OS and database hardening.

Our proposed tiers:
• Tier 1 (70–80%) baseline
• Tier 2 (85–90%) for sensitive data
• Tier 3 (95–100%) for mission-critical systems

Is 80% compliance defensible for IPO due diligence with SEC or SFC? Should Tier 3 be considered mandatory for critical systems? And can compensating controls (e.g., PAM, microsegmentation) offset gaps in legacy environments?

What is the most common accidental insider threat you're most concerned about?

Sort by:

Content you might like

Are you prepared to meet the new requirements outlined by the California Privacy Rights Act (CPRA)?
https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf

How has the COVID-19 crisis affected your IT priorities for 2022? (Select all that apply)

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go

What is the most common accidental insider threat you're most concerned about?

Sort by:

Content you might like

Are you prepared to meet the new requirements outlined by the California Privacy Rights Act (CPRA)?https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf

How has the COVID-19 crisis affected your IT priorities for 2022? (Select all that apply)

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go

Are you prepared to meet the new requirements outlined by the California Privacy Rights Act (CPRA)?
https://vig.cdn.sos.ca.gov/2020/general/pdf/topl-prop24.pdf