Does your organization regularly reevaluate its IT & Security posture? If so, how often?
Never14%
Yes, on our 5-year plan24%
Yes, once a year30%
Yes, we constantly question our posture and look for newer, better architectures and solutions25%
Yes, but not regularly - only when a pressing need emerges5%
Sort by:
yes , it should required for every organisation if its small size or mid size.
We tend to update our risk matrix every year to make sure our priorities are still correct. We also have a multi-year security roadmap that lays out the overall trajectory we are on, and that is updated as needed throughout its lifetime, if only to go to the powers-that-be and obtain the funding approval for the next year's tranche of topics. We also semi-regularly bring in outside expertise to perform an overall assessment of our approach to security (organization, priorities, tools...) and ensure we are still reasonably in line with industry best practices.
I find there is a lot of value in these roughly annual updates, but in between we do need to let the teams actually get stuff done without pulling the rug out from under them, so I am not sure it would be very useful to do these kinds of exercices more often, barring of course some sort of major disruption.
Yes and each quarter