point in time security assessments or security performance management that is more continuous / automated - which do you prefer ?  Check out this paper by Ed Amoroso - retired ATT Chief Security Officer - founder of TAG Cyber  https://www.tag-cyber.com/analysis/white-papers/requirements-for-security-performance-management

LeadershipSecurity & GRC

I plan to rely on static annual external assessments of security to judge effectiveness70%

I plan to look at security performance management capabilities to assess continuously my security effectiveness29%

253 PARTICIPANTS
1.1k viewscircle icon2 Upvotescircle icon1 Comment
Sort by:
Chief Evangelist in IT Services2 years ago

Unfortunately the link is broken

Lightbulb on1

Content you might like

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

In your opinion, which function SHOULD own AI governance at your org?

IT19%

Data and analytics22%

Infosec10%

Privacy5%

GRC9%

Cross-functional working group/center of excellence33%

Something else (explain in a comment)2%

View Results

Why do you think there are so few mature AI-driven autonomous pentesting solutions on the market, and why does this topic seem to generate more hype than in-depth technical discussion?

Read More Comments

What does the blueprint look like at your org for a minimal viable organizational structure needed to run an AI governance program?

If you were in the market to address ITSM, Identity Management, Patch & Release Management, and Endpoint Security for a mid-sized company, would you:

A) go with a one-stop-shop if such a solution existed?76%

B) best of breed24%