What were the biggest considerations for you when evaluating solutions for insider threat detection?

Security & GRCThreat & Vulnerability Management
3.2k viewscircle icon4 Comments
Sort by:
Chief Information Security Officer in Healthcare and Biotech2 years ago

Couple of points - 
1. Easy of business 
2. Good employee experience
3. Data classification 
4. Granular level visibility

Lightbulb on1
CISO2 years ago

First was defining the assets and actions that were important and what we wanted to do -- observe, alert, act, etc. From those requirements, we evaluated solutions to see how effective they would be for what we needed.

CISO in Software2 years ago

Scale and performance.

Director of Network Transformation2 years ago

How do I protect my sensitive data, how do I protect myself from IT folks with full admin rights and my offboarding process for employees leaving the company.  Been burned by all of those in the past!

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Which pitfalls—model bias, false positives/negatives, data quality, regulatory constraints—often impede AI-based security tools, and how can they be mitigated in a financial-services context?

Read More Comments

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

Seeking insights for research universities regarding CMMC 2.0 adoption and compliance. I'm listing our full question set below, but we would welcome insights on any or all of these:

1. What is the anticipated timeline for CMMC 2.0 adoption by the Federal Government? Any insights on the expected rollout and implementation schedule?

2. From a Higher Ed CIO perspective, what are the key operational differences between each "level" in CMMC 2.0? Are there any specific challenges or considerations especially for research universities?

3. For a research university, which CMMC level would be the most suitable target? Are there any key dates or deadlines that Higher Eds and researchers should be aware of in their compliance journey?

4. What are the most crucial features or elements of CMMC that universities need to achieve compliance? Any recommendations or best practices?

5. Specifically, are there any requirements in CMMC for 7/24/365 "eyes on glass" network and/or endpoint monitoring? If there is an endpoint requirement, does it extend to all servers and laptops issued by the university, or is it limited to hosts involved in research grants? What is expected to demonstrate compliance in this regard?

6. Apart from CMMC compliance, are there other considerations or or strategies to consider when seeking to qualify for/reduce cyber risk insurance costs?

What are your organization’s drivers for implementing RegTech?

Support future growth36%

Automate manual processes59%

Demonstrate compliance49%

Reduce risk exposure43%

Improve customer experience16%

Reduce costs13%

View Results