What can businesses do to prepare for the cybersecurity bills that recently passed through The House?

Governance, Risk & Compliance Security & GRC

189 views1 Upvote2 Comments

Sort by:

Executive Coach / Global Chief Information Officer & CISO in Education4 years ago

Everything in the DevSecOps process is being examined with a fine-tooth comb. Why are you using this open source tool? Why are you using PagerDuty? We’re aiming for complete alignment on that, as well as what we’re using for container and configuration management, and what we’re using to go through the code. It’s reevaluating literally every step of the way.

That’s where the teams get to ask for things like Divebell and Lacework, or any of those other tools that they've been looking at, so that we can fill these gaps. We’re putting in some time to walk through the documentation and create the services as we document everything.

VP, Chief Security & Compliance Officer in Software4 years ago

We're doing some reorganization to prepare for these changes. With so much overhead, you can't move at the speed that your developers and organization want. My data security monitor is helping me drive a threat modeling library right now so that I can advance. They need to test this stuff, so hopefully, that will provide some empowerment.

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

We are considering a scanning solution for detecting Personal Information (PI) in our data assets, mainly AWS S3, DynamoDB, Salesforce, etc. We need the solution to detect PI, identify the type (e.g., infotype), and optionally map it to our own PI categories. We are currently considering BigID. Do you have experience with this tool or any other tools that can help us scan across different data platforms and technologies?

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

Yes, if followed correctly.39%

Unsure38%

No, there is still a significant risk.19%

Other (please tell us in the comments)3%

View Results

We implemented Oracle HCM recently including Redwood. Defining the long term plan for support, we face challenges with our Oracle Security knowledge depth specifically (defining and maintaining roles/ SOD/ SOX etc). Is there anyone who has experience in setting this up after a successful Oracle HCM plus Redwood implementation and would like to share best practices with me?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

HashiCorp (Terraform, Vault, Packer, etc.)22%

Cloud infra automation (Ansible, Puppet, Chef, etc.)56%

APM (Datadog, AppD, SignalFX, NewRelic, etc.)10%

Others?10%

View Results

What can businesses do to prepare for the cybersecurity bills that recently passed through The House?

Sort by:

Content you might like

Which vendor solutions are being considered to "read, identify and redact information" in unstructured data sets? I'm specifically looking at solutions that can mask / redact or hide content within documents, that allow documents to be consumed but certain piece of information to be hidden.

Are CISA's current recommendations for preventing Maui ransomware attacks sufficient?

What's your most indispensable cloud infrastructure tools to use in addition to what you get from GCP, AWS, Azure?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go