What's the board's first question when a cybersecurity incident occurs?

Security & GRC Resilience

Resolution time44%

Cost43%

Reputational Impact12%

Other (please share below!)

492 PARTICIPANTS

3k views1 Comment

Sort by:

Strategic Banking IT advisor in Banking2 years ago

I guess the first question will be around "how long to fix this". The longer it takes, the more visibility it will have. This will impact the reputation of the organization and will cost more (customer loss, cost to fix, penalties if any).

But I agree with James, has it impacted any regulatory rules? Because this leads to another ball game: you will be audited by the regulator authority.

This also applies not only to Cyberattack but also for databreach/dataleak.

Content you might like

When securing your mobile application(s), which of the following is your #1 priority to protect?

Your core data44%

Your cryptographic keys45%

Your proprietary code9%

Other (please comment below)

View Results

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Which of the following category of endpoints represents the weakest security in your organization?

Laptops24%

Mobile devices39%

IoT12%

Network infrastructure17%

Servers2%

Cloud infrastructure3%

Other (please comment below)1%

View Results

Has anyone drafted an SOW for a cloud-based SIEM with setup, migration, and maintenance? I’m working on a FedRAMP-authorized SIEM SOW, migrating from on-prem Splunk, covering data, searches, alerts, dashboards, and models. Scope includes Environment Setup: Cloud provisioning, configuration, testing. Connectors/Parsers: Custom data source integration. Content Development: Rules, use cases, threat feeds. Performance Tuning: Query/index optimization. Runbooks: Operational procedures. Also required: 24x7 support, maintenance, lifecycle and application management, role-based training, and documentation. Must comply with NIST SP 800-53, CJIS, and FedRAMP Moderate+. Goal: Secure, scalable SIEM for rapid deployment. I may be missing elements, so suggestions are welcome. Please share redacted SOWs or tips if possible.

What's the board's first question when a cybersecurity incident occurs?

Sort by:

Content you might like

When securing your mobile application(s), which of the following is your #1 priority to protect?

Are you seeing changes in the quality or speed of threat intelligence from sources you relied on in previous years? Can you share how you are being impacted so far by the uncertainty around public-private partnerships for cyber information sharing?

How can security leaders in smaller organizations stay informed about emerging threats if they don’t have access to formal threat intelligence feeds?

Which of the following category of endpoints represents the weakest security in your organization?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go