Are organizations managing IT security internally, or are they outsourcing to specialized security companies? If they are outsourcing, how do they ensure the security vendor can handle all potential threats and vulnerabilities?

Applications & PlatformsSecurity Strategy & Roadmap
2.9k viewscircle icon2 Comments
Sort by:
Director of IT10 months ago

I have managed both kinds. While the first one is seamless there has to be a tight coupling with the vendor in the second case. They have to become part of the team rather than being seen as a service provider.

Director of IT in Educationa year ago

We do a combination of both.

Content you might like

How does your cyber compliance team stay informed about new and changing regulations impacting your organization's compliance? Additionally, how are cyber compliance teams tracking, measuring and reporting on internal compliance?

How long does your organization retain original systems logs used to filter SOX-related actions into a system that requires review of the logs and retains the filtered logs for seven years? Does your organization consider those original system logs records subject to record retention requirements, or supporting information used to create the SOX records?

90 Days17%

365 Days50%

3 years33%

5 years

7 years

Other (share in the comments)

View Results

User experience should not be a priority in the context of security — do you agree?

Strongly agree10%

Agree57%

Neutral11%

Disagree13%

Strongly disagree6%

View Results

Any tips for evaluating/implementing solutions for application detection and response? What’s your experience been like with these tools so far?

Certificates of Insurance (COI): Collecting from Suppliers for Risk Mitigation • Does your company collect COIs annually from your suppliers? • What criteria do you use to determine from which suppliers to collect COIs annually? Are there industry benchmarks for this?