What terrifies you the most as an IT leader when an employee isn't properly deprovisioned systems access after offboarding?

Security & GRC Threat & Vulnerability Management+1 more

The risk of leakage of sensitive data34%

The risk of a cybersecurity attack through an unmanaged account.53%

The risk of malicious data detection/theft11%

Other (comment below)

559 PARTICIPANTS

2.9k views1 Upvote3 Comments

Sort by:

CIO in Education3 years ago

Good question. They all worry me.

Director of IT in Healthcare and Biotech3 years ago

In addition to the security threat, the cost of unused licenses and unused resources like allocated storage, virtual machines, etc. is something that also needs to be considered with off-boarding. While the impact on a smaller organization may not be significant, for larger organization it does make an impact.
Also the fact that while there is a small probability value associated with security breeches due to unused accounts, the probability of the resource leakage is 1.

Director of Information Security in Energy and Utilities3 years ago

Most terrifying is having to spend countless time explaining to auditors what has happened, how it happened, and what you are doing about it to make sure it doesn't happen again. That is by far the biggest pain that you come across most frequently you fail to off-board folks properly. All others happen sometimes but not nearly frequently enough as being grilled by some audit folks who are happy to pick up on this easy find and grill you on it.

Content you might like

Does your organization provide privacy or other security training to employees using an internal or external resource?

How often do employees need to attend either of the two training types?

Security & GRC

Director Certifications in Education6 years ago

Best practices would be to provide security awareness training annually, which will include privacy data awareness and protection. Many organizations would have outside experts provide this training. However, well run organizations ...read more

Is anyone utilizing the FAIR model for cyber risk quantification? If so, could you please share your experience of adopting the FAIR model and the process that worked for you? I am currently learning about the FAIR model and interested in understanding how to build a risk assessment process using FAIR.

Security & GRC Peer Insights

Chief Information Security Officer in Manufacturing3 days ago

Yes, many organizations have adopted the FAIR (Factor Analysis of Information Risk) model for cyber risk quantification due to its structured approach and ability to translate risks into financial terms.
(1) The process ...read more

891 views1 Upvote1 Comment

What are your biggest challenges with SIEM / Security Analytics?

Threat & Vulnerability Management Security Strategy & Roadmap+1 more

Management/Configuration40%

Cost68%

Automation46%

Dev Skills22%

Other (share below!)

View Results

3.9k views

Thoughts on the recent alleged breach of Oracle Cloud’s login servers? What are your initial reactions to Oracle’s denial of the breach now that some customers have validated the leaked data?

Threat Intelligence & Incident Response Threat & Vulnerability Management+1 more

CIO in Banking5 days ago

Take identity and access management very seriously , require single sign on through Office365 Azure AD , think of rehearsing circuit breaking , and utilize conditional access to your cloud tenants , consult with Oracle team ...read more

889 views1 Comment

What percentage of your entire attack surface is continuously tested for vulnerabilities?

Security & GRC Threat & Vulnerability Management+1 more

0-25%20%

26-50%57%

51-75%16%

76% or higher5%