Has anyone adopted an insider risk management program? What are you doing to measure success?

Security Strategy & Roadmap Risk Management

2.7k views2 Comments

Sort by:

CIO2 years ago

Yes. I would add to Mr. Katar's comment that we also track the following KPI:

1. The risk rate with a residual score greater than our tolerance threshold.

We also want to know if our decisions are linked to the level of tolerance we have set for ourselves. If the rate is too high, it is probably because our tolerance threshold is too low or because we do not have the financial capacity to mitigate them.

Director of IT in Healthcare and Biotech3 years ago

Here are the main KPI's that I'm tracking - 1) decreased occurrences of data breaches, 2) improved ability to identify anomalous activity, 3) accelerated reactions to situations (time it takes). We've also begun to under training sessions and quarterly assessments to gauge staff's understanding of and adherence to security rules and best practices.

Content you might like

What are your preferred tactics for building effective collaboration on cross-functional teams involved in AI governance and risk management (e.g., joint steering committees, shared KPIs, etc.)? Which roles are currently involved?

How have you adjusted the architecture of your controls for data, identity and access to better support AI governance and security?

What challenges are you facing today with governing AI?

To what extent do you agree or disagree with this statement: I'd prefer to leverage existing on-prem compliance, policies, controls and knowledge for cloud workloads over rebuilding security and compliance in the cloud.

Strongly Agree13%

Agree53%

Neutral21%

Disagree11%

Strongly Disagree

View Results

What’s been the best way to optimize spend?

Eliminate Redundancy29%

Re-negotiate with vendors / take advantage of incentives44%

Shut down / pause what has been inactive13%

Update legacy and leverage emerging / more financially advantageous tools13%