GV.OV-01.059

Does your organization regularly review and adjust cybersecurity risk strategies that may be impeding business operations or innovation?

Explanation

This question assesses whether the organization maintains a balance between security controls and business objectives. Security measures that are too restrictive can hinder productivity, slow innovation, or create workarounds that may introduce new vulnerabilities. Regular review ensures that security controls remain appropriate and proportional to the risks they address while supporting business goals. Evidence could include documentation of periodic risk strategy reviews, meeting minutes from security and business leadership discussions, or change logs showing adjustments to security controls based on operational impact assessments.

Implementation Example

Examine whether cybersecurity risk strategies that impede operations or innovation should be adjusted

ID: GV.OV-01.059

Context

Function
GV: GOVERN
Category
GV.OV: Oversight
Sub-Category
Cybersecurity risk management strategy outcomes are reviewed to inform and adjust strategy and direction

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Signature
Neil Cameron
Founder, ResponseHub
Neil Cameron