Security Questionnaires: You Can’t Just Blame the Intern

December 12, 2024

Facebook
X (Twitter)
Pinterest
fb-share-icon

Let’s face it—no one enjoys security questionnaires. They are tedious and time-consuming, and it’s easy to question their real effectiveness in mitigating security risks, especially since they’re often a check-the-box exercise. However, in today’s digital landscape, they are unavoidable for building and maintaining trust with customers. Join us as we confront this harsh reality: despite our dislike for them, we bear immense liability in ensuring they are handled with integrity and consistency. We can’t just buy a tool or hire a low-cost resource and then blame them when errors occur and cause issues with customers. Leave this chat with insights about the legal implications for your answers, how to mitigate the risks and new ways to manage the fall out.

 

You May Like These Posts

The Difficulties of People Taking Ownership

So, you've got an amazing team of tech savvy folks who love the tech side of things.     They excel in implementing the latest tools and systems, but when it comes to the less glamorous side - like making sure tasks are completed and nobody drops the ball - things start to get a bit […]
Read more

The ROI of GRC: Turning Compliance Into Competitive Advantage

Too often, compliance is seen as an expense instead of an investment. But when done right, Governance, Risk, and Compliance can become a competitive advantage that drives trust, growth, and resilience. In this session, we’ll share how forward-thinking organizations are proving the ROI of GRC—quantifying risk reduction, accelerating sales, and strengthening customer confidence. Join us […]
Read more

CMMC 101: What you need to know from framework to final rule

With a staggering loss of $3.5 billion in intellectual property through its contractors a year, the Department of Defense (DoD) needed a way to shore up cybersecurity in the Defense Industrial Base (DIB). From this need, the Cybersecurity Maturity Model Certification (CMMC) program was created with an initial release in 2020.   The entire purpose […]
Read more

Where Compliance Meets Security: Doing Both the Right Way

Compliance and cybersecurity are often seen as separate priorities—but the truth is, good compliance reduces risk when done right. So how do you effectively integrate both for a stronger security posture? In this session, we’ll break down the intersection of compliance and cybersecurity, share best practices, and walk through real-world examples of organizations that have […]
Read more

Supply Chain Security: Managing Risk Beyond Your Vendors

When it comes to third-party supply chain security, there’s a big difference between doing it and doing it right. Every vendor you work with brings their own vendors into the mix—so who truly owns the risk? In this session, we’ll explore how to identify, assess, and mitigate supply chain risks at every level without overburdening […]
Read more

Building Customer Trust in the Digital Age: Evolution, Importance, and Observations from the Field

In today’s digital age, customer trust is more crucial than ever. Join us as we explore the evolution of customer trust, highlighting its importance in building strong customer relationships. We’ll delve into how trust became so important and some of the pivotal moments that shaped its current state. Looking ahead, we’ll discuss emerging trends and […]
Read more

Why Cybersecurity is as much Art as Science

In this kickoff episode of The Art of Cybersecurity, host Cheri Hotman shares why this podcast exists and what listeners can expect. Cyber isn’t just science or technology — it’s art. It’s messy, constrained, people-driven, and ultimately about mitigating risk to protect people and data. Cheri cuts through the noise of “easy button” tools, audit-passing […]
Read more

Vulnerability Scans: Only Part of the Equation

There are two primary ways we see companies manage vulnerabilities… one of them significantly riskier than the other.   Reactive strategies rely on a problem to arise before taking action. This makes reactive the riskier option of the two, hopefully for obvious reasons. Using a reactive strategy is like waiting for an electric bill to […]
Read more

Why Maturity Matters: Overcoming GRC Cognitive Overload with the Maturity Model

Please join Kayne McGladrey, author of the GRC Maturity Model and Cheri Hotman as they explore the GRC (Governance, Risk, and Compliance) Maturity Model, a powerful tool for organizations to assess and enhance their cybersecurity practices. Achieving maturity in GRC is crucial for navigating complex regulatory landscapes and boosting overall effectiveness. Through self-assessments, organizations can […]
Read more

Post A Comment

Leave a Reply

Your email address will not be published.

{{brizy_dc_image_alt imageSrc=
Endless audits and customer demands were never supposed to replace real security.
We build, implement, and run Cyber GRC programs that reduce risk, protect the business, and still pass audits.

Hotman Group is a certified

woman-owned business (WOSB)

Hotman Group, LLC

Fort Worth, TX

Privacy Policy | Terms of Service | All Rights Reserved © Hotman Group, LLC