From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

Security Strategy & RoadmapData Privacy & Protection

Excellent (more than enough)11%

Good (we have enough to reach our goals)52%

Acceptable (could be better but we make do)34%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

71 PARTICIPANTS
413 viewscircle icon1 Comment
Sort by:
Group Director of Information Security in Bankinga year ago

Efforts in undertaking Data Security Governance would be an endless pit in places where operationalisation duties are embedded within the teams tasked with creating the governance models. 
If the tasks of governance and operations are segregated, funding can be contained. 

Data security governance should only have the following goals:
1. Define framework for Data Classification (automation preferred)
2. Define objectives for protecting classified data against data loss through automation tools (regulatory references if applicable).
3. Define risk appetite and advise ways to leverage data for business purposes (organisations need to do marketing, create analytics, share with 3rd party MSPs etc.)
4. Ensure compliance to 1,2,& 3

Post defining this governing framework, let the operational costs, especially those of licensing and monitoring, be managed by any other team outside of GRC. GRC should enter the scene bi-annually to ensure compliance to the framework.

Lightbulb on1

Content you might like

Are software engineering managers at your org required to complete training on DevSecOps/secure development?

Yes - managers must complete training47%

No - training is available but it is not required 40%

No - training is not available and not required for managers12%

Other

View Results

Our company deeply entered in the Microsoft world (EntraId, M365, Azure).  Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

How are you diversifying threat intelligence sources? Have you been able to reduce reliance on CISA for TI?

How have you dealt with employee pushback on the addition of new controls, especially for monitoring? Do you address their concerns around privacy, etc, proactively to get their buy-in?