From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?

Excellent (more than enough)11%

Good (we have enough to reach our goals)52%

Acceptable (could be better but we make do)34%

Poor/unacceptable (more funding needed ASAP)3%

Unsure / other

71 PARTICIPANTS
413 viewscircle icon1 Comment
Sort by:
Group Director of Information Security in Bankinga year ago

Efforts in undertaking Data Security Governance would be an endless pit in places where operationalisation duties are embedded within the teams tasked with creating the governance models. 
If the tasks of governance and operations are segregated, funding can be contained. 

Data security governance should only have the following goals:
1. Define framework for Data Classification (automation preferred)
2. Define objectives for protecting classified data against data loss through automation tools (regulatory references if applicable).
3. Define risk appetite and advise ways to leverage data for business purposes (organisations need to do marketing, create analytics, share with 3rd party MSPs etc.)
4. Ensure compliance to 1,2,& 3

Post defining this governing framework, let the operational costs, especially those of licensing and monitoring, be managed by any other team outside of GRC. GRC should enter the scene bi-annually to ensure compliance to the framework.

Lightbulb on1

Content you might like

Yes - managers must complete training47%

No - training is available but it is not required 40%

No - training is not available and not required for managers12%

Other

View Results