From your POV, what’s the current state of your resources/funding for data security governance efforts, overall?
Excellent (more than enough)9%
Good (we have enough to reach our goals)52%
Acceptable (could be better but we make do)36%
Poor/unacceptable (more funding needed ASAP)3%
Unsure / other
75 PARTICIPANTS
Efforts in undertaking Data Security Governance would be an endless pit in places where operationalisation duties are embedded within the teams tasked with creating the governance models.
If the tasks of governance and operations are segregated, funding can be contained.
Data security governance should only have the following goals:
1. Define framework for Data Classification (automation preferred)
2. Define objectives for protecting classified data against data loss through automation tools (regulatory references if applicable).
3. Define risk appetite and advise ways to leverage data for business purposes (organisations need to do marketing, create analytics, share with 3rd party MSPs etc.)
4. Ensure compliance to 1,2,& 3
Post defining this governing framework, let the operational costs, especially those of licensing and monitoring, be managed by any other team outside of GRC. GRC should enter the scene bi-annually to ensure compliance to the framework.