Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Board Engagement Security & GRC

Much more effective12%

Somewhat more effective49%

Neither22%

Somewhat less effective11%

Much less effective5%

Unsure for now1%

74 PARTICIPANTS

484 views2 Comments

Sort by:

CISO in Insurance (except health)10 months ago

I plan to use PLA next year. I will share the results with my board and executive committee.

Director of Technology Strategy in Services (non-Government)10 months ago

It depends on what you are updating the board on. It isn't necessarily a one size fits all solution, each quarter may have a different focus which will change how you present to the board.

I'd also question whether this is a level of detail the board needs to see. If the update is "here's all the PLAs we have in place, and here are the gaps" then that's risk based, but if it's "here's how we're performing to PLA" then it is starting to get more operational. Granted, I am looking at this from an NZ perspective, so other jurisidictions may be different, but the focus of a board should be on oversight and governance, not management.

Content you might like

When you're looking to overhaul your security awareness and training program (or significantly update it), is audience analysis part of your process?

Yes, always35%

Yes, sometimes but not always55%

No5%

Unsure…5%

View Results

Do you think your board/executive leadership understands cybercrime as an industry in itself?

Yes39%

Some but not all54%

No6%

I don’t know

View Results

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

How does your organisation best unify their tactical security solutions into a single unified platform / single pane of glass?

Our company deeply entered in the Microsoft world (EntraId, M365, Azure). Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Sort by:

Content you might like

When you're looking to overhaul your security awareness and training program (or significantly update it), is audience analysis part of your process?

Do you think your board/executive leadership understands cybercrime as an industry in itself?

I’ve been digging into ways to strengthen Zero Trust on IBM i systems, especially as more orgs shift toward hybrid cloud. I’m curious, how are others approaching threat detection around shadow AI use and supplier exposure in these environments?

How does your organisation best unify their tactical security solutions into a single unified platform / single pane of glass?

Our company deeply entered in the Microsoft world (EntraId, M365, Azure). Microsoft is publishing, in particular, a compliance dashboard and security dashboard. How are you using them and which kind of governance are you putting around them?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go