Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Security & GRC Security Strategy & Roadmap

Much more effective12%

Somewhat more effective49%

Neither21%

Somewhat less effective12%

Much less effective5%

Unsure for now1%

76 PARTICIPANTS

488 views2 Comments

Sort by:

CISO in Insurance (except health)a year ago

I plan to use PLA next year. I will share the results with my board and executive committee.

Fractional CIO in Services (non-Government)a year ago

It depends on what you are updating the board on. It isn't necessarily a one size fits all solution, each quarter may have a different focus which will change how you present to the board.

I'd also question whether this is a level of detail the board needs to see. If the update is "here's all the PLAs we have in place, and here are the gaps" then that's risk based, but if it's "here's how we're performing to PLA" then it is starting to get more operational. Granted, I am looking at this from an NZ perspective, so other jurisidictions may be different, but the focus of a board should be on oversight and governance, not management.

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What are you currently doing to improve vulnerability patching?

Not making improvements currently3%

DevOps41%

Infrastructure-as-code39%

Automation55%

Asset inventory improvements28%

Coordinated test procedures27%

Test lab environment6%

Scanning improvements23%

New tools7%

Something else (I’ll explain in the comments)1%

View Results

What’s the best way to create or foster a collaborative dynamic between the D&A function and risk management teams?

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Is Zero Trust a genuine strategy in cyber security or purely a marketing gimmick?

Genuine strategy in cybersecurity.59%

Purely a marketing gimmick.33%

Unsure.7%

View Results

Do you think protection-level agreements (PLAs) are more effective than service-level agreements (SLAs) when it comes to updating the board?

Sort by:

Content you might like

Which tech conference do you intend to attend in person next year or have already participated in this year, and what motivated your choice?

What are you currently doing to improve vulnerability patching?

What’s the best way to create or foster a collaborative dynamic between the D&A function and risk management teams?

Which key pentesting capability do current AI-driven vendor solutions most fail to cover?

Is Zero Trust a genuine strategy in cyber security or purely a marketing gimmick?

What sets us apart?

RELATED ONE-MINUTE INSIGHTS

How are U.S. CISOs Addressing Liability Risk?

CrowdStrike Outage: Impact And Recovery

Impact & Perceptions of A Privacy-First Digital Era

Challenges & Tools For A Privacy-First Internet Age

IT and Infosec Collaboration on Vulnerability Patching

Take Your Insights On-the-Go