This one’s short and sweet, but it still kinda surprises me how many people don’t really get what security governance is about. So let’s clear that one up first.
It isn’t just do I have clearly defined roles and responsibilities and reporting structures defined for everything in my purview as a security leader. It’s also very much about how do I know those reporting structures are active and that I’m getting the information I need to make sure I’m moving the right direction with the objectives that I care about.
Two long sentences easily said, and yet…so, so, SO hard to do well.
So here they are friends, the 5 signs you have a security governance problem:
- You can’t articulate succinctly and clearly your own take on security governance (and neither can anyone else)
- You obsess over RACI charts (and yet, people still don’t know what anyone else really does)
- You think GRC is something that you can buy (so you have, and now there are GRC silos across the organization)
- Your team does basically the same work over and over again (not on purpose, but because they don’t know how not to)
- You know you’re team’s overloaded, but you don’t really know why (either because requests come from everywhere to everyone or because nobody’s really able to measure how long it takes to do something)
This list may or may not resemble you and your team, but it represents many things we see when we help security leaders untangle the way their team interacts both internally and with their business customers.
The good news is that all these things are solvable, and some are easier than you might think.
Do you want to know how to do it?
Then check out our Security Leadership coaching program and see if it’s right for you at:
Andrew S. Townley
Archistry Chief Executive